Paper 2015/1110

Privacy-Aware Authentication in the Internet of Things

Hannes Gross, Marko Hölbl, Daniel Slamanig, and Raphael Spreitzer


Besides the opportunities o ered by the all-embracing Internet of Things (IoT) technology, it also poses a tremendous threat to the privacy of the carriers of these devices. In this work, we build upon the idea of an RFID-based IoT realized by means of standardized and well-established Internet protocols. In particular, we demonstrate how the Internet Protocol Security protocol suite (IPsec) can be applied in a privacy-aware manner. Therefore, we introduce a privacy-aware mutual authentication protocol compatible with restrictions imposed by the IPsec standard and analyze its privacy and security properties. In order do so, we revisit and adapt the RFID privacy model (HPVP) of Hermans et al. (ESORICS'11). With this work, we show that privacy in the IoT can be achieved without relying on proprietary protocols and on the basis of existing Internet standards.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision.CANS 2015, LNCS 9476 proceeding
Internet of Thingsprivacyprivacy-aware authenticationEPC Gen2RFIDIPsecIKEv2
Contact author(s)
hannes gross @ iaik tugraz at
2015-11-18: received
Short URL
Creative Commons Attribution


      author = {Hannes Gross and Marko Hölbl and Daniel Slamanig and Raphael Spreitzer},
      title = {Privacy-Aware Authentication in the Internet of Things},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1110},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.