We have witnessed a tremendous growth of Internet of Things (IoT) and popularization of IoT devices in past decades, including wireless sensors, smart phones, wearable devices, smart tags, activity trackers, and the like. These devices are widely deployed to enable intelligent computing and services in our daily life, such as the logistics, retailing, healthcare to be used in the smart city. However, trustworthy authentication in IoT becomes a key challenge towards a smooth and rapid development of IoT. According to a survey by Altman Vilandrie & Company [1], due to the lack of authentication and other system protections, small and medium-sized enterprises suffer a losses of up to 13% of their annual revenues from attacks on IoT systems. In the IoT environment, trust also becomes ubiquitous. Merely authenticating individual users or devices is not enough, because collaborative interaction and cooperation among users, devices, and environments are critical in IoT. In such circumstance, information is shared, data is fused, and all elements, including the human, device, and environment, are highly integrated. Thus, the authentication requirement for IoT applications should be characterized as temporally-spatially consistent, human-and-environment-in-the-loop, and continuously trustworthy. Unfortunately, conventional authentication methods failed to meet above demands. The main reasons are as follows. • Existing approaches usually perform authentication on the user and device separately. Meanwhile, there is scarcely seen the authentication carried out in the environment. An attacker can eavesdrop in the communication, counterfeit the authentication tokens or proofs [2], or just simply carry out replaying attacks to impersonate the actual user or device [3]. • Existing authentication systems have little consideration on the spatio-temporal nature of IoT computing and services. Besides the authenticity of data, users, and devices, it is also necessary to ensure the spatiotemporal consistence of the computing and services. In other words, a transaction in IoT also requires the au-
[1]
Ivan Martinovic,et al.
When Your Fitness Tracker Betrays You: Quantifying the Predictability of Biometric Features Across Contexts
,
2018,
2018 IEEE Symposium on Security and Privacy (SP).
[2]
Antonio Torralba,et al.
Through-Wall Human Pose Estimation Using Radio Signals
,
2018,
2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.
[3]
Jan-Michael Frahm,et al.
Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos
,
2016,
USENIX Security Symposium.
[4]
Lujo Bauer,et al.
Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
,
2016,
CCS.