Skip to main content
SpringerLink
Log in

Usable Identity and Access Management Schemes for Smart Cities

  • Chapter
  • First Online:
Collaborative Approaches for Cyber Security in Cyber-Physical Systems

  • 350 Accesses

Abstract

Usable Identity and Access Management (IAM) schemes are highly required to control and track users’ identity and access privileges for a safe and secure smart city. Any safety or security breach in critical infrastructures, e.g., smart financial solutions, smart transportation, and smart buildings, can disrupt the normal life of its residents. Studies have reported that traditional knowledge- and token-based IAM schemes are unable to fully secure these emerging use cases due to inherent security and usability issues in them. This chapter presents multi-modal biometric-based IAM schemes for smart payment apps, smart transportation, and smart buildings that can partially address the safety and security concerns of residents. We also describe the framework for designing risk-based, implicit, or continuous verification IAM schemes for such use cases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aldawood H, Skinner G (2018) Educating and raising awareness on cyber security social engineering: a literature review. In: Proceedings of the IEEE international conference on teaching, assessment, and learning for engineering (TALE). IEEE, pp 62–68

    Google Scholar 

  2. Android: motion sensors. https://developer.android.com/guide/topics/sensors/sensors_motion. Accessed on 20 Feb 2022

  3. Antonakakis, M.: Understanding the Mirai botnet. In: Proceedings of the 26th USENIX security symposium, pp 1093–1110 (2017)

    Google Scholar 

  4. BBC (2015) Uber driver background checks not good enough. http://www.bbc.com/news/technology-34002051. Accessed 20 Feb 2022. Online web resource

  5. Binbeshr F, Kiah MM, Por LY, Zaidan AA (2021) A systematic review of pin-entry methods resistant to shoulder-surfing attacks. Comput Secur 101:102116

    Google Scholar 

  6. Braz C, Seffah A, Naqvi B (2018) Integrating a usable security protocol into user authentication services design process

    Google Scholar 

  7. Buriro A, Gupta S, Yautsiukhin A, Crispo B (2021) Risk-driven behavioral biometric-based one-shot-cum-continuous user authentication scheme. J Signal Process Syst

    Google Scholar 

  8. Choi H, Kwon H, Hur J (2015) A secure OTP algorithm using a smartphone application. In: Proceedings of the 7th international conference on ubiquitous and future networks. IEEE, pp 476–481

    Google Scholar 

  9. Dasgupta D, Roy A, Nag A et al (2017) Advances in user authentication

    Google Scholar 

  10. Dilraj M, Nimmy K, Sankaran S (2019) Towards behavioral profiling based anomaly detection for smart homes. In: Proceedings of the TENCON 2019-2019 IEEE region 10 conference (TENCON). IEEE, pp 1258–1263

    Google Scholar 

  11. Edwards M, Xie X (2014) Footstep pressure signal analysis for human identification. In: Proceedings of the 7th international conference on biomedical engineering and informatics. IEEE, pp 307–312

    Google Scholar 

  12. El-Hajj M, Fadlallah A, Chamoun M, Serhrouchni A (2019) A survey of internet of things (IoT) authentication schemes. Sensors 19(5):1141

    Article  Google Scholar 

  13. Gamundani AM, Phillips A, Muyingi HN (2018) An overview of potential authentication threats and attacks on internet of things (IoT): a focus on smart home applications. In: Proceedings of the IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData). IEEE, pp 50–57

    Google Scholar 

  14. Gupta S (2020) Next-generation user authentication schemes for IoT applications. PhD thesis, DISI, Univeristy of Trento, Italy

    Google Scholar 

  15. Gupta S, Buriro A, Crispo B (2019) Driverauth: a risk-based multi-modal biometric-based driver authentication scheme for ride-sharing platforms. Comput Secur 83:122–139

    Article  Google Scholar 

  16. Gupta S, Camilli M, Papaioannou M (2022) Provenance navigator: towards more usable privacy & data management strategies for smart apps. In: Proceedings of the 11th international workshop on socio-technical aspects in security, affiliated with the 26th European symposium on research in computer security (ESORICS 2021). Springer, pp 1–17

    Google Scholar 

  17. Gupta S, Kacimi M, Crispo B (2022) Step & turn—a novel bimodal behavioral biometric-based user verification scheme for physical access control. Comput Secur

    Google Scholar 

  18. ISO9000:2015 (2015) Quality management systems—fundamentals and vocabulary. https://www.iso.org/obp/ui/iso:std:iso:9000:ed-4:v1:en. Accessed on 20 Feb 2022. Online web resource

    Google Scholar 

  19. ISO/IEC24741:2018(en) (2018) Information technology—biometrics—overview and application. https://www.iso.org/obp/ui/iso:std:iso-iec:tr:24741:ed-2:v1:en

    Google Scholar 

  20. Jain AK, Deb D, Engelsma JJ (2021) Biometrics: trust, but verify. IEEE Trans Biom Behav Identity Sci

    Google Scholar 

  21. Kannala J, Rahtu E (2012) Bsif: binarized statistical image features. In: Proceedings of the 21st international conference on pattern recognition (ICPR). IEEE, pp 1363–1366

    Google Scholar 

  22. Krašovec A, Pellarini D, Geneiatakis D, Baldini G, Pejović V (2020) Not quite yourself today: behaviour-based continuous authentication in IoT environments. Proc ACM Interact Mob Wearable Ubiquitous Technol 4(4):1–29

    Article  Google Scholar 

  23. Li W, Wang P (2019) Two-factor authentication in industrial internet-of-things: attacks, evaluation and new construction. Futur Gener Comput Syst 101:694–708

    Article  Google Scholar 

  24. Liang X, Kim Y (2021) A survey on security attacks and solutions in the IoT network. In: Proceedings of the 11th annual computing and communication workshop and conference (CCWC). IEEE, pp 0853–0859

    Google Scholar 

  25. Ling Z, Liu K, Xu Y, Jin Y, Fu X (2017) An end-to-end view of IoT security and privacy. In: Proceedings of the GLOBECOM 2017—2017 IEEE global communications conference, pp 1–7

    Google Scholar 

  26. McCool C, Marcel S, Hadid A, Pietikäinen M, Matejka P, Cernockỳ J, Poh N, Kittler J, Larcher A, Levy C et al (2012) Bi-modal person recognition on a mobile phone: using mobile phone data. In: Proceedings of international conference on multimedia and expo workshops (ICMEW). IEEE, pp 635–640

    Google Scholar 

  27. Pires I, Garcia N, Pombo N, FlĂłrez-Revuelta F (2016) From data acquisition to data fusion: a comprehensive review and a roadmap for the identification of activities of daily living using mobile devices. Sensors 16(2):184

    Article  Google Scholar 

  28. Ponnusamy V, Regunathan ND, Kumar P, Annur R, Rafique K (2020) A review of attacks and countermeasures in internet of things and cyber physical systems. Industrial internet of things and cyber-physical systems: transforming the conventional to digital, pp 1–24

    Google Scholar 

  29. Project OMS (2020) Owasp mobile security project. https://owasp.org/www-project-mobile-security/. Accessed 20 Feb 2022. Online web resource

  30. Ross A, Banerjee S, Chowdhury A (2020) Security in smart cities: a brief review of digital forensic schemes for biometric data. Pattern Recognit Lett 138:346–354

    Article  Google Scholar 

  31. Shila DM, Srivastava K (2018) Castra: seamless and unobtrusive authentication of users to diverse mobile services. IEEE Internet Things J 5(5):4042–4057

    Article  Google Scholar 

  32. Ten CW, Manimaran G, Liu CC (2010) Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern Part A Syst Hum 40(4):853–865

    Article  Google Scholar 

  33. Van Oorschot PC (2021) User authentication-passwords, biometrics and alternatives. In: Proceedings of the computer security and the internet. Springer, Cham, pp 55–90

    Google Scholar 

  34. Verizon. Data breach investigations report. https://enterprise.verizon.com/content/verizonenterprise/us/en/index/resources/reports/2021-dbir-executive-brief.pdf. Accessed on 20 Feb 2022. Online web resource

  35. Whosdrivingyou (2018) Reported list of incidents involving uber and lyft. http://www.whosdrivingyou.org/rideshare-incidents. Accessed on 20 Feb 2022. Online web resource

  36. Zhang K, Ni J, Yang K, Liang X, Ren J, Shen XS (2017) Security and privacy in smart city applications: challenges and solutions. IEEE Commun Mag 55(1):122–129

    Article  Google Scholar 

  37. Zimmermann V, Gerber N (2020) The password is dead, long live the password—a laboratory study on user perceptions of authentication schemes. Int J Hum Comput Stud 133:26–44

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Engineering & Computer Science (DISI), University of Trento, Trento, Italy

    Sandeep Gupta & Bruno Crispo

Authors
  1. Sandeep Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bruno Crispo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sandeep Gupta .

Editor information

Editors and Affiliations

  1. School of Computing, University of Kent, Canterbury, UK

    Theo Dimitrakos

  2. Department of Computer Science, University of Malaga, Málaga, Spain

    Javier Lopez

  3. National Research Council of Italy (CNR), Pisa, Italy

    Fabio Martinelli

Rights and permissions

Reprints and permissions

Copyright information

© 2023 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Gupta, S., Crispo, B. (2023). Usable Identity and Access Management Schemes for Smart Cities. In: Dimitrakos, T., Lopez, J., Martinelli, F. (eds) Collaborative Approaches for Cyber Security in Cyber-Physical Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-16088-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16088-2_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16087-5

  • Online ISBN: 978-3-031-16088-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation