PALOT: Profiling and Authenticating Users Leveraging Internet of Things

Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy.

Section: Related Workmentioning

confidence: 99%

Section: Assumptions and Hypothesesmentioning

confidence: 99%

Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning

Hayashi

Ruggiero

2022

“…IoT security requirements that need to be fulfilled for any AA systems are the following: Lightweightness: The first and foremost requirement is that the AA schemes must be required to be lightweight for IoT, such that, regardless of energy constraints, they work well for several IoT nodes [ 26 , 27 , 28 ]. Privacy Profiling and Tracking: Combining an identification with a specific person is a vulnerability, which may escalate to privacy profiling and tracking [ 29 ]. Therefore, one of the critical problems is the dis-allowance of IoT operation, and the security system must be responsible for protecting the clients’ privacy.…”

Section: Taxonomy Of Ml-based Aa For Iotmentioning

confidence: 99%

“…Privacy Profiling and Tracking: Combining an identification with a specific person is a vulnerability, which may escalate to privacy profiling and tracking [ 29 ]. Therefore, one of the critical problems is the dis-allowance of IoT operation, and the security system must be responsible for protecting the clients’ privacy.…”

Section: Taxonomy Of Ml-based Aa For Iotmentioning

confidence: 99%

Machine Learning for Authentication and Authorization in IoT: Taxonomy, Challenges and Future Research Direction

Ahmed

Tahir

Habaebi

et al. 2021

With the ongoing efforts for widespread Internet of Things (IoT) adoption, one of the key factors hindering the wide acceptance of IoT is security. Securing IoT networks such as the electric power grid or water supply systems has emerged as a major national and global priority. To address the security issue of IoT, several studies are being carried out that involve the use of, but are not limited to, blockchain, artificial intelligence, and edge/fog computing. Authentication and authorization are crucial aspects of the CIA triad to protect the network from malicious parties. However, existing authorization and authentication schemes are not sufficient for handling security, due to the scale of the IoT networks and the resource-constrained nature of devices. In order to overcome challenges due to various constraints of IoT networks, there is a significant interest in using machine learning techniques to assist in the authentication and authorization process for IoT. In this paper, recent advances in authentication and authorization techniques for IoT networks are reviewed. Based on the review, we present a taxonomy of authentication and authorization schemes in IoT focusing on machine learning-based schemes. Using the presented taxonomy, a thorough analysis is provided of the authentication and authorization (AA) security threats and challenges for IoT. Furthermore, various criteria to achieve a high degree of AA resiliency in IoT implementations to enhance IoT security are evaluated. Lastly, a detailed discussion on open issues, challenges, and future research directions is presented for enabling secure communication among IoT nodes.

“…The Internet of Things (IoT) technology offers low cost and effective solutions for the development of smart cities due to its high applicability in an uncountable number of scenarios [2,3]. In particular, the intelligent IoT devices can continuously collaborate in various sectors of a smart city scenario, exchanging a constant flow of information to offer quality services to citizens as an ultimate goal [4,5]. We refer to the IoT devices as intelligent, in the sense that they are able to autonomously communicate, requiring little or no human intervention [6].…”

Section: Introductionmentioning

confidence: 99%

BlockSIEM: Protecting Smart City Services through a Blockchain-based and Distributed SIEM

Botello

Mesa

Rodríguez

et al. 2020

Self Cite

The Internet of Things (IoT) paradigm has revolutionized several industries (e.g., manufacturing, health, transport, education, among others) by allowing objects to connect to the Internet and, thus, enabling a variety of novel applications. In this sense, IoT devices have become an essential component of smart cities, allowing many novel and useful services, but, at the same time, bringing numerous cybersecurity threats. The paper at hand proposes BlockSIEM, a blockchain-based and distributed Security Information and Event Management (SIEM) solution framework for the protection of the aforementioned smart city services. The proposed SIEM relies on blockchain technology to securely store and access security events. Such security events are generated by IoT sentinels that are in charge of shielding groups of IoT devices. The IoT sentinels may be deployed in smart city scenarios, such as smart hospitals, smart transport systems, smart airports, among others, ensuring a satisfactory level of protection. The blockchain guarantees the non-repudiation and traceability of the registry of security events due to its features. To demonstrate the feasibility of the proposed approach, our proposal is implemented using Ethereum and validated through different use cases and experiments.