Abstract
Usable Identity and Access Management (IAM) schemes are highly required to control and track users’ identity and access privileges for a safe and secure smart city. Any safety or security breach in critical infrastructures, e.g., smart financial solutions, smart transportation, and smart buildings, can disrupt the normal life of its residents. Studies have reported that traditional knowledge- and token-based IAM schemes are unable to fully secure these emerging use cases due to inherent security and usability issues in them. This chapter presents multi-modal biometric-based IAM schemes for smart payment apps, smart transportation, and smart buildings that can partially address the safety and security concerns of residents. We also describe the framework for designing risk-based, implicit, or continuous verification IAM schemes for such use cases.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aldawood H, Skinner G (2018) Educating and raising awareness on cyber security social engineering: a literature review. In: Proceedings of the IEEE international conference on teaching, assessment, and learning for engineering (TALE). IEEE, pp 62–68
Android: motion sensors. https://developer.android.com/guide/topics/sensors/sensors_motion. Accessed on 20 Feb 2022
Antonakakis, M.: Understanding the Mirai botnet. In: Proceedings of the 26th USENIX security symposium, pp 1093–1110 (2017)
BBC (2015) Uber driver background checks not good enough. http://www.bbc.com/news/technology-34002051. Accessed 20 Feb 2022. Online web resource
Binbeshr F, Kiah MM, Por LY, Zaidan AA (2021) A systematic review of pin-entry methods resistant to shoulder-surfing attacks. Comput Secur 101:102116
Braz C, Seffah A, Naqvi B (2018) Integrating a usable security protocol into user authentication services design process
Buriro A, Gupta S, Yautsiukhin A, Crispo B (2021) Risk-driven behavioral biometric-based one-shot-cum-continuous user authentication scheme. J Signal Process Syst
Choi H, Kwon H, Hur J (2015) A secure OTP algorithm using a smartphone application. In: Proceedings of the 7th international conference on ubiquitous and future networks. IEEE, pp 476–481
Dasgupta D, Roy A, Nag A et al (2017) Advances in user authentication
Dilraj M, Nimmy K, Sankaran S (2019) Towards behavioral profiling based anomaly detection for smart homes. In: Proceedings of the TENCON 2019-2019 IEEE region 10 conference (TENCON). IEEE, pp 1258–1263
Edwards M, Xie X (2014) Footstep pressure signal analysis for human identification. In: Proceedings of the 7th international conference on biomedical engineering and informatics. IEEE, pp 307–312
El-Hajj M, Fadlallah A, Chamoun M, Serhrouchni A (2019) A survey of internet of things (IoT) authentication schemes. Sensors 19(5):1141
Gamundani AM, Phillips A, Muyingi HN (2018) An overview of potential authentication threats and attacks on internet of things (IoT): a focus on smart home applications. In: Proceedings of the IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData). IEEE, pp 50–57
Gupta S (2020) Next-generation user authentication schemes for IoT applications. PhD thesis, DISI, Univeristy of Trento, Italy
Gupta S, Buriro A, Crispo B (2019) Driverauth: a risk-based multi-modal biometric-based driver authentication scheme for ride-sharing platforms. Comput Secur 83:122–139
Gupta S, Camilli M, Papaioannou M (2022) Provenance navigator: towards more usable privacy & data management strategies for smart apps. In: Proceedings of the 11th international workshop on socio-technical aspects in security, affiliated with the 26th European symposium on research in computer security (ESORICS 2021). Springer, pp 1–17
Gupta S, Kacimi M, Crispo B (2022) Step & turn—a novel bimodal behavioral biometric-based user verification scheme for physical access control. Comput Secur
ISO9000:2015 (2015) Quality management systems—fundamentals and vocabulary. https://www.iso.org/obp/ui/iso:std:iso:9000:ed-4:v1:en. Accessed on 20 Feb 2022. Online web resource
ISO/IEC24741:2018(en) (2018) Information technology—biometrics—overview and application. https://www.iso.org/obp/ui/iso:std:iso-iec:tr:24741:ed-2:v1:en
Jain AK, Deb D, Engelsma JJ (2021) Biometrics: trust, but verify. IEEE Trans Biom Behav Identity Sci
Kannala J, Rahtu E (2012) Bsif: binarized statistical image features. In: Proceedings of the 21st international conference on pattern recognition (ICPR). IEEE, pp 1363–1366
Krašovec A, Pellarini D, Geneiatakis D, Baldini G, Pejović V (2020) Not quite yourself today: behaviour-based continuous authentication in IoT environments. Proc ACM Interact Mob Wearable Ubiquitous Technol 4(4):1–29
Li W, Wang P (2019) Two-factor authentication in industrial internet-of-things: attacks, evaluation and new construction. Futur Gener Comput Syst 101:694–708
Liang X, Kim Y (2021) A survey on security attacks and solutions in the IoT network. In: Proceedings of the 11th annual computing and communication workshop and conference (CCWC). IEEE, pp 0853–0859
Ling Z, Liu K, Xu Y, Jin Y, Fu X (2017) An end-to-end view of IoT security and privacy. In: Proceedings of the GLOBECOM 2017—2017 IEEE global communications conference, pp 1–7
McCool C, Marcel S, Hadid A, Pietikäinen M, Matejka P, Cernockỳ J, Poh N, Kittler J, Larcher A, Levy C et al (2012) Bi-modal person recognition on a mobile phone: using mobile phone data. In: Proceedings of international conference on multimedia and expo workshops (ICMEW). IEEE, pp 635–640
Pires I, Garcia N, Pombo N, FlĂłrez-Revuelta F (2016) From data acquisition to data fusion: a comprehensive review and a roadmap for the identification of activities of daily living using mobile devices. Sensors 16(2):184
Ponnusamy V, Regunathan ND, Kumar P, Annur R, Rafique K (2020) A review of attacks and countermeasures in internet of things and cyber physical systems. Industrial internet of things and cyber-physical systems: transforming the conventional to digital, pp 1–24
Project OMS (2020) Owasp mobile security project. https://owasp.org/www-project-mobile-security/. Accessed 20 Feb 2022. Online web resource
Ross A, Banerjee S, Chowdhury A (2020) Security in smart cities: a brief review of digital forensic schemes for biometric data. Pattern Recognit Lett 138:346–354
Shila DM, Srivastava K (2018) Castra: seamless and unobtrusive authentication of users to diverse mobile services. IEEE Internet Things J 5(5):4042–4057
Ten CW, Manimaran G, Liu CC (2010) Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern Part A Syst Hum 40(4):853–865
Van Oorschot PC (2021) User authentication-passwords, biometrics and alternatives. In: Proceedings of the computer security and the internet. Springer, Cham, pp 55–90
Verizon. Data breach investigations report. https://enterprise.verizon.com/content/verizonenterprise/us/en/index/resources/reports/2021-dbir-executive-brief.pdf. Accessed on 20 Feb 2022. Online web resource
Whosdrivingyou (2018) Reported list of incidents involving uber and lyft. http://www.whosdrivingyou.org/rideshare-incidents. Accessed on 20 Feb 2022. Online web resource
Zhang K, Ni J, Yang K, Liang X, Ren J, Shen XS (2017) Security and privacy in smart city applications: challenges and solutions. IEEE Commun Mag 55(1):122–129
Zimmermann V, Gerber N (2020) The password is dead, long live the password—a laboratory study on user perceptions of authentication schemes. Int J Hum Comput Stud 133:26–44
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gupta, S., Crispo, B. (2023). Usable Identity and Access Management Schemes for Smart Cities. In: Dimitrakos, T., Lopez, J., Martinelli, F. (eds) Collaborative Approaches for Cyber Security in Cyber-Physical Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-16088-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-16088-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16087-5
Online ISBN: 978-3-031-16088-2
eBook Packages: Computer ScienceComputer Science (R0)