The internet of things is a rapidly growing commercial industry. Various "smart" versions of objects such as lightbulbs, speakers, watches, and more are being produced with the ability to connect to the internet. These objects may have features such as automation, remote control through a smartphone app, or notifying the owner in certain conditions. Regardless, these devices are often designed to be simple and lightweight, operating with little computational power and with low power consumption. To achieve this, many IoT devices make sacrifices to other features, with security being common, which leads to these devices being easily compromised. This makes attackers more dangerous, using the compromised devices to move laterally to other devices, or for other purposes, such as creating botnets.
With the growing security risk of the internet of things, many approaches are being proposed to tackle the problem. Authentication and authorization systems are popular solutions for addressing this issue. Some of these solutions, such as those using OAuth 2.0, also have the benefit of outsourcing some of the computation to a trusted third party, releasing some of the stress on the IoT devices.
My goal for this project is to provide an overview of the current landscape for authentication and authorization in IoT networks. To do this, I will research recent solutions on the topic, describe each of their approaches, and compare them to each other qualitatively.
[Feb 8] - Project proposal completed
[Feb 26] - Current solutions researched and analysed
[Mar 8] - Midterm update
[Mar 26] - Project presentation first draft complete
[Apr 5] - Project presentation (possible demo), Project report first draft complete
[Apr 12] - Project report complete