Authentication of Things: Authentication and Access Control for the Entire IoT Device Life-Cycle

As the number of Internet of Things (IoT) devices already grows faster than the population, the need for strong authentication and access control mechanisms is greater than ever. Legacy authentication schemes are usually computationally expensive which makes them unsuitable for resource-constrained IoT devices. On the other hand, solutions that target such devices typically base their access control mechanism solely on authentication. In a complex smart environment, however, IoT devices often offer and consume a range of resources, which demands a fine-grained access control mechanism. Besides, the IoT paradigm also beckons safe interoperability among devices that belong to different smart environments. Last, there is a lack of options for authentication and access control solutions that cover the entire IoT device life-cycle, i.e., from device manufacturing to decommissioning. In this work, we propose Authentication of Things (AoT), a holistic authentication and fine-grained access control solution for the entire IoT device life-cycle. AoT comprises a suite of protocols which relies on Identity-Based Cryptogra phy (IBC) to distribute keys and authenticate devices as well as Attribute-Based Cryptography (ABC) to cryptographically enforce a fine-grained Attribute-Based Access Control (ABAC). We evaluate an AoT prototype at different security levels implemented on a variety of platforms, representing a wide range of IoT devices, from smartphones to microcontrollers. Our results indicate that AoT performance ranges from affordable on resource-constrained devices to highly efficient on powerful devices.