Cryptology ePrint Archive: Report 2015/1110

Privacy-Aware Authentication in the Internet of Things

Hannes Gross and Marko Hölbl and Daniel Slamanig and Raphael Spreitzer

Abstract: Besides the opportunities o ered by the all-embracing Internet of Things (IoT) technology, it also poses a tremendous threat to the privacy of the carriers of these devices. In this work, we build upon the idea of an RFID-based IoT realized by means of standardized and well-established Internet protocols. In particular, we demonstrate how the Internet Protocol Security protocol suite (IPsec) can be applied in a privacy-aware manner. Therefore, we introduce a privacy-aware mutual authentication protocol compatible with restrictions imposed by the IPsec standard and analyze its privacy and security properties. In order do so, we revisit and adapt the RFID privacy model (HPVP) of Hermans et al. (ESORICS'11). With this work, we show that privacy in the IoT can be achieved without relying on proprietary protocols and on the basis of existing Internet standards.

Category / Keywords: cryptographic protocols / Internet of Things, privacy, privacy-aware authentication, EPC Gen2, RFID, IPsec, IKEv2

Original Publication (with major differences): CANS 2015, LNCS 9476 proceeding

Date: received 16 Nov 2015, last revised 17 Nov 2015

Contact author: hannes gross at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20151118:083216 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]