Abstract
Over the last few years Internet of Things products have become known for their weak security. News articles regularly describe security vulnerabilities of cars, surveillance cameras, kettles, and other IoT devices. There are, however, recent standardization activities addressing some of these security challenges. This article describes how the work of the IETF and the FIDO Alliance can lead to improved security.
Similar content being viewed by others
Literature
H. Tschofenig, et al. “Architectural Considerations in Smart Object Networking”, RFC 7452, March 2015. <http://www.rfc-editor.org/info/rfc7452>.
ISOC, “The Internet of Things (IoT): An Overview”, October 2015. <http://www.internetsociety.org/sites/default/files/ISOC-IoT-Overview-20151221-en.pdf>
Z. Shelby, et al. “CoRE Resource Directory”, (work in progress), October 2015, <https://tools.ietf.org/html/draft-ietf-core-resource-directory>
OMA, “LightweightM2M v1.0”, December 2015. <http://technical.openmobilealliance.org/Technical/technical-information/release-program/current-releases/oma-lightweightm2m-v1-0>
L. Seitz, et al. “Authorization for the Internet of Things using OAuth 2.0”, (work in progress), December 2015. <https://tools.ietf.org/html/draft-ietf-ace-oauth-authz>
W. Denniss et al. “OAuth 2.0 for Native Apps”, (work in progress), February 2016. <https://tools.ietf.org/html/draft-ietf-oauth-native-apps>
Rob Coombs, “Securing the Future of Authentication with ARM TrustZone-based Trusted Execution Environment and Fast Identity Online (FIDO)”, May 2015.
FIDO, “FIDO Privacy”, January 2016. <https://fidoalliance.org/resources/FIDO__Privacy_White_Paper_Jan_2016.pdf>
IETF OAuth, “OAuth Security Workshop 2016”, 2016. <https://infsec.uni-trier.de/events/osw2016>
Author information
Authors and Affiliations
Additional information
Hannes Tschofenig is employed by ARM Limited. Prior employers include the European Data Protection Supervisor, Nokia/Nokia Networks, and Siemens. Currently, he is co-chair of the FIDO Alliance Privacy and Public Policy Working Group. E-Mail: Hannes.Tschofenig@arm.com
Rights and permissions
About this article
Cite this article
Tschofenig, H. Fixing User Authentication for the Internet of Things (IoT). Datenschutz Datensich 40, 222–224 (2016). https://doi.org/10.1007/s11623-016-0582-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-016-0582-1