Technologies for the Internet of Things (IoT) are maturing, yet no common standards dictate their direction, leaving space for a plethora of research directions and opportunities. Among the most important IoT topics is security. When we design a robust system, it is important to know the available options for facing common tasks related to access control, authentication, and authorization. In this review, we systematically analyze 1622 peer-reviewed publications from October 2017 to December 2020 to find the taxonomy of security solutions. In addition, we assess and categorize current practices related to IoT security solutions, commonly involved technologies, and standards applied in recent research. This manuscript provides a practical road map to recent research, guiding the reader and providing an overview of recent research efforts.

Computer Science Baylor University One Bear Place 97141 Waco TX 76798 USA

Computer Science University of Wisconsin Milwaukee 3200 N Cramer St Milwaukee WI 53211 USA

Department of Computer Science Faculty of Electrical Engineering Czech Technical University Prague 121 35 Prague Czech Republic

Zobrazit více v PubMed

Loi F., Sivanathan A., Gharakheili H.H., Radford A., Sivaraman V. Proceedings of the 2017 Workshop on Internet of Things Security and Privacy (IoTS&P ’17) Association for Computing Machinery; New York, NY, USA: 2017. Systematically Evaluating Security and Privacy for Consumer IoT Devices; pp. 1–6. DOI

Anderson R., Moore T. The Economics of Information Security. Science. 2006;314:610–613. doi: 10.1126/science.1130992. PubMed DOI

Atzori L., Iera A., Morabito G. The Internet of Things: A survey. Comput. Netw. 2010;54:2787–2805. doi: 10.1016/j.comnet.2010.05.010. DOI

Alaba F.A., Othman M., Hashem I.A.T., Alotaibi F. Internet of Things security: A survey. J. Netw. Comput. Appl. 2017;88:10–28. doi: 10.1016/j.jnca.2017.04.002. DOI

binti Mohamad Noor M., Hassan W.H. Current research on Internet of Things (IoT) security: A survey. Comput. Netw. 2019;148:283–294. doi: 10.1016/j.comnet.2018.11.025. DOI

Trnka M., Cerny T., Stickney N. Survey of Authentication and Authorization for the Internet of Things. Secur. Commun. Netw. 2018;2018:4351603. doi: 10.1155/2018/4351603. DOI

Miloslavskaya N., Tolstoy A. Internet of Things: Information security challenges and solutions. Clust. Comput. 2019;22:103–119. doi: 10.1007/s10586-018-2823-6. DOI

Chanal P.M., Kakkasageri M.S. Security and Privacy in IoT: A Survey. Wirel. Pers. Commun. 2020;115:1667–1693. doi: 10.1007/s11277-020-07649-9. DOI

Al-Naji F.H., Zagrouba R. A survey on continuous authentication methods in Internet of Things environment. Comput. Commun. 2020;163:109–133. doi: 10.1016/j.comcom.2020.09.006. DOI

Tange K., De Donno M., Fafoutis X., Dragoni N. A Systematic Survey of Industrial Internet of Things Security: Requirements and Fog Computing Opportunities. IEEE Commun. Surv. Tutorials. 2020;22:2489–2520. doi: 10.1109/COMST.2020.3011208. DOI

Ibrahim S., Shukla V.K., Bathla R. Security Enhancement in Smart Home Management Through Multimodal Biometric and Passcode; Proceedings of the 2020 International Conference on Intelligent Engineering and Management (ICIEM); London, UK. 17–19 June 2020; pp. 420–424. DOI

Baruah B., Dhal S. An Efficient Authentication Scheme for Secure Communication between Industrial IoT Devices; Proceedings of the 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT); Kharagpur, India. 1–3 July 2020; pp. 1–7. DOI

Zulkipli N.H.N., Wills G.B. Proceedings of the Second International Conference on Internet of Things, Data and Cloud Computing (ICC ’17) Association for Computing Machinery; New York, NY, USA: 2017. An Event-Based Access Control for IoT. DOI

Chen Y.Y., Chen C.L., Lin C.L., Chiang C.T. Application of ECG Authentication in IoT-Based Systems; Proceedings of the 2018 International Conference on System Science and Engineering (ICSSE); New Taipei City, Taiwan. 28–30 June 2018; pp. 1–6. DOI

Kashmar N., Adda M., Atieh M., Ibrahim H. A New Dynamic Smart-AC Model Methodology to Enforce Access Control Policy in IoT Layers; Proceedings of the 1st International Workshop on Software Engineering Research & Practices for the Internet of Things (SERP4IoT ’19); Montreal, QC, Canada. 27 May 2019; pp. 21–24. DOI

Karimibiuki M., Aggarwal E., Pattabiraman K., Ivanov A. DynPolAC: Dynamic Policy-Based Access Control for IoT Systems; Proceedings of the 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC); Taipei, Taiwan. 4–8 December 2018; pp. 161–170. DOI

Chen H.C., Chang C.H., Leu F.Y. Implement of agent with role-based hierarchy access control for secure grouping IoTs; Proceedings of the 2017 14th IEEE Annual Consumer Communications Networking Conference (CCNC); Las Vegas, NV, USA. 8–11 January 2017; pp. 120–125. DOI

Olazabal O., Gofman M., Bai Y., Choi Y., Sandico N., Mitra S., Pham K. Multimodal Biometrics for Enhanced IoT Security; Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC); Las Vegas, NV, USA. 7–9 January 2019; pp. 0886–0893. DOI

Terkawi A., Innab N., al Amri S., Al-Amri A. Internet of Things (IoT) Increasing the Necessity to Adopt Specific Type of Access Control Technique; Proceedings of the 2018 21st Saudi Computer Society National Computer Conference (NCC); Riyadh, Saudi Arabia. 25–26 April 2018; pp. 1–5. DOI

Hoang N.M., Son H.X. Proceedings of the 3rd International Conference on Cryptography, Security and Privacy (ICCSP ’19) Association for Computing Machinery; New York, NY, USA: 2019. A Dynamic Solution for Fine-Grained Policy Conflict Resolution; pp. 116–120. DOI

Cattermole T., Docherty S., Pym D., Sasse M.A. Proceedings of the 9th International Conference on the Internet of Things (IoT 2019) Association for Computing Machinery; New York, NY, USA: 2019. Asset-Oriented Access Control: Towards a New IoT Framework. DOI

Mathew S., Saranya G. Advanced biometric home security system using digital signature and DNA cryptography; Proceedings of the 2017 International Conference on Innovations in Green Energy and Healthcare Technologies (IGEHT); Coimbatore, India. 16–18 March 2017; pp. 1–4. DOI

Jain P., Pötter H., Lee A.J., Mósse D. MAFIA: Multi-layered Architecture For IoT-based Authentication; Proceedings of the 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA); Atlanta, GA, USA. 28–31 October 2020; pp. 199–208. DOI

Guo Y., Zhang Z., Guo Y. Fog-Centric Authenticated Key Agreement Scheme Without Trusted Parties. IEEE Syst. J. 2020;15:5057–5066. doi: 10.1109/JSYST.2020.3022244. DOI

Renuka K.M., Kumari S., Zhao D., Li L. Design of a Secure Password-Based Authentication Scheme for M2M Networks in IoT Enabled Cyber-Physical Systems. IEEE Access. 2019;7:51014–51027. doi: 10.1109/ACCESS.2019.2908499. DOI

Kim Y., Nam J., Park T., Scott-Hayward S., Shin S. SODA: A software-defined security framework for IoT environments. Comput. Netw. 2019;163:106889. doi: 10.1016/j.comnet.2019.106889. DOI

Felde N.g., Grundner-Culemann S., Guggemos T. Authentication in dynamic groups using identity-based signatures; Proceedings of the 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob); Limassol, Cyprus. 15–17 October 2018; pp. 1–6. DOI

Mahbub T.N., Reza S.M.S., Hossain D.A., Raju M.H., Arifeen M.M., Ayob A. Proceedings of the International Conference on Computing Advancements (ICCA 2020) Association for Computing Machinery; New York, NY, USA: 2020. ANFIS Based Authentication Performance Evaluation for Enhancing Security in Internet of Things. DOI

Heydari M., Mylonas A., Katos V., Balaguer-Ballester E., Tafreshi V.H.F., Benkhelifa E. Uncertainty-Aware Authentication Model for Fog Computing in IoT; Proceedings of the 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC); Rome, Italy. 10–13 June 2019; pp. 52–59. DOI

Ning Z., Xu G., Xiong N., Yang Y., Shen C., Panaousis E., Wang H., Liang K. TAW: Cost-Effective Threshold Authentication With Weights for Internet of Things. IEEE Access. 2019;7:30112–30125. doi: 10.1109/ACCESS.2019.2902226. DOI

Leung H.M.C., Fu C.W., Heng P.A. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies. Volume 2. ACM; New York, NY, USA: 2018. TwistIn: Tangible Authentication of Smart Devices via Motion Co-Analysis with a Smartwatch; pp. 1–24. DOI

Burakgazi Bilgen M., Bicakci K. Extending Attribute-Based Access Control Model with Authentication Information for Internet of Things; Proceedings of the 2020 International Conference on Information Security and Cryptology (ISCTURKEY); Ankara, Turkey. 3–4 December 2020; pp. 48–55. DOI

Oh S.R., Kim Y.G., Cho S. An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role. Sensors. 2019;19:1884. doi: 10.3390/s19081884. PubMed DOI PMC

Dammak M., Boudia O.R.M., Messous M.A., Senouci S.M., Gransart C. Token-Based Lightweight Authentication to Secure IoT Networks; Proceedings of the 2019 16th IEEE Annual Consumer Communications Networking Conference (CCNC); Las Vegas, NV, USA. 11–14 January 2019; pp. 1–4. DOI

Nespoli P., Zago M., Celdran A.H., Perez M.G., Marmol F.G., Garcia Clernente F.J. A Dynamic Continuous Authentication Framework in IoT-Enabled Environments; Proceedings of the 2018 Fifth International Conference on Internet of Things: Systems, Management and Security; Valencia, Spain. 15–18 October 2018; pp. 131–138. DOI

Rothe L., Loske M., Gertler D.G. Proposing Context-Aware Authentication for the Industrial Internet of Things; Proceedings of the 2018 IEEE Global Conference on Internet of Things (GCIoT); Alexandria, Egypt. 5–7 December 2018; pp. 1–5. DOI

Ouaddah A., Mousannif H., Abou Elkalam A., Ait Ouahman A. Access control in the Internet of Things: Big challenges and new opportunities. Comput. Netw. 2017;112:237–262. doi: 10.1016/j.comnet.2016.11.007. DOI

Yan H., Wang Y., Jia C., Li J., Xiang Y., Pedrycz W. IoT-FBAC: Function-based access control scheme using identity-based encryption in IoT. Future Gener. Comput. Syst. 2019;95:344–353. doi: 10.1016/j.future.2018.12.061. DOI

Chiu W., Su C., Fan C.Y., Chen C.M., Yeh K.H. Authentication with What You See and Remember in the Internet of Things. Symmetry. 2018;10:537. doi: 10.3390/sym10110537. DOI

Phoka T., Phetsrikran T., Massagram W. Dynamic Keypad Security System with Key Order Scrambling Technique and OTP Authentication; Proceedings of the 2018 22nd International Computer Science and Engineering Conference (ICSEC); Chiang Mai, Thailand. 21–24 November 2018; pp. 1–4. DOI

Heydari M., Mylonas A., Tafreshi V.H.F., Benkhelifa E., Singh S. Known unknowns: Indeterminacy in authentication in IoT. Future Gener. Comput. Syst. 2020;111:278–287. doi: 10.1016/j.future.2020.03.005. DOI

Malavizhi N., Selarani N., Raj P. Adaptive fuzzy genetic algorithm for multi biometric authentication. Multimed Tools Appl. 2020;79:9131–9144. doi: 10.1007/s11042-019-7436-4. DOI

Sharif M., Mercelis S., Van Den Bergh W., Hellinckx P. Proceedings of the International Conference on Big Data and Internet of Thing (BDIOT2017) Association for Computing Machinery; New York, NY, USA: 2017. Towards Real-Time Smart Road Construction: Efficient Process Management through the Implementation of Internet of Things; pp. 174–180. DOI

Ashibani Y., Kauling D., Mahmoud Q.H. A context-aware authentication framework for smart homes; Proceedings of the 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE); Windsor, ON, Canada. 30 April–3 May 2017; pp. 1–5. DOI

Ulz T., Pieber T., Steger C., Holler A., Haas S., Matischek R. Automated Authentication Credential Derivation for the Secured Configuration of IoT Devices; Proceedings of the 2018 IEEE 13th International Symposium on Industrial Embedded Systems (SIES); Graz, Austria. 6–8 June 2018; pp. 1–8. DOI

Gebrie M.T., Abie H. Proceedings of the 11th European Conference on Software Architecture: Companion Proceedings (ECSA ’17) Association for Computing Machinery; New York, NY, USA: 2017. Risk-Based Adaptive Authentication for Internet of Things in Smart Home EHealth; pp. 102–108. DOI

Wang M., Yan Z. Privacy-Preserving Authentication and Key Agreement Protocols for D2D Group Communications. IEEE Trans. Ind. Inform. 2018;14:3637–3647. doi: 10.1109/TII.2017.2778090. DOI

Nespoli P., Zago M., Huertas Celdrán A., Gil Pérez M., Gómez Mármol F., García Clemente F.J. PALOT: Profiling and Authenticating Users Leveraging Internet of Things. Sensors. 2019;19:2832. doi: 10.3390/s19122832. PubMed DOI PMC

Ghosh N., Chandra S., Sachidananda V., Elovici Y. SoftAuthZ: A Context-Aware, Behaviour-Based Authorization Framework for Home IoT. IEEE Int. Things J. 2019;6:10773–10785. doi: 10.1109/JIOT.2019.2941767. DOI

Gad R., Abd El-Latif A.A., Elseuofi S., Ibrahim H.M., Elmezain M., Said W. IoT Security Based on Iris Verification Using Multi-Algorithm Feature Level Fusion Scheme; Proceedings of the 2019 2nd International Conference on Computer Applications Information Security (ICCAIS); Riyadh, Saudi Arabia. 1–3 May 2019; pp. 1–6. DOI

Mbarek B., Buhnova B., Pitner T. SeMLAS: An Efficient Secure Multi-Level Authentication Scheme for IoT-Based Smart Home Systems; Proceedings of the 2019 15th International Wireless Communications Mobile Computing Conference (IWCMC); Tangier, Morocco. 24–28 June 2019; pp. 1373–1378. DOI

Hasan A., Qureshi K. Internet of Things Device Authentication Scheme Using Hardware Serialization; Proceedings of the 2018 International Conference on Applied and Engineering Mathematics (ICAEM); Taxila, Pakistan. 4–5 September 2018; pp. 109–114. DOI

Arfaoui A., Cherkaoui S., Kribeche A., Senouci S.M., Hamdi M. Context-Aware Adaptive Authentication and Authorization in Internet of Things; Proceedings of the ICC 2019—2019 IEEE International Conference on Communications (ICC); Shanghai, China. 20–24 May 2019; pp. 1–6. DOI

Murphy J., Howells G., McDonald-Maier K.D. Multi-factor authentication using accelerometers for the Internet-of-Things; Proceedings of the 2017 Seventh International Conference on Emerging Security Technologies (EST); Canterbury, UK. 6–8 September 2017; pp. 103–107. DOI

Durand A., Gremaud P., Pasquier J. Proceedings of the Seventh International Conference on the Internet of Things (IoT ’17) Association for Computing Machinery; New York, NY, USA: 2017. Decentralized Web of Trust and Authentication for the Internet of Things. DOI

Pallavi K.N., Ravi Kumar V. Authentication-based Access Control and Data Exchanging Mechanism of IoT Devices in Fog Computing Environment. Wirel. Pers. Commun. 2020;116:3039–3060. doi: 10.1007/s11277-020-07834-w. DOI

Saadeh M., Sleit A., Sabri K.E., Almobaideen W. Hierarchical architecture and protocol for mobile object authentication in the context of IoT smart cities. J. Netw. Comput. Appl. 2018;121:1–19. doi: 10.1016/j.jnca.2018.07.009. DOI

Carnley P.R., Rowland P., Bishop D., Bagui S., Miller M. Trusted Digital Identities for Mobile Devices; Proceedings of the 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech); Calgary, AB, Canada. 17–22 August 2020; pp. 483–490. DOI

Chifor B.C., Bica I., Patriciu V.V., Pop F. A security authorization scheme for smart home Internet of Things devices. Future Gener. Comput. Syst. 2018;86:740–749. doi: 10.1016/j.future.2017.05.048. DOI

Batool S., Hassan A., Saqib N.A., Khattak M.A.K. Authentication of Remote IoT Users Based on Deeper Gait Analysis of Sensor Data. IEEE Access. 2020;8:101784–101796. doi: 10.1109/ACCESS.2020.2998412. DOI

Gamundani A.M., Phillips A., MUYINGI H.N. Privacy Preservation and Security Dilemma: Relationship proposition for IoT authentication; Proceedings of the 2018 International Conference on Recent Innovations in Electrical, Electronics Communication Engineering (ICRIEECE); Bhubaneswar, India. 27–28 July 2018; pp. 363–367. DOI

Chauhan J., Rajasegaran J., Seneviratne S., Misra A., Seneviratne A., Lee Y. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies. Volume 2. ACM; New York, NY, USA: 2018. Performance Characterization of Deep Learning Models for Breathing-Based Authentication on Resource-Constrained Devices; pp. 1–24. DOI

Sharaf Dabbagh Y., Saad W. Authentication of Wireless Devices in the Internet of Things: Learning and Environmental Effects. IEEE Int. Things J. 2019;6:6692–6705. doi: 10.1109/JIOT.2019.2910233. DOI

Ali I., Asif M. Applying security patterns for authorization of users in IoT based applications; Proceedings of the 2018 International Conference on Engineering and Emerging Technologies (ICEET); Lahore, Pakistan. 22–23 February 2018; pp. 1–5. DOI

Wallis K., Merzinger M., Reich C., Schindelhauer C. Proceedings of the 10th International Conference on Advances in Information Technology (IAIT 2018) Association for Computing Machinery; New York, NY, USA: 2018. A Security Model Based Authorization Concept for OPC Unified Architecture. DOI

Krašovec A., Pellarini D., Geneiatakis D., Baldini G., Pejović V. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies. Volume 4. ACM; New York, NY, USA: 2020. Not Quite Yourself Today: Behaviour-Based Continuous Authentication in IoT Environments; pp. 1–29. DOI

Yang S.K., Shiue Y.M., Su Z.Y., Liu C.G. A Novel Authentication Scheme Against Node Captured Attack in WSN for Healthcare Scene; Proceedings of the 2019 IEEE Eurasia Conference on Biomedical Engineering, Healthcare and Sustainability (ECBIOS); Okinawa, Japan. 31 May–3 June 2019; pp. 39–42. DOI

Sahoo S., Sahoo S.S., Maiti P., Sahoo B., Turuk A.K. A Lightweight Authentication Scheme for Cloud-Centric IoT Applications; Proceedings of the 2019 6th International Conference on Signal Processing and Integrated Networks (SPIN); Noida, India. 7–8 March 2019; pp. 1024–1029. DOI

Zhu X., Badr Y., Pacheco J., Hariri S. Autonomic Identity Framework for the Internet of Things; Proceedings of the 2017 International Conference on Cloud and Autonomic Computing (ICCAC); Tucson, AZ, USA. 18–22 September 2017; pp. 69–79. DOI

Das A.K., Wazid M., Kumar N., Vasilakos A.V., Rodrigues J.J.P.C. Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment. IEEE Int. Things J. 2018;5:4900–4913. doi: 10.1109/JIOT.2018.2877690. DOI

Khan R. Dynamically Configurable Architecture for User Identification and Authentication for Internet of Things Platform; Proceedings of the 2019 International Conference on Electrical, Computer and Communication Engineering (ECCE); Cox’sBazar, Bangladesh. 7–9 February 2019; pp. 1–8. DOI

Chien H.Y. Group-Oriented Range-Bound Key Agreement for Internet of Things Scenarios. IEEE Int. Things J. 2018;5:1890–1903. doi: 10.1109/JIOT.2018.2817075. DOI

Aski V.J., Gupta S., Sarkar B. An Authentication-Centric Multi-Layered Security Model for Data Security in IoT-Enabled Biomedical Applications; Proceedings of the 2019 IEEE 8th Global Conference on Consumer Electronics (GCCE); Osaka, Japan. 15–18 October 2019; pp. 957–960. DOI

Alkhresheh A., Elgazzar K., Hassanein H.S. DACIoT: Dynamic Access Control Framework for IoT Deployments. IEEE Int. Things J. 2020;7:11401–11419. doi: 10.1109/JIOT.2020.3002709. DOI

Ethelbert O., Moghaddam F.F., Wieder P., Yahyapour R. A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications; Proceedings of the 2017 IEEE 5th International Conference on Future Internet of Things and Cloud (FiCloud); Prague, Czech Republic. 21–23 August 2017; pp. 47–53. DOI

Sun F., Mao C., Fan X., Li Y. Accelerometer-Based Speed-Adaptive Gait Authentication Method for Wearable IoT Devices. IEEE Int. Things J. 2019;6:820–830. doi: 10.1109/JIOT.2018.2860592. DOI

Shayan M., Naser M., Hossein G. IoT-Based Anonymous Authentication Protocol Using Biometrics in Smart Homes; Proceedings of the 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC); Mashhad, Iran. 28–29 August 2019; pp. 114–121. DOI

Elganzoury H.S., Abdelhafez A.A., Hegazy A.A. A new secure one-time password algorithm for mobile applications; Proceedings of the 2018 35th National Radio Science Conference (NRSC); Cairo, Egypt. 20–22 March 2018; pp. 249–257. DOI

Oh S.R., Kim Y.G. Development of IoT security component for interoperability; Proceedings of the 2017 13th International Computer Engineering Conference (ICENCO); Cairo, Egypt. 27–28 December 2017; pp. 41–44. DOI

Zhou L., Su C., Chiu W., Yeh K.H. You Think, Therefore You Are: Transparent Authentication System with Brainwave-Oriented Bio-Features for IoT Networks. IEEE Trans. Emerg. Top. Comput. 2020;8:303–312. doi: 10.1109/TETC.2017.2759306. DOI

Oh S.R., Kim Y.G. AFaaS: Authorization framework as a service for Internet of Things based on interoperable OAuth. Int. J. Distrib. Sens. Netw. 2020;16:1550147720906388. doi: 10.1177/1550147720906388. DOI

Belk M., Fidas C., Pitsillides A. Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems (CHI EA ’19) Association for Computing Machinery; New York, NY, USA: 2019. FlexPass: Symbiosis of Seamless User Authentication Schemes in IoT; pp. 1–6. DOI

Hassan M., Mansoor K., Tahir S., Iqbal W. Enhanced Lightweight Cloud-assisted Mutual Authentication Scheme for Wearable Devices; Proceedings of the 2019 International Conference on Applied and Engineering Mathematics (ICAEM); Taxila, Pakistan. 27–29 August 2019; pp. 62–67. DOI

Kaliya N., Hussain M. Framework for privacy preservation in iot through classification and access control mechanisms; Proceedings of the 2017 2nd International Conference for Convergence in Technology (I2CT); Mumbai, India. 7–9 April 2017; pp. 430–434. DOI

Wazid M., Das A.K., Khan M.K., Al-Ghaiheb A.A.D., Kumar N., Vasilakos A.V. Secure Authentication Scheme for Medicine Anti-Counterfeiting System in IoT Environment. IEEE Int. Things J. 2017;4:1634–1646. doi: 10.1109/JIOT.2017.2706752. DOI

Shah R.H., Salapurkar D.P. A multifactor authentication system using secret splitting in the perspective of Cloud of Things; Proceedings of the 2017 International Conference on Emerging Trends Innovation in ICT (ICEI); Pune, India. 3–5 February 2017; pp. 1–4. DOI

Amoon M., Altameem T., Altameem A. RRAC: Role based reputed access control method for mitigating malicious impact in intelligent IoT platforms. Comput. Commun. 2020;151:238–246. doi: 10.1016/j.comcom.2020.01.011. DOI

Yazdanpanah H., Azizi M., Pournaghi S.M. A Secure and Improved Authentication Scheme for Heterogeneous Wireless Sensor Networks in the Internet of Things Environment; Proceedings of the 2020 17th International ISC Conference on Information Security and Cryptology (ISCISC); Tehran, Iran. 9–10 September 2020; pp. 36–43. DOI

Barbareschi M., De Benedictis A., La Montagna E., Mazzeo A., Mazzocca N. PUF-Enabled Authentication-as-a-Service in Fog-IoT Systems; Proceedings of the 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE); Napoli, Italy. 12–14 June 2019; pp. 58–63. DOI

Loske M., Rothe L., Gertler D.G. Context-Aware Authentication: State-of-the-Art Evaluation and Adaption to the IIoT; Proceedings of the 2019 IEEE 5th World Forum on Internet of Things (WF-IoT); Limerick, Ireland. 15–18 April 2019; pp. 64–69. DOI

Shahzad M., Singh M.P. Continuous Authentication and Authorization for the Internet of Things. IEEE Int. Comput. 2017;21:86–90. doi: 10.1109/MIC.2017.33. DOI

Rattanalerdnusorn E., Thaenkaew P., Vorakulpipat C. Security Implementation For Authentication In Iot Environments; Proceedings of the 2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS); Singapore. 23–25 February 2019; pp. 678–681. DOI

Prathibha L., Fatima K. Exploring Security and Authentication Issues in Internet of Things; Proceedings of the 2018 Second International Conference on Intelligent Computing and Control Systems (ICICCS); Madurai, India. 14–15 June 2018; pp. 673–678. DOI

Whaiduzzaman M., Oliullah K., Mahi M.J.N., Barros A. AUASF: An Anonymous Users Authentication Scheme for Fog-IoT Environment; Proceedings of the 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT); Kharagpur, India. 1–3 July 2020; pp. 1–7. DOI

Liu H., Li J., Gu D. Understanding the security of app-in-the-middle IoT. Comput. Secur. 2020;97:102000. doi: 10.1016/j.cose.2020.102000. DOI

El Kalam A.A., Outchakoucht A., Es-Samaali H. Proceedings of the 1st International Conference on Digital Tools & Uses Congress (DTUC ’18) Association for Computing Machinery; New York, NY, USA: 2018. Emergence-Based Access Control: New Approach to Secure the Internet of Things. DOI

Genç D., Tomur E., Erten Y.M. Context-Aware Operation-Based Access Control for Internet of Things Applications; Proceedings of the 2019 International Symposium on Networks, Computers and Communications (ISNCC); Istanbul, Turkey. 18–20 June 2019; pp. 1–6. DOI

Ashibani Y., Kauling D., Mahmoud Q.H. A context-aware authentication service for smart homes; Proceedings of the 2017 14th IEEE Annual Consumer Communications Networking Conference (CCNC); Las Vegas, NV, USA. 8–11 January 2017; pp. 588–589. DOI

Bhatt S., Sandhu R. Proceedings of the 25th ACM Symposium on Access Control Models and Technologies (SACMAT ’20) Association for Computing Machinery; New York, NY, USA: 2020. ABAC-CC: Attribute-Based Access Control and Communication Control for Internet of Things; pp. 203–212. DOI

Pal S., Hitchens M., Varadharajan V., Rabehaja T. Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous 2017) Association for Computing Machinery; New York, NY, USA: 2017. On Design of A Fine-Grained Access Control Architecture for Securing IoT-Enabled Smart Healthcare Systems; pp. 432–441. DOI

Miettinen M., Nguyen T.D., Sadeghi A.R., Asokan N. Proceedings of the 55th Annual Design Automation Conference (DAC ’18) Association for Computing Machinery; New York, NY, USA: 2018. Revisiting Context-Based Authentication in IoT. DOI

Lu C.X., Li Y., Xiangli Y., Li Z. Proceedings of The Web Conference 2020 (WWW ’20) Association for Computing Machinery; New York, NY, USA: 2020. Nowhere to Hide: Cross-Modal Identity Leakage between Biometrics and Devices; pp. 212–223. DOI

Gupta M., Benson J., Patwa F., Sandhu R. Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy (CODASPY ’19) Association for Computing Machinery; New York, NY, USA: 2019. Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart Cars; pp. 61–72. DOI

Salama U., Yao L., Wang X., Paik H.Y., Beheshti A. Multi-Level Privacy-Preserving Access Control as a Service for Personal Healthcare Monitoring; Proceedings of the 2017 IEEE International Conference on Web Services (ICWS); Honolulu, HI, USA. 25–30 June 2017; pp. 878–881. DOI

Blue L., Abdullah H., Vargas L., Traynor P. 2MA: Verifying Voice Commands via Two Microphone Authentication (ASIACCS ’18) Association for Computing Machinery; New York, NY, USA: 2018. pp. 89–100. DOI

Islam S.M.R., Hossain M., Hasan R., Duong T.Q. A conceptual framework for an IoT-based health assistant and its authorization model; Proceedings of the 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC); Las Vegas, NV, USA. 8–10 January 2018; pp. 616–621. DOI

Srinivas J., Das A.K., Wazid M., Kumar N. Anonymous Lightweight Chaotic Map-Based Authenticated Key Agreement Protocol for Industrial Internet of Things. IEEE Trans. Depend. Secur. Comput. 2020;17:1133–1146. doi: 10.1109/TDSC.2018.2857811. DOI

Pal S., Hitchens M., Varadharajan V. Towards the Design of a Trust Management Framework for the Internet of Things; Proceedings of the 2019 13th International Conference on Sensing Technology (ICST); Sydney, NSW, Australia. 2–4 December 2019; pp. 1–7. DOI

Atlam H.F., Wills G.B. An efficient security risk estimation technique for Risk-based access control model for IoT. Int. Things. 2019;6:100052. doi: 10.1016/j.iot.2019.100052. DOI

Khalil A., Mbarek N., Togni O. IoT-MAAC: Multiple Attribute Access Control for IoT environments; Proceedings of the 2020 IEEE 17th Annual Consumer Communications Networking Conference (CCNC); Las Vegas, NV, USA. 10–13 January 2020; pp. 1–6. DOI

Djilali H.B., Tandjaoui D., Khemissa H. Enhanced dynamic team access control for collaborative Internet of Things using context. Trans. Emerg. Telecommun. Technol. 2020;32:e4083. doi: 10.1002/ett.4083. DOI

Van hamme T., Preuveneers D., Joosen W. Proceedings of the 4th Workshop on Middleware and Applications for the Internet of Things (M4IoT ’17) Association for Computing Machinery; New York, NY, USA: 2017. A Dynamic Decision Fusion Middleware for Trustworthy Context-Aware IoT Applications; pp. 1–6. DOI

Schuster R., Shmatikov V., Tromer E. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18) Association for Computing Machinery; New York, NY, USA: 2018. Situational Access Control in the Internet of Things; pp. 1056–1073. DOI

Aliane L., Adda M. HoBAC: Toward a Higher-order Attribute-Based Access Control Model. Procedia Comput. Sci. 2019;155:303–310. doi: 10.1016/j.procs.2019.08.044. DOI

Nakouri I., Hamdi M., Kim T.H. A Key Management Scheme for IoT-Based Video Surveillance Systems Based on Fingerprints; Proceedings of the 2018 IEEE 27th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE); Paris, France. 27–29 June 2018; pp. 100–105. DOI

Ranaweera P., Imrith V.N., Liyanag M., Jurcut A.D. Security as a Service Platform Leveraging Multi-Access Edge Computing Infrastructure Provisions; Proceedings of the ICC 2020—2020 IEEE International Conference on Communications (ICC); Dublin, Ireland. 7–11 June 2020; pp. 1–6. DOI

Selvarani P., Suresh A., Malarvizhi N. Secure and optimal authentication framework for cloud management using HGAPSO algorithm. Clust. Comput. 2019;22:4007–4016. doi: 10.1007/s10586-018-2609-x. DOI

Aski V., Dhaka V.S., Kumar S., Parashar A., Ladagi A. A Multi-Factor Access Control and Ownership Transfer Framework for Future Generation Healthcare Systems; Proceedings of the 2020 Sixth International Conference on Parallel, Distributed and Grid Computing (PDGC); Waknaghat, India. 6–8 November 2020; pp. 93–98. DOI

Ahmed S., Mahmood Q. An authentication based scheme for applications using JSON web token; Proceedings of the 2019 22nd International Multitopic Conference (INMIC); Islamabad, Pakistan. 29–30 November 2019; pp. 1–6. DOI

Lupascu C., Lupascu A., Bica I. DLT Based Authentication Framework for Industrial IoT Devices. Sensors. 2020;20:2621. doi: 10.3390/s20092621. PubMed DOI PMC

Krishnan K.N., Jenu R., Joseph T., Silpa M.L. Blockchain Based Security Framework for IoT Implementations; Proceedings of the 2018 International CET Conference on Control, Communication, and Computing (IC4); Thiruvananthapuram, India. 5–7 July 2018; pp. 425–429. DOI

Jonnada S., Dantu R., Shrestha P., Ranasinghe I., Widick L. An OAuth-Based Authorization Framework for Access Control in Remote Collaboration Systems; Proceedings of the 2018 National Cyber Summit (NCS); Huntsville, AL, USA. 5–7 June 2018; pp. 38–44. DOI

Gebresilassie S.K., Rafferty J., Morrow P., Chen L., Abu-Tair M., Cui Z. Distributed, Secure, Self-Sovereign Identity for IoT Devices; Proceedings of the 2020 IEEE 6th World Forum on Internet of Things (WF-IoT); New Orleans, LA, USA. 2–16 June 2020; pp. 1–6. DOI

Martínez J.A., Hernández-Ramos J.L., Beltrán V., Skarmeta A., Ruiz P.M. A user-centric Internet of Things platform to empower users for managing security and privacy concerns in the Internet of Energy. Int. J. Distrib. Sens. Netw. 2017;13:1550147717727974. doi: 10.1177/1550147717727974. DOI

Colombo P., Ferrari E. Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies (SACMAT ’18) Association for Computing Machinery; New York, NY, USA: 2018. Access Control Enforcement within MQTT-Based Internet of Things Ecosystems; pp. 223–234. DOI

Rech A., Pistauer M., Steger C. A Novel Embedded Platform for Secure and Privacy-Concerned Cross-Domain Service Access; Proceedings of the 2019 IEEE Intelligent Vehicles Symposium (IV); Paris, France. 9–12 June 2019; pp. 1961–1967. DOI

Lee S., Choi J., Kim J., Cho B., Lee S., Kim H., Kim J. Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies (SACMAT ’17 Abstracts) Association for Computing Machinery; New York, NY, USA: 2017. FACT: Functionality-Centric Access Control System for IoT Programming Frameworks; pp. 43–54. DOI

Hazra S. Smart ATM Service; Proceedings of the 2019 Devices for Integrated Circuit (DevIC); Kalyani, India. 23–24 March 2019; pp. 226–230. DOI

Tandon L., Fong P.W.L., Safavi-Naini R. Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies (SACMAT ’18) Association for Computing Machinery; New York, NY, USA: 2018. HCAP: A History-Based Capability System for IoT Devices; pp. 247–258. DOI

Wen Shieng P.S., Jansen J., Pemberton S. Fine-grained Access Control Framework for Igor, a Unified Access Solution to The Internet of Things. Procedia Comput. Sci. 2018;134:385–392. doi: 10.1016/j.procs.2018.07.194. DOI

Xiong S., Ni Q., Wang L., Wang Q. SEM-ACSIT: Secure and Efficient Multiauthority Access Control for IoT Cloud Storage. IEEE Int. Things J. 2020;7:2914–2927. doi: 10.1109/JIOT.2020.2963899. DOI

Wu F., Li X., Xu L., Sangaiah A.K., Rodrigues J.J. Authentication Protocol for Distributed Cloud Computing: An Explanation of the Security Situations for Internet-of-Things-Enabled Devices. IEEE Consum. Electron. Mag. 2018;7:38–44. doi: 10.1109/MCE.2018.2851744. DOI

Han Z., Liu L., Liu Z. Proceedings of the ACM Turing Celebration Conference—China (ACM TURC ’19) Association for Computing Machinery; New York, NY, USA: 2019. An Efficient Access Control Scheme for Smart Lock Based on Asynchronous Communication. DOI

Fremantle P., Aziz B. Cloud-based federated identity for the Internet of Things. Ann. Telecommun. 2018;73:415–427. doi: 10.1007/s12243-018-0641-8. DOI

Ben Daoud W., Meddeb-Makhlouf A., Zarai F. A Trust-based Access Control Scheme for e-Health Cloud; Proceedings of the 2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA); Aqaba, Jordan. 28 October–1 November 2018; pp. 1–7. DOI

Cui J., Wang F., Zhang Q., Xu Y., Zhong H. An Anonymous Message Authentication Scheme for Semi-trusted Edge-enabled IIoT. IEEE Trans. Ind. Electron. 2020;68:12921–12929. doi: 10.1109/TIE.2020.3039227. DOI

Vorakulpipat C., Takahashi T., Rattanalerdnusorn E., Thaenkaew P., Inoue D. Usable and Secure Cloud-based Biometric Authentication Solution for IoT Devices; Proceedings of the 2018 IEEE Symposium on Computers and Communications (ISCC); Natal, Brazil. 25–28 June 2018; pp. 274–277. DOI

Li G. Proceedings of the 2020 International Conference on Aviation Safety and Information Technology (ICASIT 2020) Association for Computing Machinery; New York, NY, USA: 2020. Security Architecture of Computer Communication System Based on Internet of Things; pp. 693–697. DOI

Gur S., Demir S., Simsek S., Levi A. Proceedings of the 13th International Conference on Security of Information and Networks (SIN 2020) Association for Computing Machinery; New York, NY, USA: 2020. Secure and Privacy-Aware Gateway for Home Automation Systems. DOI

Gong B., Wang Y., Liu X., Qi F., Sun Z. A trusted attestation mechanism for the sensing nodes of Internet of Things based on dynamic trusted measurement. China Commun. 2018;15:100–121. doi: 10.1109/CC.2018.8300276. DOI

Gwak B., Cho J.H., Lee D., Son H. TARAS: Trust-Aware Role-Based Access Control System in Public Internet-of-Things; Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE); New York, NY, USA. 1–3 August 2018; pp. 74–85. DOI

Chen H.C. Collaboration IoT-Based RBAC with Trust Evaluation Algorithm Model for Massive IoT Integrated Application. Mob. Netw. Appl. 2019;24:839–852. doi: 10.1007/s11036-018-1085-0. DOI

Foundation P.S. Pdftotext. 2021. [(accessed on 12 July 2021)]. Available online: https://pypi.org/project/pdftotext/

Foundation P.S. Rake-Nltk. 2021. [(accessed on 12 July 2021)]. Available online: https://pypi.org/project/rake-nltk/

Jin X., Krishnan R., Sandhu R. A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. In: Cuppens-Boulahia N., Cuppens F., Garcia-Alfaro J., editors. Data and Applications Security and Privacy XXVI. Springer; Berlin/Heidelberg, Germany: 2012. pp. 41–55.

Ferraiolo D., Kuhn R. Role-Based Access Control; Proceedings of the 15th National Computer Security Conference; Baltimore, MD, USA. 13–16 October 1992; pp. 554–556.

Rosslin J., Robles R., Kim T.H. Review: Context Aware Tools for Smart Home Development. Int. J. Smart Home. 2010;4:1–12.

Jones M., Bradley J., Sakimura N. JSON Web Token (JWT). RFC 7519, RFC Editor. 2015. [(accessed on 12 July 2021)]. Available online: http://www.rfc-editor.org/rfc/rfc7519.txt.

Wohlin C., Runeson P., Höst M., Ohlsson M.C., Regnell B., Wesslén A. Experimentation in Software Engineering. Springer Science & Business Media; Berlin/Heidelberg, Germany: 2012.