Anda di halaman 1dari 32

Business Academy Aarhus

IT Network Technology

The impact of authentication methods on the


adoption of the Internet of Things
Biometrics and attribute-based authentication as catalyzing factors

The objective of the project is to investigate the influence of authentication methods of


digital identity on the adoption of the Internet of Things. Status quo and future perspective
will be taken into account. Qualitative research based on Maxwell theory will be
constructed and interviews with leading experts from identity management and Internet
of Things industry will be conducted to explore the topic.

Author: Dominika Rusek


Class: 1it14d4
Submission date: 17.12.2015
Supervisor: Jan Christiansen
Company: Deloitte Risk Services B.V.
Signature:
Table of Contents
1. Introduction: The evolution of digital identity...................................................................................... 2
1.1. Context: Growing number of IoT devices ..................................................................................... 3
1.2. Problem statement: Management of authentication credentials is becoming more difficult ..... 4
1.3. Research gap ................................................................................................................................. 4
1.4. The aim: Investigation of the relation between authentication methods of digital identity and
IoT
2. Methodology......................................................................................................................................... 6
2.1. Research questions & goal ............................................................................................................ 7
2.2. Conceptual framework: Linear relationship between IoT status quo and IoT of the future ........ 7
2.3. Methods: Qualitative research ..................................................................................................... 8
2.4. Data analysis: nVivo ...................................................................................................................... 8
3. Literature study ..................................................................................................................................... 9
3.1. What is digital identity? ................................................................................................................ 9
3.1.1. Authentication is the keystone of a trust relationship ......................................................... 9
3.1.2. I can change my password, but I cant change my eyeballs what will be the future of
authentication? ................................................................................................................................... 11
3.2. What is Internet of Things? ......................................................................................................... 11
3.2.1. Security and privacy concerns in the Internet of Things..................................................... 13
3.3. Conclusion on literature study .................................................................................................... 14
4. Results analysis ................................................................................................................................... 15
4.1. Number of credentials is a main concern ................................................................................... 15
4.2. The future of digital identity credentials .................................................................................... 15
4.3. How will Internet of Things evolve? ........................................................................................... 17
4.4. Identity in Internet of Things ...................................................................................................... 18
5. Conclusions ......................................................................................................................................... 20
5.1. Discussion.................................................................................................................................... 20
5.2. Limitations................................................................................................................................... 24
5.3. Further research ......................................................................................................................... 25
Glossary ......................................................................................................................................................... 1
Bibliography .................................................................................................................................................. 2

1
1. Introduction: The evolution of digital identity
Imagine driving home from work during a cold winter evening. You log in to your heater application on
your smartphone and remotely activate the heating system in your house. The GPS tracker in your car
monitors traffic on the road and displays the fastest way home on your screen. When you drive into the
street, lights of your house flicker on. You put your finger against a biometric scan on your smartphone
application and the door opens up. You go to the kitchen and a smell of fresh coffee hits your nose your
coffee-machine just finished preparing it for you. You log in to your application that monitors the kitchen
appliances and see that the fridge ordered groceries based on your preferences, which will be delivered
tomorrow. Finally after a tiring day, you sit down on the couch and turn on the TV via your mobile app. It
is time for some relaxation. It doesnt sound bad, right?

This scenario is still a vision. In couple of years it could be part of every days life. This is the reality of
Internet of Things a world where all physical assets and devices are connected to the Internet and each
other and share information. The number of Internet of Things devices is growing every year. Today there
are 25 billion devices, and this number will
grow to 50 billion by the year 2020,
according to Cisco1. INTERNET OF THINGS (IoT) is a network of physical
To fully understand this scenario you have objects that contain embedded technology to
to understand the definition of digital communicate and sense or interact with their
identity. First lets define real world internal states or the external environment (Gartner)
identity. It is a sum of characteristics
including birthplace, birthday, address, or
social security number2. When interacting with computers and using Internet digital identity is needed.
Digital identity is a representation of a real-world identity. When accessing Internet resources, or logging
in to a website, first identification is being done, followed by authentication. Identification is a process of
presenting identity to a system and authentication is a process of validating an identity that was provided
to a system3. The attributes are used to authenticate digital identity of a person against a service. Every
interaction and transaction that a user has with devices, requires use of digital identities. If the user solely
has control over a device like a smartphone, that device can become one of the attributes as well. Every
user of the Internet has a digital identity.

Recent studies by Experian, global Information Services Company, show that consumers have an average
of 26 separate digital identities and use only 5 different passwords4. This corresponds to research done
by CSID, identity protection provider,
where they found out that 61% of
DIGITAL IDENTITY is an online representation of a consumers reuse passwords across
real-world identity multiple websites5. The Telegraph reports
that average person uses 10 online
passwords a day6. It is clearly visible that
daily managing of several passwords and accounts is a trouble. 38% of adults sometimes think it would be
easier to solve world peace than attempt to remember all the passwords, as Janrain, a customer profile-
management provider, study shows7. It is convenient for customers to reuse passwords instead of creating
a new password for each service. But this raises a security issue, as nobody can be exactly sure how
companies deal with usernames and passwords. Some store them in plain text, some use basic password

2
encryption or hashed passwords, which adds more protection or use slow hashes, which according to
most security experts is the best option for storing passwords.8. The user cant control it. Since majority
of internet users reuses passwords9, this means that if one account on a website with poor security gets
compromised the risk is very high that other accounts will be compromised too.

In 2013, hackers got access to Adobe customers IDs and encrypted passwords10. 36 millions of customers
were affected. A year later, Ebay was hacked and 145 million passwords retrieved11. The database
contained customer names, encrypted passwords, email addresses, physical addresses, phone numbers
and dates of birth12.

The way users are forced to manage multiple username and password combinations and how companies
store them, raises voices of concern and it doesnt help with creating a safe digital ecosystem.

Authentication methods like passwords are already a big hassle and it will get worse with the growth of
Internet of Things. As mentioned on the first page, Cisco forecasts that the number of devices on the
Internet of Things will grow from 25 billion in 2015 to 50 billion in 202013. With this growth in mind, it is
important to understand the impact of digital identity on Internet of Things. Each device, sensor and
person needs to have an identity, to ensure that data collected by the Internet of Things is relevant and
attached to a device. Soon, users will have to manage several Internet of Things devices. With traditional
password authentication this will be time-consuming and inefficient. The interconnected landscape is
developing rapidly and measures need to be taken to ensure appropriate identity management for IoT.

1.1. Context: Growing number of IoT devices


The ability to ensure only authorized access to systems and data is critical for protecting information. The
process of controlling access starts with defining digital identities and associating them with credentials.
With Internet explosion and adoption of the IoT average user needs to manage multiple
username/password combinations to get access to resources.

Every device on the Internet of Things has an identity14. Therefore with the growing number of the IoT
devices, the number of digital identities grows as well. To be able to use digital identity, authentication is
needed. Authentication enables devices to securely link to other devices and services. In the same time it
allows people to receive and see data from a device and accept or deny connections with other devices.

The starting point for this research was the report The Identity of Things for the Internet of Things,
written by analyst Earl Perkins and Ant Allan from Gartner. The authors emphasized that existing ideas
and approaches to identity management wont be relevant for IoT. The authors also stated that
Managing identities and access is critical to the success of IoT (...)15. Second paper that caught attention
was The Identity of Things (IDoT) written by Forgerock. It was stated in the white-paper: We have
reached a point where consent and control over devices and data is critical to the success of IoT. The
authors determined that online representation of a person, called digital identity and its management is
important for Internet of Things. With billions of devices on the Internet of Things, determining whether
someone is in fact who it declared to be is significant16. The importance of authentication of digital identity
was confirmed in the study Authentication in Internet of Things by analysts Anmol Singh and Earl
Perkings from Gartner. The analysts came to conclusion that Authentication plays pivotal role in ensuring
access to IoT devices, but authentication methods used in todays IT may not work for all IoT device
classes17.

3
Based on the literature study it can be concluded that the aspect of digital identity and authentication is
important for the Internet of Things. Therefore the main focus of this research will be the future of digital
identity and the IoT and the relationship between them. To be able to benefit from the IoT, the shift away
from traditional ways of authentication like username and passwords, needs to be done.

1.2. Problem statement: Management of authentication credentials is becoming more


difficult
A username/password combination is the main method of authentication for more than four decades18.
In early years of the Internet, people started to create digital identities to access websites and services. It
was needed to log in to different websites, do purchases or communicate online. As long as people didnt
have too many accounts online, username/password authentication was efficient and scalable.

Since 1999, when Internet became mainstream19, things have changed rapidly. Currently, the average
Internet user has 26 different accounts according to Experian, a global Information Services Company.
Using traditional ways of authentication like the username and password combination is becoming a
burden. Technology industry is trying to find more user-friendly and secure authentication methods for
years, yet username and passwords are still commonly used.

On top of that, the Internet of Things is under rapid adoption. It is an important topic of conversation in
technical circles in the past few years20. The IoT connects everything devices, sensors, and people. It is
a huge interconnected network. Authentication is needed to provide security and a right access to the
right people. In order to use the devices that are connected to IoT like a coffee-machine, shoes with a GPS
tracker, or a heating system, the user needs to authenticate his digital identity against a service.
Nowadays, an average person has 1,7 IoT devices, by 2020 this number will double to 4,7 devices per
person21. The number of devices per person might seem low, but this is due to the fact that calculation is
based on the entire world population. If we reduce the population sample to only people connected to
Internet (2 billion), the number of devices rises dramatically jumps to 6,25 instead of 1,722.

Authentication for the Internet of Things is getting challenging. Existing methods like usernames and
passwords are becoming ineffective due to the number of devices. This increases a chance for human
error and the sophistication of malware attacks23. Huge amount of devices means that it is most likely
impossible to securely authenticate every part of the network with passwords24. Not to mention, the
collection of passwords would be a huge liability for users. New solutions, which are more secure, user
friendly and seamless are needed.

Problem statement: It is becoming more difficult to manage authentication methods for the
increasing amount of Internet of Things devices.

1.3. Research gap


The Internet of Things is growing at a significant pace and this trend will continue in the future. Whilst on
the security and privacy of IoT (Ukil & Sen, 2011; Yuanjun, 2013; Medegalia & Serbanati, 2010; Weber,
2010) research has been done, the concept of identity for the Internet of Things is relatively new and
unexplored. Based on the literature study for this thesis it seems that the concept of digital identity and
the ease of authentication within the IoT isnt exploited enough. Therefore, the research will be
addressing the influence of digital identity and authentication methods on the Internet of Things.

4
1.4. The aim: Investigation of the relation between authentication methods of digital
identity and IoT
The goal of this research is to contribute to existing literature, by clarifying the relationship between digital
identity and the Internet of Things. The evolution that the authentication within the IoT will undergo, will
be investigated. Through a development of a model with predictions, the explanation of the relationship
between the IoT and digital identity authentication will be shown. It will be done based on qualitative
interviews conducted with experts from academic field as well as experts from private companies, actively
working in digital identity and the IoT industry.

This research could be a valuable input for companies, which based on prediction model can make better
decision on which authentication method apply to their products and services, so that customers are
satisfied and security is in place. The decision made by companies will directly impact consumers, as they
will be the target group. It will also help customers to understand what is happening on the market with
the development of Internet of Things and the abundancy of devices that everyone has. It might help to
recognize processes behind authentication and the value of digital identity. This will lead to customers
being capable of making more conscious decisions.

Aim: Investigate if there is a relation between digital identity authentication methods and the
Internet of Things.

5
2. Methodology
The way of working is based on the book Qualitative Research Design, An Interactive Approach by J.
Maxwell (2005). In order to structure research an interactive model of research design is used (See Figure
1).

This model describes five elements that need to be addressed in order to come up with well-structured
design.

1. Goals: What issues are needed to be clarified and why is the research worth doing?
2. Conceptual framework: What is the approach for the research?
3. Research questions: What needs to be understood and what are the questions this research will
answer?
4. Methods: How is the research structured?
5. Validity: What are the alternative interpretations and validity threats?

CONCEPTUAL
GOALS
FRAMEWORK

RESEARCH
QUESTION

METHODS VALIDITY

Figure 1: Interactive model of research design, Maxwell (2013)

Research questions are in the center of the design and connected to all the components. They might be
modified or expanded as result of changes in goals or conceptual framework. The research questions have
a clear relationship with the goal of the study and are grounded in what is already known about the topic.
The goals of the study should be informed by current theory and knowledge. The bottom triangle of the
model is operational half of design. The methods used during the research need to enable answering the
research questions and deal with validity threats.

6
Each component will be defined and described in the following sections.

2.1. Research questions & goal


The main research question is: What is the relationship between authentication of a digital identity and
the Internet of Things? This question will be answered from a status quo and future perspective. To
answer this question both fields of digital identity and the Internet of Things need to be investigated. The
main question has been divided into sub-questions:

A. How will digital identity authentication methods evolve towards 2020?


B. How will the Internet of things evolve towards 2020?
C. How is ease of authentication influencing the adoption of the Internet of Things?

The questions will be answered by literature review and interviews with experts from identity
management and the IoT industry. First, the future of authentication of digital identity and the IoT will be
investigated as separate topics. Later the intersection of those two topics will be examined, which should
answer the question about the relationship between those two.

2.2. Conceptual framework: Linear relationship between IoT status quo and IoT of the
future
The relationship between digital identity and the IoT is an interesting subject as it will align the topic of
digital identity to the Internet of Things. Whilst on digital identity and the IoT separately, researches has
been done, in the field of relationship of digital identity and IoT, little research seems to have taken place.

Figure 2, shows the relationship between digital identity and the IoT now and in the future. Nowadays,
the Internet of Things is a hype, which means that it is intensively promoted and it is at the peak of

Figure 2: Conceptual model

expectations. The usage of IoT devices is growing, but managing digital identity credentials (username/
password combinations) to get access to collected data is time consuming and not user friendly. The
authentication methods like username/password combinations are a barrier for more rapid adoption of
IoT. A user will think twice before buying another gadget, because another digital identity credentials will
be needed during registration process. Managing multiple devices with different digital identity
credentials will be a big hassle. This barrier might slow down the adoption of IoT devices for consumers.
On the other hand, if the authentication methods are easier and privacy friendly, this might encourage
users to buy and use more connected devices. The red line indicates the process of adoption of the IoT,

7
which is slowly going from the IoT how we know it now, to the IoT in the future. However without
appropriate digital identity authentication the adoption of the IoT will slow down.

In order to contribute to existing literature, the investigation on how digital identity influences the
adoption of the IoT needs to be done. This will be completed by conducting semi-structured interviews.
The main hypothesis for this research is the following:

1. Ease of authentication methods can have positive impact on the adoption of the Internet of
Things.

The main hypothesis was divided into sub-hypothesis, as following:

1.1. Traditional methods of authentication can slow down the adoption of the Internet of Things.
1.2. New methods of authentication can accelerate the growth of the Internet of Things.

2.3. Methods: Qualitative research


The first phase of research was a collection phase that also involved a detailed analysis of the literature
which revealed key issues of digital identity and the Internet of Things today. Most of the collected data
are reports, presentations, and white-papers. White-papers come from identity management, the
Internet of Things and information technology research companies.

The second phase involved qualitative research, which was conducted to answer the main research
question. The advantage of qualitative research is that it examines the topic in detail and in depth and it
also encourages people to expand on their responses25. The approach used for performing the qualitative
research was the Pyramid Principle by Barbara Minto26. This approach involves formulating hypothesis
based on the literature review and conducting qualitative research to prove if this hypothesis is correct.

The method used for data collection was conducting semi-structured interviews, either through face-to-
face meetings or using voice over IP. Semi-structured type of interviews was selected, because it allows
new ideas to be brought up during interviews, as a result of what the interviewee says. Participants were
leading experts from private companies, actively working in identity management and the IoT industry,
banks and consultants within the industry. The European market of identity management and the Internet
of Things was the focus. In total 22 interviews, each of approximately one hour duration were conducted.
The interviews were recorded and later transcribed into digital text. The transcription made the actual
data obtained through the interview clear and visible. The findings reported in this paper are restricted to
the results of literature analysis and the semi-structured interviews.

2.4. Data analysis: nVivo


The data analysis phase consisted of evaluating data using analytical and logical reasoning. All 22
interviews were transcribed and introduced into nVivo. nVivo is a computer program used for analysis of
qualitative data and it was used to help with management of data during coding. Coding is a systematic
way in which to condense extensive data sets into smaller analyzable units through the creation of
categories and concepts derived from the data27. It helps with organization and interpretation of data
and helps to lead to a conclusion. The data from the interviews was aggregated and filtered by nVivo
software, which resulted in creating thematic categories. The outcome obtained through qualitative
interviews was validated. Short summary of results was send to participants to confirm that the content
is in line with their point of view.

8
3. Literature study
3.1. What is digital identity?
According to Collins English Dictionary identity is The state of having unique identifying characteristics
held by no other person or thing. There was always a need to prove that we are who we claim we are. In
the physical domain it is done with a paper certificate, passport or later an ID card. However, with the
adoption of Internet in 90s28 a new type of identity was created digital identity. Digital identity is an
online representation of real-world identity. It consists of a collection of attributes. To access services or
resources authentication of digital identity is required. There are multiple methods of authentication,
most commonly it is password/username combination. Every Internet user has multiple digital identities
credentials for different services, with different levels of assurance. The level of assurance (LOA) of a
digital identity is the degree of trust that the person who presents a digital credential, is in fact that
person29. According to the Standard for Personal Digital Identity Levels of Assurance, level 0 is the lowest
level of assurance, where no identity is being claimed or asserted. In level 1, there is some claim to an
identity. One example can be an e-mail address that is used as identity verification. For levels 2 and higher,
the claim to a physical identity is stronger, by using a photo ID from a reliable authority like government
of bank.

The level of assurance is a way to determine trust online. According to P. Windley in the book Digital
identity every authentication done using digital identity infrastructure depends on trusting that an
identity and its attributes are correct. In an online world obtaining trust is more difficult than in the
physical world, because online transactions are more impersonal, more automated, entitle more legal
uncertainties and present more opportunities for fraud and abuse30. There are several ways of
authentication that prove trustworthiness of digital identities.

3.1.1. Authentication is the keystone of a trust relationship


Authentication is a process or action of proving or showing something to be true, genuine or valid, as
stated in the Oxford Dictionary. In the online world, the authentication ensures that the claimed identity
is the same as the identity being presented in online setting31 .The authentication process involves
presenting credentials and comparing them to those in a database. If credentials match, the process if
completed and the user is granted access.

In the context of Internet of Things there are two types of authentication: user authentication and
machine authentication32. User authentication occurs within human-to-computer interaction. A user has
to enter credentials to begin using the system. Machines need to authorize their automated actions within
a network as well. Machine authentication can be done with machine credentials such as, digital
certificates or public key infrastructure. Machine authentication is a broad topic, hence it is out of scope
for this paper. The main focus will be user authentication.

9
All approaches for authentication rely on at least one of following:

Figure 3: Three factors of authentication

Authentication factors refer to the type of information used to verify a persons identity in the online
world.

1. The most popular are username/passwords combinations33. It relies on Something that you
know factor. Although it doesnt require a lot of processing power to authenticate34, there are
several drawbacks of this method. First of all it is easy to lose control of passwords. Users share
password with other users, or write them down and other users read them. Long and complex
passwords are harder to guess, however they are no less vulnerable to other attacks like
phishing35. It also makes it harder for the users to remember complex passwords, therefore users
use the same password across multiple websites, which might result in compromising them all.
Another type of Something that you know factor are one-time passwords. They were developed
to avoid problems associated with reusing passwords36. One-time passwords are valid for only
one login attempt, which makes them useless to login again. In case of capturing the password,
potential attacker wont be able to abuse it, as the credential will no longer be valid.
2. Something that you have factor refers to items such as smart cards. Using smart card requires
physically inserting the card into a card reader and entering the PIN. They provide stronger
security, because they require physical possession. At the same time this is a drawback and
limitation a user needs to carry a card at all times to be able to authenticate.
3. Third factor Something that you are refers to biometric methods of authentication, like a
fingerprint, retinal or iris scan and voice analysis. Fingerprints is the most widely used biometric
method today37.

10
Trust and security in an online society are the most challenging problems businesses face these days38.
Authentication is a way to confirm the truth of a digital identity and establish trust between parties
involved in a transaction. Therefore it is very important that authentication methods are secure. With the
growing number of devices connected to the IoT, the number of interactions online will also grow.
According to Gartner39 Authentication plays a pivotal role in securing access to IoT devices, but
authentication methods used in todays IT may not work for all IoT devices. New ways of authentication,
beyond username/password combinations are needed.

3.1.2. I can change my password, but I cant change my eyeballs what will the future of
authentication be?
For more than four decades the basis for authentication when accessing online services are usernames
and passwords40. It was a practical approach back in the day but todays user activities and the evolution
of Internet of Things have changed the computer landscape so much, that username and passwords are
not able to protect systems anymore.

The Internet of Things is developing rapidly


and the average user has more devices than
BIOMETRIC AUTHENTICATIONrelies on the unique ever before. This number will grow in the
biological characteristics of individuals to verify future. From 4,9 billion devices we will
identity for secure access to electronic systems move to 25 billion devices, as Gartner
(TechTarget) predicts41. It is impossible to manage
multiple password and username to log in
to each of those devices. More secure and
user convenient methods of authentication are needed and the industry is putting its hope into
biometrics.

Biometrics is the measurement and analysis of unique physical or behavioral characteristics especially as
means of verifying personal identity42. One of the most commonly used biometric technology is fingerprint
recognition. Law enforcement agencies and governments have been using biometric technology for many
years for accurate identification. Biometric technology now is more sophisticated43 and became an
alternative to traditional password authentication. Biometrics identify user by who they are factor of
authentication, which excludes the need to remember password combinations.

Combining different factors of authentications, provides more security. In fact Gartner advises that
business should use multifactor authentication44. It adds additional protection by using more than one
method of authentication, from independent categories. For example using a smart cart and a PIN is two-
factor, since the two factors are something that you have and something that you know. It decreases
the chances of an unauthorized person circumventing the security system, as the person needs both
factors to get access.

3.2. What is the Internet of Things?


From a computer perspective the IoT is not new. In 1982, a group of students from Carnegie Mellon
University connected a Coke machine to the Internet45. The reason was fairly simple. Nobody, in 8th story
building would like to go to third floor only to discover that machine is empty and they couldnt buy a can
of Coke. That is how they came up with the idea to hook it up to the Internet and check if the drink is
available.

11
Although the Internet of Things has been around for many years, Cisco estimated that it has been born
between 2008 and 200946. This means that around that
time the number of devices on the Internet of Things has
outnumbered the number of people living on the Earth
(see Figure 4). Currently, Internet of Things is growing in
even quicker pace. Cisco predicts that there will be 25
billion connected devices in use in 2015 and 50 billion by
202047.

Gartner explains the IoT as a network of physical objects


that contain embedded technology48. It refers to growing
network of physical objects so called things that can
communicate with each other. An object becomes a part
of Internet of Things because of two features: a unique
identifier and Internet connectivity49. Things are also
called smart devices. Internet connectivity allows for a
device to communicate with computers, or other objects.
Each of those devices is identifiable by IP address. IoT
devices communicates with a radio that can send and Figure 4: When was the Internet of Things born?
receive wireless communication. It is important that
devices operate on low power and use low bandwidth, because many of IoT devices like door locks or
standalone sensors will use batteries, instead of power from electrical systems.50 If the smart device
uses small amounts of energy, the usage will be more efficient.

Figure 5 shows full range of the Internet of Things home appliances. Things can be home appliances like
lightbulbs, heaters, refrigerators, coffee-machines, or medical devices or even fitness trackers. The smart
home industry, which includes entertainment appliances, smart home appliances and kitchen appliances,
is projected to grow from $33 billion in 2013 to $71 billion by 2018, according to study by Juniper
Research51.

Figure 5: IoT home automation

12
The IoT is becoming reality, thanks to several factors. The hardware is cheaper than ever before and
production costs are constantly dropping. The costs of connecting device are also decreasing. In the same
time the wireless connectivity is evolving in rapid pace, broadband Internet is widely available and the
sale of smartphones and tablets is sky-rocketing. Also the convenience to have technology that helps
people with all kinds of day-to-day activities makes the Internet of Things so popular and widely adopted.

3.2.1. Security and privacy concerns in the Internet of Things

Security

The top concern in cyberspace is the security of devices and the data they collect, process and transmit52.
Financial losses from cyberattacks go into billions. McAfee estimates that annual cost to the global
economy is more than $400 billion53.

With the growing number of devices on the IoT, the potential risk of successful intrusion and data breach
is also higher. With more connections and points of entry, the IoT increases exposure to cyber risk. For
example, an employee might infect organizations network by coming to work with a wearable device like
a smart watch, and then the hacker subsequently gets access to other parts of the companys network.

Privacy

Privacy, along with security, is one of the most challenging issues for the Internet of Things. Although it is
not the main focus of this paper, it is an extremely important aspect of the IoT, certainly worth
mentioning. Privacy is the quality or state of being apart from company or observation54, in other words
the state of being secluded. It is also a right to keep personal matters and relationships a secret55. The
article called The right to Privacy, written in the 1890 Harvard Law Review formed a basis of todays
privacy. It was inspired by the rise of photography, newspapers and the possibility to publish images and
personals information to public. The world has changed since then. The technology advanced in a rapid
pace. Nowadays, we not only have newspaper and photography, but also television, computers, Internet
and the Internet of Things. Safeguarding our personal data became even more difficult.

The availability of cheap sensors and smartphones are one of the factors why Internet of Things is growing
in a rapid pace56. The evolution of the IoT have led to increasingly connected world. With billions of devices
being part of the IoT, more data is being produced, processed and transferred than ever before. Cisco
reports that the IoT will generate 400 zettabytes (ZB) of data by year 201857. Sensors connected to the
Internet of Things, collect sensitive personal data like precise geolocation, health or household
information and store it in the cloud. Massive volume of gathered data allows to perform complex
analytics and discover patterns, which wasnt possible before the era of Internet of Things. The data
collected by IoT devices might be used by companies to make credit, insurance or employment decisions.
Good example is a popular fitness tracker band. Now it is used for wellness purposes, but the data
gathered by the device might for example be used by insurance companies in the future.

The capacity to correlate data might have scary consequences. A good example is a Samsung television.
It is possible that smart TV voice recognition software, was transmitting private conversations to a third
party58. The customers might be unaware of the presence of sensors and of the spectrum of data they

13
produce59. In addition, they dont have a choice. Either they accept oppressive user terms & conditions or
they dont get to use the service.

The increased collection and processing of personal data triggers numerous debates. The governments
need to update laws and regulations, so they can handle the explosion of Internet of Things. The European
Commission plans to unify data protection and proposed reform of data protection rules in EU called
General Data Protection Regulation60. The goal is to give citizens back the control over their personal data.

3.3. Conclusion on literature study


Creating trust online is a big challenge. People use digital representation of themselves to communicate,
shop and work online. An average Internet user has multiple digital identities and this number is
constantly growing. In the same time we are in the hype of Internet of Things. It is a topic of broad and
current interest. The number of connected devices and sensors is growing at a tremendous rate. Most
people focus on the security and privacy aspect of Internet of Things, but there are some voices raising
and saying that it is identity that is a crucial part of the interconnected world. As billions of devices have
Internet connectivity, can communicate, and do things on our behalf, the identity in the IoT is becoming
a critical component of the modern Web. Each of those entities needs a unique identity, otherwise the
transactions over the IoT wont be trustworthy.

The way identity is confirmed is through authentication. Right now, mainly username and passwords are
used for this purpose. In a couple of years, everybody on the planet will have at least 6 smart devices.
On top of that average users are subscribed to different websites and services. Logging in to those devices
or services with separate username and password would be a nightmare. If the industry wont stop using
passwords and the authentication method wont change to a more user-friendly, it will slow down the
adoption of Internet of Things. As a consumer I would think twice if I was to buy another smart device
where I need separate credentials for to be able to see the collected data and further use it. Traditional
authentication methods are simply not scalable anymore.

14
4. Results analysis
The main focus of this chapter is analysis of conducted interviews. It consists of three parts, including
analysis of digital identity, Internet of Things, and the relation between digital identity and Internet of
Things.

4.1. Number of credentials is a main concern

Authentication
The number of credentials used by an average person to prove digital identity is a growing problem. In
most cases, username and password combinations are still used. The more services the user interacts
with, the more accounts and credentials need to be managed. It results in people loosing track of different
credentials, using weak password combinations or repeating the same passwords across websites. If one
of the passwords gets compromised, all of them are. The problem with the registration process was
mentioned as well. During registration for a website users need to provide information, and when they
wish to access another service, the registration is needed one more time. This necessity to provide the
same information for different services is becoming a burden.

Privacy

Various participants think that the privacy is the biggest concern of digital identity. Users have no insight
into which data is being accessed and by whom. Managing of digital identities is obscure. There is a big
pressure from corporations that want to connect all the services and therefore collect information about
users. The responders fear that their goal is the ownership of users identity, which is a big privacy threat.
Another problem according to participants is the lose approach to personal data that companies have.
The security measures taken to protect it are not enough. User profiling, which involves construction of
profiles based on user behavior online, generated by computerized data analysis, is also declared a privacy
concern.

4.2. The future of digital identity credentials


In the future, there will be multiple digital identity credentials for websites or services, just as there are
now, but the number will be reduced to about 2 or 3 with different levels of assurance. One will be of a
high level of assurance digital identity used for banking transactions or taxes, the other one will be of a
low level assurance used for social accounts or web shops. The last one might be a throw away digital
identity, with a very low level of assurance, used only for non-important services. Responders insist that
having clarity and overview of how the digital identity credential is used is very important and should be
provided in the future to mitigate privacy issues. This could be a manager of identities or a gate keeper,
which warns the user about the data that is being shared during a transaction. One person stated that if
users have one single identity, the difficulty of the authentication would not be a problem. Users would
be willing to setup and manage the security of only one account, instead of creating weak
username/passwords for multiple services.

15
Figure 6: Authentication methods

Figure 6, presents the point of view of participants on the future of authentication. Common opinion is
that current digital identity credentials are not future-proof and will be replaced in the future. However
o

part of the responders say that username/password combination will still be in use. One interviewee
claims that if users didnt have so many different digital identity credentials and only one, they wouldnt
oppose to have long and complicated passwords.

The majority agrees that multi-factor authentication will be widely used in the future, as one factor
authentication doesnt provide enough security. Social login might become even more popular. Re-using
digital identity credentials across multiple websites and services is highly convenient for users.

From the research it can be concluded that biometrics will be one of the standards for authentication in
the future. This includes two types (as shown in the Figure 7) behavioral patterns like keystroke analysis
or signature analysis and physical traits like fingerprint, facial recognition or voice recognition. With the
use of biometrics the authentication would be more user-friendly.

16
Figure 7: Biometric methods of authentication:

One interviewee added that biometrics are great way to enhance the authentication, but as username
component, not as password. The reason for that is the fact that a person has only one representation of
them. If they get compromised, there is no way to change it, like in the case of something that you know
factor.

In the future, there should be a way to put users into control of the identity. A way to do it might be using
attribute based authentication. Interviewees say that whenever it is possible attributes should be used,
instead of identities. Attribute based systems dont exist on massive scale yet, but there are groups
developing frameworks based on attributes (UMA, IRMA). The way authentication works now, is that each
user is identified in a back end system, all attributes are retrieved and based on that the authentication
decision is made. This could be done directly, where a user can immediately give the attribute instead of
the identifier. This way the system wouldnt store the identifier. However corporations do want to use
identifiers. This makes it possible to profile people, trace them and this is part of corporations business
model. Participants fear that this might be an obstacle for attribute based authentication.

Conclusion: In the future there will be combinations of authentication methods used, including
biometrics and attribute-based authentication.

4.3. How will the Internet of Things evolve?


The biggest benefit of the Internet of Things is user convenience. Some participants state that users are
willing to give up sense of privacy when enough convenience is being given in return. The IoT users are
also looking for time saving. Using connected devices helps them with day-to-day activities, leaving more
time to do fun things.

With the ability to aggregate and provide data analysis, improvements around electricity, energy usage,
better role planning, and better health care provision can be seen. Instead of simply collecting data, the
prediction when the device will fail or current status of the device will be given. Since everything will be
connected, it will improve efficiency and bring money savings.

With the adoption of the IoT, new groups of technically savvy people might be formed. They would
understand processes behind Internet of Things and become more influential, than the average user.

17
Good user cases and better service delivery will accelerate the growth of the IoT. If shopping online will
be as easy and accessible (by for example user-friendly authentication methods) as a normal shop, the IoT
will grow further.

Internet of Things threats

Security for the Internet of Things is one of the biggest issues to be solved. Authentication is one of the
most important ways of securing systems. Dependence on online presence is also mentioned as a threat.
If something happens with Internet connectivity, none of the IoT devices will work. The participants also
indicate that there is no real control of collected by IoT devices data. If the information is published on
the Internet, there is no power to erase it.

The problem is that Personally Identifiable Information is mixed with non-sensitive information. If there
is a distinction between those two, the privacy issue can be mitigated. It is called anonymization of data.
If a user wants to proceed with a certain transaction, for example buy shoes online, identity in form of a
number is needed. If specific functions are assigned to that number and send over to the shoes seller,
instead of identity, than even if hackers eavesdrops on that information, it cant be related to a person.

Majority states that ease of use is more important for customer than privacy. Some participants say it will
only get even more important in the future, the other part states that people will realize the importance
of privacy. One person says that it depends on activity online. If users are buying a sweater ease of use
and convenience is important, if banking transfer is being done privacy and safety of the data. The
participants are pointing out that users dont have a choice between ease of use or privacy. Either they
have to accept the term of agreement, or resign from a service. The process of storing and sharing
information is not transparent either. Having simple, clear processes should be a standard. It will change
in the future, but it will be a time-consuming process.

Governments participation in the IoT

Governments will continue with creating regulations, but in the same time they will not able to keep up
with the technology and the market. Some suspect there will be a conflict between organizations who
want to collect user data and use it and people who want privacy. The only way to limit this, is to have
regulations. Another point of view is that the governments should set principles, provide insights and
means to apply it, without actively organizing it themselves. The government is not one entity, hence one
vision is almost impossible to achieve. In this case it would be more self-regulating, than enforced by
government. Some say there is no possible way, that government which changes every couple of years,
can solve the issues that the technology industry is facing, others are afraid that creating legislations will
limit development.

Conclusion: The biggest benefit of the Internet of Things is user convenience and time saving.
Security and privacy of data is the biggest concern. The opinions are divided if it comes to
governments participation in ensuring the security.

4.4. Identity for Internet of Things


The current way of thinking about digital identities will be extended. According to interviewees identity is
a key to unlock the potential of the IoT. Before the IoT, only people had identity. With the development
of the IoT, not only people have identity, but also devices and sensors. Without having unique identifier,
they cannot be registered, connected to other devices, nor can they control certain processes.

18
Devices connected to the Internet of Things act on users behalf. The user needs to define tasks to be
performed by a device by sending instructions. Things are tied to persons identity via an email account
on a smartphone. This means for every use of device connected to the IoT, there is a login needed.
Majority of participants agree that ease of authentication methods will enable people to more easily
access digital services, hence it will be easier to use devices connected to the IoT.

Some participants say that to fully benefit from the information across different sensors and applications
from Internet of Things, one single identity and one digital identity credential is needed. In the same time
they admit that it is too early to talk about it, it will take years or even decades to implement one digital
identity.

Two participants mentioned a concept that is not taken into account in the IoT nowadays - the household
concept. People usually dont live on their own, they share devices with their family and kids, and the
industry doesnt address the need of having family identity. There should be a cockpit in place with
all digital identities and the IoT devices, which can be accessed by users with credentials to change
permissions, share or remove data.

In the future, houses can have identities as well, by assigning certain attributes to it like size, position,
location. If somebody with a smartphone comes to the door of the house, the house can check the
attributes on that phone and authenticate the identity of the person for example delivery boy. When this
is done delivery box is opened immediately. In case there is a fire, this home box can detect this and give
access to certain attributes like number of people living in the house or floor plan to the fire department.
In that case the house is considered an entity, and the person who lives there has access to certain rights
to those home devices. It is not yet certain if this idea gets implemented in the future.

In the future the possession of a device might become important factor of online representation. This is
the factor something you have. The fact of having a phone would be an authentication. It is a concept
where things can identify a user. Having a smartphone, laptop and shoes with GPS tracker means that
it most likely will be me going to the bank. In that case devices can be attributes used to identify a
person. The combination of devices and location based services will have increasing impact. GPS
coordinates from the phone and laptop that a person is often in the office in certain hours, can contribute
to authentication. If the person goes to the office outside office hours, extra authentication will be
needed. Hence the interaction aspect where a user needs to log in to an application will decrease in the
future. The process will become more implicit and dynamic. When a user enters a shop, the shop will
know who it is, what the preferences are, what is the buying history, without user making interaction with
any application.

One participant mentioned that the true potential of the IoT can be unlocked, when we have the same
level of trust online, as we do in the physical world. In the physical world, if a customer goes into a local
shop, the shop owners probably knows him, and if he forgot his wallet, he can promise that he will bring
that money in an hour and they believe him. This is trust. This kind of level of trust needs to be achieved
online, without losing privacy.

Conclusion: Identity is a crucial concept for the Internet of Things. Devices need an identity for
registration purposes, to communicate and exchange information.

19
5. Conclusions
Through this research the topic of digital identity and the Internet of Things has been explored. The first
goal was to investigate the relationship between digital identity and Internet of Things. The second goal
was to determine how the Internet of Things and authentication methods of digital identity could evolve
in the future. This topic has been explored with the use of a literature review, along with qualitative
research which consisted of semi-structured interviews with leading experts in identity management and
in the Internet of Things industry.

There are four main conclusions drawn from the research:

1. Digital identity credentials are outdated and new ways of authentication are needed.

Based on the literature review and the interviews the conclusion is that username/password
combinations are an outdated method of authentication. With a multitude of services and devices
connected to the IoT, it is neither secure nor user-friendly to use username/password combinations. New
ways of user-authentication should be developed. According to literature review and interviews the
evolution of authentication of digital identity will shift to biometrics and attribute-based authentication.

2. Method of authentication of digital identity can have an influence on adoption of the Internet
of Things.

Traditional methods of authentication like username/password combinations are not scalable for use with
the IoT devices. A user will be more cautious with buying and using another device or sensor that requires
a new username/password combination. If a method of authentication changes, it would be easier to
convince a potential buyer to use an IoT device. Biometric authentication is more user-friendly. The
attribute-based authentication on the other hand, puts users in control of data and therefore is more
privacy friendly. Users that are not eager to use the IoT devices because of privacy doubts and issues, will
be more likely to use it.

3. Privacy and security in the Internet of Things is a serious concern.

Conclusion from both the literature review and interviews is that security and privacy of the IoT is a big
concern for companies and customers. The number of the IoT devices is growing and therefore the
number of hacks or data breaches will increase. The industry needs to find a solution to tackle the problem
of both data security and data privacy. Strong authentication can help with securing systems - it will be
more difficult for a hacker to get access to it. Attribute-based authentication on the other hand can solve
the problem with privacy. Since the user is in control of the data, only he or she can indicate who can have
access to it.

5.1. Discussion
Based on my thoughts predictions for the future of the IoT and digital identity authentication can be made.

In the future, there will be more devices connected to the Internet of Things. The IoT devices have the
ability to aggregate data, which leads to data analysis, with improvements for example around energy
usage, better role planning, and better health care provision. Good user cases will accelerate the growth
of Internet of Things. People are more likely to use the IoT devices if they see benefits, for example when
saving time. Using connected devices for day-to-day activities, saves time and leave more of it to enjoy
hobbies. If a fridge, connected to the IoT, orders food, a user will spend time in more pleasant ways than

20
shopping. User convenience is the most important factor of the Internet of Things. Customers are willing
to give up sense of privacy if enough user convenience is given in return. User convenience is inseparable
with authentication methods that are used to provide access to resources. Username/password
combination are difficult to manage and remember for multitude of devices. Therefore a majority of the
responders indicated biometrics and attribute-based authentication as a direction into which
authentication of digital identity will evolve. The interviews shows that a distinction between customers
priorities can be made. Two groups of customers can be distinguished:

1. First group is concerned about the privacy of data and wants to be in control of it.

2. The other group thinks that user-convenience is more important, which means that easier
authentication methods would convince them to use IoT devices.

Based on the assumptions above, an authentication matrix can be created. Figure 8 shows the predictions
on how authentication of digital identity will evolve in the future.

Figure 8: The evolution of digital identity authentication

21
Scenario 1: Biometrics + Attribute based authentication

The industry evolves into using combination of biometrics and attribute-based authentication. Those
methods of authentication make it more user-friendly, as there is no need to remember different
username/password combinations for each login, to each device. The privacy is also respected because
the user is in control of data. During authentication attributes pieces of information about a user, are
shared instead of entire identities. This prevents social media websites, corporations and big brands from
collecting data, profiling user and misusing that data.

Scenario 2: Biometrics

In the course of the evolution into biometric and attribute-based authentication, big brands and
corporations might oppose to use attribute-based authentication. Attribute-based authentication puts
user in control of data, which means that corporations wont be able to gather and sell it. Multitude of
companies track user behavior online such as, visited websites, shopping patterns. They use this data
either to target marketing campaigns towards a potential client or sell it. Since data collection wont be
possible with attribute-based authentication, this method is a threat for those companies which business
model is selling personal data. Therefore corporations might block development of attribute-based
authentication and support only biometric authentication. Biometrics will continue to be developed and
adopted. More advanced biometric authentication methods will be proposed such as retinal scan or vein
recognition. Due to its user-friendly approach, customers will be satisfied.

Scenario 3: Attribute based authentication

During the evolution into biometric and attribute-based authentication a security incident might occur.
This can for example include extraction of biometric information from database, or impersonating
biometrics which would lead to stealing an identity. Biometrics as something that you are factor of
authentication cannot be changed or replaced in case the fingerprint or any other biometric trait is stolen.
If a security incident happens, people might lose trust and stop using biometrics for authentication,
because of the high risk involved. Instead, people will continue using attribute-based authentication. With
this type of authentication, the user will be in control of its data.

Scenario 4: Unpredictable incident

One more option can get in the way of implementing biometrics authentication and attribute-based
authentication. The technology is moving fast and developing new solutions rapidly. New kind of incidents
might appear in the future that will discard both biometrics and attribute-based authentication. Both
types of authentication could be superfluous and this could lead to a situation where the industry would
have to come up with entirely new concept of authentication. However it is difficult to predict what it
might be.

5.1.1. Impact on the Internet of Things

Scenario 1: Biometrics + Attribute based authentication

The evolution of authentication methods of digital identity into the direction of biometric and attribute-
based authentication can increase the adoption of the Internet of Things. As a result of seamless and user-
friendly authentication customers are more likely to buy and use more IoT devices. Since the burden of

22
remembering multiple digital identity credentials is gone, users will be more eager to use new IoT-
applications, - services and - devices. The privacy is respected and users have control over their personal
data, therefore people deeply attached their privacy will be less worried and presumably use the IoT
devices more often for every-day situations. These factors will influence Internet of the IoT and speed up
its adoption.

Scenario 2: Biometrics

This situation implies that people who are concerned about privacy and want to be in control might refuse
to buy and use more IoT devices. At the same time, users who are seeking user-friendly authentication
methods will be satisfied with biometrics. In that case the adoption of the Internet of Things will be
growing, however not as fast as in the Scenario 1.

Scenario 3: Attribute based authentication

Customers who are attached to their privacy will be satisfied with attribute - based authentication
methods. This method puts users in control of their data and therefore is privacy friendly. In this case, the
adoption of the Internet of Things will be growing, as much as in the Scenario 2.

Scenario 4: Unpredictable incident

The influence of that situation on the Internet of Things is unknown.

23
Authentication methods have an influence on the adoption of the Internet of Things. The relationship
between the ease of authentication and the adoption of the IoT is shown on the graph (Figure 9).

Figure 9: The relationship between the IoT and authentication methods

If the authentication methods are user friendly, more people will be interested in purchasing and using
the IoT devices. It will be easier to get access to data and interact with devices. Username/password
authentication is not scalable for the amount of IoT devices that every user will have. If biometrics and
attribute- based authentication replaces the traditional method of authentication, the adoption of the
Internet of Things devices will speed up.

5.2. Limitations
Although the research was carefully prepared, it has its limitations and shortcomings. The study was
conducted on small size population, which included 22 interviews. To generalize the results, the research
should have involved more participants. For instance quantitative survey on a larger population could
have been performed. The research looked only at European digital identity and the IoT companies. It
cannot be assumed that the entire industry will behave as the European one. Also the interviews have
been taken with different stakeholders, which might result in a CEO giving a different point of view then

24
sales representative. Finally, not all the companies from digital identity and the Internet of Things sector
in Europe were interviewed.

5.3. Further research


The current research could be extended to different continents to prove sustained validity of the
predictions outside one continent Europe that it has been investigated in. Future research could possibly
concentrate on machine-to-machine authentication for the Internet of Things, as it was out of scope of
this paper. Also deeper investigation and testing of framework that could be used for the Internet of
Things in the future (UMA, IRM, and FIDO) could be done. Security and privacy issues of the IoT are also
a very broad topic, which could be further investigated.

1
DAVE EVANS (2011) The Internet of Things: How the next evolution of the Internet is changing everything
2
INTERNET SOCIETY Understanding your Online Identity. An Overview of Identity
3
GISSIMEE DOE Difference Between Identification & Authentication [Online] Available from:
http://science.opposingviews.com/difference-between-identification-authentication-3471.html [Accessed:
26.11.2015]
4
EXPERIAN (2012) Online ID OD: Illegal web trade in personal information soars [Online] Available from:
https://www.experianplc.com/media/news/2012/illegal-web-trade-in-personal-information-soars/ [Accessed:
10.10.2015]
5
CSID (2012) Consumer survey: password habits
6
THE TELEGRAPH (2011) Average person uses 10 online passwords a day [Online] Available from:
http://www.telegraph.co.uk/technology/news/8602346/Average-person-uses-10-online-passwords-a-day.html
[Accessed: 15.10.2015]
7
JANRAIN (2012) Online Americans Fatigued by Password Overload Janrain Study Finds [Online] Available from:
http://janrain.com/about/newsroom/press-releases/online-americans-fatigued-by-password-overload-janrain-
study-finds/ [Accessed: 15.10.2015]
8
WHITSON GORDON (2012) How Your Passwords Are Stored on the Internet (and When Your Password Strength
Doesnt Matter) [Online] Available from: http://lifehacker.com/5919918/how-your-passwords-are-stored-on-the-
internet-and-when-your-password-strength-doesnt-matter [Accessed: 16.10.2015]
9
GRAHAM CLULEY (2013) 55% of net users use the same password for most, if not all, websites. When will they
learn? [Online] Available from: https://nakedsecurity.sophos.com/2013/04/23/users-same-password-most-
websites/ [Accessed: 16.10.2015]
10
BRAD ARKIN (2013) Important customer security announcement [Online] Available from:
http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html [Accessed:
16.10.2015]
11
JIM FINKLE, DEEPA SEETHARAMAN (2014) Cyber Thieves Took Data on 145 Million eBay Customers By Hacking 3
Corporate Employees [Online] Available from: http://www.businessinsider.com/cyber-thieves-took-data-on-145-
million-ebay-customers-by-hacking-3-corporate-employees-2014-5?IR=T [Accessed: 16.10.2015]
12
DON REISINGER (2014) eBay hacked, requests all users change passwords [Online] Available from:
http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/ [Accessed: 16.10.2015]
13
DAVE EVANS (2011) The Internet of Things. How the Next Evolution of Internet Is Changing Everything
14
GARTNER (2014) Gartner says the Internet of Things will drive device and user relationship requirements in 20%
of new IAM implementations by 2016 [Online] Available from: http://www.gartner.com/newsroom/id/2944719
[Accessed: 20.11.2015]
15
EARL PERKINS, ANT ALLAN (2015) The Identity of Things for the Internet of Things
16
FORGEROCK The Identity of Things (IDoT). Access Management (IAM) Reference Architecture for the Internet of
Things (IoT)
17
ANMOL SINGH, EARL PERKINS (2015) The Authentication in the Internet of Things

25
18
NXP (2012) Digital identity: Towards more convenient, more secure online authentication
19
ROB SPIEGEL (1999) When did the Internet become mainstream? [Online] Available from:
http://www.ecommercetimes.com/story/1731.html [Accessed: 29.10.2015]
20
DAVID NEEDLE (2014) Internet of Things Must Overcome Many Challenges to Win Wide Adoption
21
TIM MAYTON (2014) Four Connected Devices per Person Worldwide by 2020 [Online] Available from:
http://mobilemarketingmagazine.com/four-connected-devices-per-person-worldwide-by-2020/ [Accessed:
16.10.2015]
22
DAVE EVANS (2011) The Internet of Things. How the Next Evolution of Internet Is Changing Everything
23
GEORGE AVETISOV (2015) Biometric security: Authentication for a more secure IoT [Online] Available from:
http://www.itproportal.com/2015/08/08/biometric-security-authentication-for-a-more-secure-iot/ [Accessed:
29.10.2015]
24
CHLOE GREEN (2015) Why identity will be the most crucial element of the Internet of Things [Online] Available
from: http://www.information-age.com/technology/security/123459408/why-identity-will-be-most-crucial-
element-internet-things [Accessed: 29.10.2015]
25
CLAIRE ANDERSON (2010) Presenting and Evaluating Qualitative Research [Online] Available from:
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2987281/ [Accessed: 21.10.2015]
26
BARBARA MINTO (2008) The Pyramid Principle: Logic in Writing and Thinking
27
LOCKYER SHARON (2014) Coding Qualitative Data
28
GEORGE VOUSINAS Internet &the birth of InfoCom industry IT & Economic Performance
29
EARVING BLYNTHE (2010) Standard for Personal Digital Identity Levels of Assurance
30
HEAD MILENA, HASSANEIN KHALED (2002) Trust in e-Commerce: Evaluating the Impact of Third-Party Seals
31
EARVING BLYNTHE (2010) Standard for Personal Digital Identity Levels of Assurance
32
TECHTARGET Authentication definition [Online] Available from:
http://searchsecurity.techtarget.com/definition/authentication [Accessed: 18.10.2015]
33
MICHEAL WENSTROM (2002) Examining Cisco AAA Security Technology
34
SANS INSTITUTE INFOSEC READING ROOM (2001) An Overview of Different Authentication Methods and
Protocols
35
ANT ALLAN (2011) Authentication: Ten Myths and Misconceptions Debunked
36
SANS INSTITUTE INFOSEC READING ROOM (2001) An Overview of Different Authentication Methods and
Protocols
37
GIBSON DARRIL (2011) Understanding the Three Factors of Authentication [Online] Available from:
http://www.pearsonitcertification.com/articles/article.aspx?p=1718488 [Accessed: 30.11.2015]
38
THAWTE The value of Authentication
39
ANMOL SINGH, EARL PERKINS (2015) Authentication in the Internet of Things
40
NXP, Digital identity: Toward more convenient, more secure online authentication
41
GARTNER (2014) Gartner Says 4,9 Billion Connected Things Will Be in Use in 2015 [Online] Available from:
http://www.gartner.com/newsroom/id/2905717 [Accessed: 21.10.2015]
42
MERRIAM-WEBSTER dictionary Biometrics [Online] Available from: http://www.merriam-
webster.com/dictionary/biometrics [Accessed: 05.11.2015]
43
ARIFIN HUSSAIN (2015) Biometrics as an Alternative to Passwords [Online] Available from:
http://blog.m2sys.com/biometric-hardware/biometrics-as-an-alternative-to-passwords/ [Accessed: 05.11.2015]
44
WARWICK ASHFORD (2011) Business must use multi-layer authentication, says Gartner [Online] Available
from: http://www.computerweekly.com/news/1280095402/Business-must-use-multi-layer-authentication-says-
Gartner [Accessed: 30.11.2015]
45
THE CARNEGIE MELLON UNIVERSITY COMPUTER SCIENCE DEPARTMENT The "Only" Coke Machine on the
Internet[Online] Available from: https://www.cs.cmu.edu/~coke/history_long.txt [Accessed: 05.11.2015]
46
DAVE EVANS (2011) The Internet of Things. How the Next Evolution of Internet Is Changing Everything
47
DAVE EVANS (2011) The Internet of Things. How the Next Evolution of Internet Is Changing Everything
48
GARTNER IT Glossary Internet of Things [Online] Available from: http://www.gartner.com/it-glossary/internet-
of-things/ [Accessed: 10.11.2015]
49
ERIC A.FISHER (2015) The Internet of Things: Frequently Asked Questions

26
50
PATRICK THIBODEAU (2014) Explained: The ABCs of the Internet of Things [Online] Available from:
http://www.computerworld.com/article/2488872/emerging-technology-explained-the-abcs-of-the-internet-of-
things.html?page=2 [Accessed: 11.11.2015]
51
JUNIPER RESEARCH (2014) Smart home revenues to reach $71 billion by 2018, Juniper Research finds [Online]
Available from: http://www.juniperresearch.com/press-release/smart-home-pr1 [Accessed: 11.11.2015]
52
STEPHEN LAWSON (2014) Why Internet of Things Standards Got More Confusing in 2014 [Online] Available
from: http://www.pcworld.com/article/2863572/iot-groups-are-like-an-orchestra-tuning-up-the-music-starts-in-
2016.html [Accessed: 13.11.2015]
53
CENTER FOR STRATEGIC AND INTERNATIONAL STUDIES (2014) Net Losses: Estimating he Global Cost of
Cybercrime
54
MERRIAM-WEBSTER dictionary Privacy [Online] Available from: http://www.merriam-
webster.com/dictionary/privacy [Accessed: 26.10.2015]
55
CAMBRIDGE DICTIONARIES ONLINE Privacy[Online] Available from:
http://dictionary.cambridge.org/dictionary/english/privacy [Accessed: 26.10.2015]
56
JOHN GREENOUGH (2014) Here Are The Four Elements That Will Make The Internet of Things An Absolutely
Massive Market [Online] Available from: http://uk.businessinsider.com/four-elements-driving-iot-2014-
10?r=US&IR=T [Accessed: 26.10.2015]
57
CISCO (2014) Cisco Global Cloud Index: Forecast and Methodology 2013-2018 White Paper
58
ALEX HERN (2015) Samsung rejects concern over Orwellian privacy policy [Online] Available from:
http://www.theguardian.com/technology/2015/feb/09/samsung-rejects-concern-over-orwellian-privacy-policy
[Accessed: 26.10.2015]
59
EUROPEAN PARLIAMENT, STUDY FOR THE LIBE COMMITTEE (2015) Big Data and Smart Devices and Their
Impact on Privacy
60
EUROPEAN COMMISSION (2015) Protection of Personal Data [Online] Available from:
http://ec.europa.eu/justice/data-protection/index_en.htm [Accessed: 26.10.2015]

27
Glossary
The fact of being who a person is or what a thing
Identity is. Sum of attributes like birthplace, birthday,
social security number etc.
Digital identity It is online representation of real-world identity.
Username and password combination used to
Digital identity credential
authenticate digital identity.
It is the process of determining whether someone
Authentication or something is, in fact, who or what it is declared
to be.
It is a method used for authentication e.g.
Authentication method
username and password.
It is a network of physical objects that contain
embedded technology to communicate and sense
Internet of Things
or interact with their internal states or the
external environment.
Attribute-based authentication Authentication based on exchanging attributes.
It is a type of system that relies on the unique
Biometric authentication biological characteristics of individuals to verify
identity for secure access to electronic systems.
It is an interview conducted with a fairly open
Semi-structured interview framework which allow for focused,
conversational, two-way communication.

1
Bibliography
ALEX HERN (2015) Samsung rejects concern over Orwellian privacy policy [Online] Available from:
http://www.theguardian.com/technology/2015/feb/09/samsung-rejects-concern-over-orwellian-privacy-
policy [Accessed: 26.10.2015]
ANMOL SINGH, EARL PERKINS (2015) Authentication in the Internet of Things
ANMOL SINGH, EARL PERKINS (2015) The Authentication in the Internet of Things
ANT ALLAN (2011) Authentication: Ten Myths and Misconceptions Debunked
ARIFIN HUSSAIN (2015) Biometrics as an Alternative to Passwords [Online] Available from:
http://blog.m2sys.com/biometric-hardware/biometrics-as-an-alternative-to-passwords/ [Accessed:
05.11.2015]
BARBARA MINTO (2008) The Pyramid Principle: Logic in Writing and Thinking
BETSY BURTON, MIKE WALKER (2015) Hype Cycle for Emerging Technologies, 2015
BRAD ARKIN (2013) Important customer security announcement [Online] Available from:
http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html [Accessed:
16.10.2015]
CAMBRIDGE DICTIONARIES ONLINE Privacy[Online] Available from:
http://dictionary.cambridge.org/dictionary/english/privacy [Accessed: 26.10.2015]
CENTER FOR STRATEGIC AND INTERNATIONAL STUDIES (2014) Net Losses: Estimating the Global Cost of
Cybercrime
CHLOE GREEN (2015) Why identity will be the most crucial element of the Internet of Things [Online]
Available from: http://www.information-age.com/technology/security/123459408/why-identity-will-be-most-
crucial-element-internet-things [Accessed: 29.10.2015]
CISCO (2014) Cisco Global Cloud Index: Forecast and Methodology 2013-2018 White Paper
CLAIRE ANDERSON (2010) Presenting and Evaluating Qualitative Research [Online] Available from:
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2987281/ [Accessed: 21.10.2015]
CSID (2012) Consumer survey: password habits
DAVE EVANS (2011) The Internet of Things. How the Next Evolution of Internet Is Changing Everything
DAVID NEEDLE (2014) Internet of Things Must Overcome Many Challenges to Win Wide Adoption
DON REISINGER (2014) eBay hacked, requests all users change passwords [Online] Available from:
http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/ [Accessed: 16.10.2015]
EARL PERKINS, ANT ALLAN (2015) The Identity of Things for the Internet of Things
EARVING BLYNTHE (2010) Standard for Personal Digital Identity Levels of Assurance
ERIC A.FISHER (2015) The Internet of Things: Frequently Asked Questions
EUROPEAN COMMISSION (2015) Protection of Personal Data [Online] Available from:
http://ec.europa.eu/justice/data-protection/index_en.htm [Accessed: 26.10.2015]
EUROPEAN PARLIAMENT, STUDY FOR THE LIBE COMMITTEE (2015) Big Data and Smart Devices and Their
Impact on Privacy
EXPERIAN (2012) Online ID OD: Illegal web trade in personal information soars [Online] Available from:
https://www.experianplc.com/media/news/2012/illegal-web-trade-in-personal-information-soars/ [Accessed:
10.10.2015]

2
FORGEROCK The Identity of Things (IDoT). Access Management (IAM) Reference Architecture for the Internet
of Things (IoT)
GARTNER (2014) Gartner Says 4,9 Billion Connected Things Will Be in Use in 2015 [Online] Available from:
http://www.gartner.com/newsroom/id/2905717 [Accessed 21.10.2015]
GARTNER (2014) Gartner says the Internet of Things will drive device and user relationship requirements in
20% of new IAM implementations by 2016 [Online] Available from:
http://www.gartner.com/newsroom/id/2944719 [Accessed: 20.11.2015]
GARTNER IT Glossary Internet of Things [Online] Available from: http://www.gartner.com/it-
glossary/internet-of-things/ [Accessed: 10.11.2015]
GEORGE AVETISOV (2015) Biometric security: Authentication for a more secure IoT [Online] Available from:
http://www.itproportal.com/2015/08/08/biometric-security-authentication-for-a-more-secure-iot/ [Accessed:
29.10.2015]
GEORGE VOUSINAS Internet &the birth of InfoCom industry IT & Economic Performance
GIBSON DARRIL (2011) Understanding the Three Factors of Authentication [Online] Available from:
http://www.pearsonitcertification.com/articles/article.aspx?p=1718488 [Accessed: 30.11.2015]
GISSIMEE DOE Difference Between Identification & Authentication [Online] Available from:
http://science.opposingviews.com/difference-between-identification-authentication-3471.html [Accessed:
26.11.2015]
GRAHAM CLULEY (2013) 55% of net users use the same password for most, if not all, websites. When will
they learn? [Online] Available from: https://nakedsecurity.sophos.com/2013/04/23/users-same-password-
most-websites/ [Accessed: 16.10.2015]
INTERNET SOCIETY Understanding your Online Identity. An Overview of Identity
JANRAIN (2012) Online Americans Fatigued by Password Overload Janrain Study Finds [Online] Available
from: http://janrain.com/about/newsroom/press-releases/online-americans-fatigued-by-password-overload-
janrain-study-finds/ [Accessed: 15.10.2015]
JIM FINKLE, DEEPA SEETHARAMAN (2014) Cyber Thieves Took Data on 145 Million eBay Customers By
Hacking 3 Corporate Employees [Online] Available from: http://www.businessinsider.com/cyber-thieves-
took-data-on-145-million-ebay-customers-by-hacking-3-corporate-employees-2014-5?IR=T [Accessed:
16.10.2015]
JOHN GREENOUGH (2014) Here Are the Four Elements That Will Make the Internet of Things An Absolutely
Massive Market [Online] Available from: http://uk.businessinsider.com/four-elements-driving-iot-2014-
10?r=US&IR=T [Accessed: 26.10.2015]
JUNIPER RESEARCH (2014) Smart home revenues to reach $71 billion by 2018, Juniper Research finds [Online]
Available from: http://www.juniperresearch.com/press-release/smart-home-pr1 [Accessed: 11.11.2015]
LOCKYER SHARON (2014) Coding Qualitative Data
MERRIAM-WEBSTER dictionary Biometrics [Online] Available from: http://www.merriam-
webster.com/dictionary/biometrics [Accessed: 05.11.2015]
MERRIAM-WEBSTER dictionary Privacy [Online] Available from: http://www.merriam-
webster.com/dictionary/privacy [Accessed: 26.10.2015]
MICHEAL WENSTROM (2002) Examining Cisco AAA Security Technology
NXP (2012) Digital identity: Towards more convenient, more secure online authentication

3
NXP, Digital identity: Toward more convenient, more secure online authentication
PATRICK THIBODEAU (2014) Explained: The ABCs of the Internet of Things [Online] Available from:
http://www.computerworld.com/article/2488872/emerging-technology-explained-the-abcs-of-the-internet-
of-things.html?page=2 [Accessed: 11.11.2015]
ROB SPIEGEL (1999) When did the Internet become mainstream? [Online] Available from:
http://www.ecommercetimes.com/story/1731.html [Accessed: 29.10.2015]
SANS INSTITUTE INFOSEC READING ROOM (2001) An Overview of Different Authentication Methods and
Protocols
STEPHEN LAWSON (2014) Why Internet of Things Standards Got More Confusing in 2014 [Online] Available
from: http://www.pcworld.com/article/2863572/iot-groups-are-like-an-orchestra-tuning-up-the-music-starts-
in-2016.html [Accessed: 13.11.2015]
TECHTARGET Authentication definition [Online] Available from:
http://searchsecurity.techtarget.com/definition/authentication [Accessed: 18.10.2015]
THAWTE The value of Authentication
THE CARNEGIE MELLON UNIVERSITY COMPUTER SCIENCE DEPARTMENT The "Only" Coke Machine on the
Internet[Online] Available from: https://www.cs.cmu.edu/~coke/history_long.txt [Accessed: 05.11.2015]
THE TELEGRAPH (2011) Average person uses 10 online passwords a day [Online] Availbale from:
http://www.telegraph.co.uk/technology/news/8602346/Average-person-uses-10-online-passwords-a-
day.html [Accessed: 15.10.2015]
TIM MAYTON (2014) Four Connected Devices per Person Worldwide by 2020 [Online] Available from:
http://mobilemarketingmagazine.com/four-connected-devices-per-person-worldwide-by-2020/ [Accessed:
16.10.2015]
WARWICK ASHFORD (2011) Business must use multi-layer authentication, says Gartner [Online] Available
from: http://www.computerweekly.com/news/1280095402/Business-must-use-multi-layer-authentication-
says-Gartner [Accessed: 30.11.2015]
WHITSON GORDON (2012) How Your Passwords Are Stored on the Internet (and When Your Password
Strength Doesnt Matter) [Online] Available from: http://lifehacker.com/5919918/how-your-passwords-are-
stored-on-the-internet-and-when-your-password-strength-doesnt-matter [Accessed: 16.10.2015]

Anda mungkin juga menyukai