Privacy-Aware Authentication in the Internet of Things


Hannes Groß (IAIK, Graz University of Technology), Marko Hölbl (University of Maribor), Daniel Slamanig (IAIK, Graz University of Technology), Raphael Spreitzer (IAIK, Graz University of Technology)


Besides the opportunities offered by the all-embracing Internet of Things (IoT) technology, it also poses a tremendous threat to the privacy of the carriers of these devices. In this work, we build upon the idea of an RFID-based IoT realized by means of standardized and well-established Internet protocols. In particular, we demonstrate how the Internet Protocol Security protocol suite (IPsec) can be applied in a privacy-aware manner. Therefore, we introduce a privacy-aware mutual authentication protocol compatible with restrictions imposed by the IPsec standard and analyze its privacy and security properties. With this work, we show that privacy in the IoT can be achieved without proprietary protocols and on the basis of existing Internet standards.


14th International Conference on Cryptology and Network Security (CANS2015)  (

Place and Date

Marrakesh, Morocco, December 8th-12th 2015

Publication Reference

Hannes Groß, Marko Hölbl, Daniel Slamanig, Raphael Spreitzer. "Privacy-Aware Authentication in the Internet of Things", Cryptology and Network Security, 14th International Conference, CANS 2015, Marrakesh, Morocco, December 8-12. 2015.



Author    = {Hannes Gro{\ss} and Marko H{\"{o}}lbl and Daniel Slamanig and Raphael Spreitzer},
Title     = {{Privacy-Aware Authentication in the Internet of Things}},
Booktitle = {Cryptology and Network Security, 14th International Conference, CANS 2015, Marrakesh, Morocco, December 8-12.},
Year      = {2015},
Publisher = {Springer}