Context-Aware Authentication: State-of-the-ArtEvaluation and Adaption to the IIoT

Moritz LoskeFraunhofer IIS

Nuremberg, Germany

Lukas RotheFraunhofer IIS

Nuremberg, Germany

Dominik G. GertlerOstbayerische Technische Hochschule Amberg-Weiden

Weiden i.d.OPf., Germany

Abstract—Authentication is an important and non-trivial topicfor the security of the tremendously growing industrial Internetof Things. Classical authentication methods often do not meetthe requirements of IoT networks, where computing power andbandwidth are usually constrained. This overview paper thereforeturns its attention to context-aware authentication, a methodthat uses features of a shared or otherwise known context tomutually authenticate devices. First the idea of context-awareauthentication and the state of the art in research is introduced.The work done so far is then evaluated, with a focus on the exam-ined context features and authentication mechanisms. Afterwardsit is discussed how context-awareness can be transferred fromuser-centric towards machine-to-machine authentication in theindustrial IoT. The specific requirements are discussed togetherwith use-cases for Smart Logistics and Industry 4.0.

Index Terms—context-awareness, authentication, security,M2M communication, industrial IoT, Industry 4.0, Smart Lo-gistics

I. INTRODUCTION

Electronic identification and authentication has been subjectto multiple research works in the past, where a large varietyof methods and processes have been developed. Dependingon the required level of security the identity can be provenby using digital credentials like IDs or username and pass-word for standard applications or certificate based Public KeyInfrastructures (PKI) for security critical applications [1], [2].Combining different methods within a single authenticationprocess has become known as a multiple factor authenticationand is considered to provide an enhanced level of security tofulfill even highest security standards [1].Several of the most current authentication protocols, even thelatest introduced methods, have been developed for standarddistributed computing and communication systems within lo-cal or wide area networks. These infrastructures often relyon platforms with sufficient amount of energy, computingresources and data rate and the capability to run sophisticatedkey exchange protocols.That is not the case for small embedded systems like wirelesssensor nodes that are operated in very constraint environmentsunder limited conditions. Prevalent cryptographic mechanismscan not or only rudimentarily be used, due to limited comput-ing capacity, storage and bandwidth (bitrate, computing capac-ity, uni-directionality) [3]. These sensor nodes have howeverbecome an essential part of the Internet of Things (IoT). In

the past few years, the IoT has grown tremendously and willbecome even more widespread in the future [4]. Accordingto latest studies the IoT will grow from around 15 billiondevices in 2015 up to 75 billion devices in 2025 [4]. Thissignificant increase of the IoT demonstrates the relevance forsecurity in IoT networks, which range from small privateHome Automation applications with only a handful of nodesto city-spanning networks containing hundreds of nodes forSmart City or Smart Grid services.With either already present sensors or additional small, energy-efficient sensors, an IoT device is enabled to gather infor-mation about certain features of its physical context, such astemperature or luminosity. During authentication, this contextinformation can be utilized to enhance security. The contextfeatures are transmitted to the other device, where they areprocessed to draw conclusions about the device’s location andorigin time of the message. This knowledge can then aid theprocess of authentication by proving the device’s correct timeand location. Enhancing the authentication in this way is calledcontext-aware authentication.In this paper, context-aware authentication is briefly introducedand the current state of context-aware authentication researchpresented. Subsequently, the current research of context-awareauthentication is evaluated, paying attention to the require-ments for mechanisms and features to find real-world applica-tion. As most research in this field has been user-centric thisfar [5], it is afterwards discussed, how context-awareness canbe applied to industrial IoT (IIoT). Two exemplary use cases– Smart Logistics and Industry 4.0 – are shown to emphasizethe benefits of such an adaption.

II. CONTEXT-AWARE AUTHENTICATION

To facilitate unambiguous identification and secure authen-tication of independent devices in a non-trusted and hetero-geneous IoT system, innovative methods that combine both ahigh level of trust and an efficient acquisition and processingof the authenticators are required. One approach to solve thisproblem is the integration of information about the physicalcontext of a device to improve the authentication process [5].Sadeghi et al. stated in their work, that authentication betweendevices can be realized by ”utilizing the fact that devices thatare located in the same place also consistently observe similarambient context information” [6]. Context-aware authentica-tion therefore describes the inclusion of measured physical978-1-5386-4980-0/19/$31.00 ©2019 IEEE

64

features of a device in the authentication process. Candidatesfor such physical features are e.g. temperature, luminosity orradio signals, which form an additional category for multiplefactor authentication.

Which factors can be included and how they can be verifiedis exhibited in section IV.

III. RELATED WORKS

A general overview of context-awareness has been givenbefore and the problem of authentication in IoT and relatedfields has also been discussed.

Sajid et al. [7] brought attention to the shortcomings ofauthentication mechanisms for IIoT networks. Sadeghi et al.[6] also emphasized the lack of secure authentication mecha-nisms and proposed context-awareness as one mechanism toclose the security gap.

Perera et al. [8] gave a broad overview over the stateof context-awareness in 2014. Their focus was the use ofcontext information to enhance IoT applications, not using itfor security measures. Miettinen et al. evaluated the use ofcontext information for authentication based on a few differentpublications [9] with their focus on the consumer IoT. In 2018,Fomichev et al. surveyed different secure device pairing mech-anisms in general [10], including context-awareness. Conti andChhagan also surveyed context-aware methods in 2018 [11]and formulated open research questions.

To test the validity of context-awareness in authenticationschemes, Fomichev et al. [12] evaluated five published mech-anisms (see Sec. IV) under realistic conditions. They managedto show, that the performance of such authentication schemesdepends highly on the application scenario.

IV. STATE OF THE ART

This section will give a broad overview over the researchdone in the field of context-aware authentication in IoT withspecial attention towards the examined context features aswell as the methods to integrate context information into theauthentication process.

Kalamandeen et al. [13] in 2010 took the idea to measurethe received signal strength (RSSI) of your communicationpartner as an indicator of physical proximity, which is usedfor example in ZigBee [14], one step further in their systemEnsemble. The authentication of a device with Ensemble isdone by other members of the network, called witnesses, bydetermining its proximity, and therefore authenticity, coopera-tively. For this process, the witnesses evaluate the correlationof RSSI fingerprints gathered from communication with thedevice and vote for its acceptance.

In the following year Mathur et al. developed Proximate[15], which uses snippets of the TV and FM radio signalsto generate a secret key used for the authentication process.By generating a matching key, the presence in the sameenvironment is shown.

Halevi et al. [16] expanded on the idea of using contextualinformation for authentication in 2012, when they comparedaudio recordings and luminosity of two devices to secure

NFC transactions. The authentication is only successful, ifthe difference in both sensor readings is smaller than apredetermined threshold.

Xiao et al. [17] created a more complicated proximity checkbased on wireless signals in 2013, utilizing not only the RSSI,but also data from the WiFi packets like MAC addresses andsequence numbers to generate a session key for two devices.

Schurmann et al. [18] created also a scheme to generate asession key from ambient audio fingerprints in the same year.

Another authentication mechanism using real world datawas developed by Rostami et al. [19], securing the com-munication of medical devices and an implanted pacemakerby evaluating ECG measurements and determining a goodthreshold for their comparison.

Halevi et al. expanded upon their earlier context-basedauthentication mechanism by evaluating the data from a de-vices accelerometer and magnetometer to recognize the user’sposture [20]. The results were used alongside audio samplesand luminosity to prove the physical proximity of the devicesby comparing those values.

In 2014, Urien et al. [21] used the temperature of one of thedevices, measured by the other device via infrared, to generatea key to authenticate a NFC payment transaction.

Shrestha et al. [22] expanded the use of environmental datato further secure authentication by measuring temperature,humidity, air pressure and the carbon monoxide concentration(CO gas) in the air. Those values were taken at severallocations and a classifier trained on recognizing them.

In the same year Miettinen et al. [23] used fingerprints gen-erated out of audio levels and luminosity to enhance authen-tication by generating a session key out of those fingerprints,Truong et al. [24] improved the existing tool BlueProximityby adding GPS data, WiFi data, Bluetooth data and audiofeatures for the authentication mechanism. The distances andcorrelation between signals gathered at several locations wereused to train a classifier.

Karapanos et al. developed Sound-Proof [25] in 2015, amechanism to authenticate a user’s phone to web applicationsby comparing audio fingerprints with a threshold.

In 2017, Shepherd et al. [26] evaluated several contextualfeatures for their applicability to indicate proximity in NFCpayment transaction. The examined features were acceleration,Bluetooth, gravity, GPS, gyroscopic readings, magnetic fields,pressure, sound, WiFi, light, temperature, humidity and more.

Juuti et al. published STASH [27], an authentication methodin which the server recognizes a user via the path he takes,computed by the accelerometer and gyroscope readings of theuser’s smart phone.

Han et al. developed the scheme Convoy [32], fingerprintingroad conditions and steering behavior, extracted via a triple-axis accelerometer, and comparing those values to strengthenthe authentication between vehicles of a transport convoy.

In 2018, Han et al. also published their work about Perceptio[33], a context-aware authentication mechanism that identifiesevents observed by the devices through heterogeneous sensors.

65

Category Feature Pros ConsMeteorological data General hard to manipulate, fast measurement, easy

computation [22], Non-directional [28]Moderate Variance [22]

Humidity Low accuracy [21]CO gas Low Variance [22]Air pressure Low Variance [28]

Luminosity Luminosity Good Variance [28] directional [28]Audio Audio [9], [18], [24],

[25], [29], [29]Great Variance Complex computation, Long measurement,

Directional [28]Radio Waves Bluetooth, WiFi,

FM/AM [30]Sensors already in place, Great Variance,Non-directional

Complex computation, Long measurement, Easyto distort [28]

GPS Non-directional Outdoor onlyMagnetism Magnetic field [31] Hard to manipulate, Non-directional Complex computation, Long measurement

TABLE IEVALUATION OF PHYSICAL FEATURES

It manages to authenticate for example one device with amicrophone to a device possessing only an accelerometer bycreating a fingerprint of events and encrypting part of theauthentication process with them and calculating a confidencescore.The next chapter will now compare the contextual features andutilized mechanisms of the mentioned works.

V. EVALUATION

A. Physical Features

The advantages and disadvantages of the individual physicalfeatures when used for authentication can be seen in Table I.The severity and importance of those ratings however dependon the use-case [12]. Some weaknesses, mainly a deficit invariance and accuracy, can be shored up by retrieving severalfeatures at once and combining them to determine the device’scontext [22], [28].Directionality describes the problem that the obtained sensorvalue depends heavily on the placement and orientation ofthe sensor. This can cause sensors, which are physically closeto each other, to have vastly different readings. Directionalitycan however be combated by observing not the value itself, butchanges in the value [23]. Such measurements compensate fordirectionality at the expense of computational simplicity andmeasurement speed.Since context-awareness tries to prove a device’s location,other features used for location sensing could be utilizedfor context-aware authentication, such as geo-magnetism [31],which have not been researched so far.

B. Methods

The methods utilized in Sec. IV to decide authenticitybased on the context can be broken down into three types -Threshold Comparison, Classifiers and Key Generation. Thesemethods will now be individually evaluated for their use in IoTnetworks.

1) Threshold Comparison: In the first method, the reportedphysical features are simply compared to the expected values,usually with a threshold. This method is quick and easy toimplement and creates only minimal computational overhead,which applies well to the constrained conditions of IoT sys-tems. It is however necessary for this method to transmit the

sensor readings, making it easier for attackers to record themand use them for fraudulent authentication attempts. Therefore,physical features with high variance over time should bechosen with this method. The sensor readings can also beobscured via hashing, to prevent attackers from guessing newvalues close to the previously transmitted one.

2) Classifiers: Classifiers (e.g. decision trees [24], randomforest [22]) are trained with training data to recognize, ifa device reports the correct context. Such approaches canbe more reliable than simple comparison, especially whenobserving several contextual features. The training of theclassifier creates organizational and computational overheadhowever. Additionally, as not every IoT device can implementmachine learning algorithms, such classifiers will be inflexibleto changes in the environment.

3) Key Generation: The third option is to generate a cryp-tographic key from the physical features, which is then usedto encrypt the authentication process or all communication.This method eliminates the need for prior introduction ofkeys onto the devices, which is particularly advantageous forhomogeneous IoT networks. Close attention needs to be paidto the performance of the key generation however, as suchalgorithms could took over two hours to generate an usablekey under certain conditions [9].

VI. TRANSFER TO IIOTMost of the research done so far on context-aware

authentication has focused on the consumer IoT, oftento authenticate personal devices (e.g. smartphones) [5].Context-aware authentication in IIoT systems needs to satisfya different set of requirements.

The structure of IIoT applications differs widely fromconsumer IoT applications, and thus do the requirements fortheir systems. While a consumer network usually consists onlyof a couple devices centered around one or a few persons,IIoT networks consist of a number of devices usually in thehundreds or thousands. Therefore, structures and protocolsneed to be able to scale up to the needed numbers withoutjamming wireless channels or overloading coordinating de-vices. The same is true for human interaction; while practicesas shake-well-before-use [34] or recognizing posture [20] are

66

Fig. 1. Smart logistics transport.

a good fit for one person setting up a few devices, largeIIoT networks, where almost all communication is Machine-to-Machine (M2M), need to be able to work autonomously.Zero-interaction authentication is therefore required. Industrialfacilities also have higher standards regarding reliability andavailability than users of Smart Home applications, as manyIIoT processes need to work in real-time environments. An-other factor is the homogeneity of IIoT networks. Devicesbelonging to different owners might need to join and leavenetworks frequently with as little detriment to their commu-nication as possible. Practices such as pre-shared keys (PSK)might therefore not be possible, and key exchanges need tohappen quickly and easily. One positive aspect of IIoT systemsis, that since those devices are not linked to a specific person,there needs to be less concern for privacy, although simplesensor values can, depending on the application, be used todraw conclusions about nearby persons [35]. One last thing toconsider is, that, due to the lucrativeness of extortion, indus-trial espionage and sabotage, attackers on IIoT systems mighthave more resources and persistence than hackers targetingconsumer IoT devices. IIoT networks therefore need to beadditionally secured.

The following use-cases show, that an adaption of context-aware authentication for IIoT systems can be worthwhile, asit provides ample ways to satisfy the stated requirements.

A. Smart Logistics

The first use case in Fig. 1 considers goods transportedin smart containers 1© from a warehouse or factory 2© toanother 3© via a truck 4©. The smart containers identifies andannounces themselves and their content to the factory duringtheir trip to enable constant monitoring and real time optimiza-tion of the manufacturing processes. This communication 5©happens wireless over long distances and most likely includesseveral hops utilizing third-party communication protocols andinfrastructure 6©. The contents will not be tested for qualityat the destination but instead rely on the integrity of the firstfacility.

The attack vector we focus on is the fraudulent manipulationof the goods during transportation. In cooperation with thedriver, the attacker switches out the goods with productsof lesser quality. This requires a stop and/or an alternateroute from the warehouse to the factory. By using additionalsensor data sent by the smart containers, the factory candraw conclusion about the steering of the truck and the roadconditions 7©, similar to a convoy described in [32]. Validatingthese values with values of previous deliveries it is possibleto reconstruct the trucks path, as shown by Gafurov et al.[36], who identified the path human users took via theirsmartphone’s sensor readings. Thus, context-awareness canhelp to verify the integrity and identity of goods and preventingthis type of fraud by verifying the vehicle’s route based oncontext information.

B. Industry 4.0

Once the goods have arrived at the factory, they are un-packed and prepared for processing. Fig 2 shows a productionline, in which each product 1© communicates wireless 2© itsindividual processing parameters to the machinery 3©. Thisexample, in which products are manufactured in a batch sizeof one, is often depicted when talking about Industry 4.0[37]. Each product moves on a conveyor belt 4© through aline of different assembly stations. At each station it directlycommunicates its manufacturing specifications, is processedand then moves on to the next step. For the purpose ofsupervision, it is possible to access the tools remotely 5© viaprevalent protocols.This process provides a broad attack surface. We exemplaryconsider an attacker trying to sabotage or manipulate theprocess to gain economic advantages. With network access, theattacker would be able to send wrong operating instructions(spoofing) to the workstations to manipulate or destroy theproducts or the machinery. Hardware access would enablethe attacker to manipulate sensor information, causing wrong

Fig. 2. A smart production line.

67

manufacturing parameters to be applied to the wrong goods.Context-aware authentication can help to prevent both attacks.In addition to its manufacturing parameters, the product alsotransmits information about its context. The assembly stationthen checks its own context, allowing it to draw conclusionsabout the proximity to the product. If it is too far away, nomanufacturing steps will be executed and an error generated.Switched sensors will be able to recognize the disparitybetween the communicated state and the real state, while anon-local attacker will be unable to guess the current context.It is necessary to choose contextual features with enoughvolatility, to prevent replay attacks..

VII. CONCLUSION

The ambition of his paper is to draw attention to context-awareness as a capable approach to enhance security andunambiguous identification of devices in IIoT scenarios withlimited resources and constrained conditions.

The paper presents a brief introduction to context-awareauthentication and the current state of research. Further anoverview of physical features and validation methods is givento allow a preselection of possible combinations and ap-proaches. The transfer to two example use-cases gives apromising outlook for the adaption of context-aware authenti-cation to industrial Internet of Things applications.

Based on the evaluation further research is necessary todetermine suitable physical features and combinations of themas well as reliable and resource efficient algorithms to compareand validate the context information.

REFERENCES

[1] W. E. Burr, D. F. Dodson, E. M. Newton, R. A. Perlner, W. T. Polk,S. Gupta, E. A. Nabbus, W. T. Polk, and E. A. Nabbus, “ElectronicAuthentication Guideline.”

[2] P. A. Grassi, J. L. Fenton, E. M. Newton, R. A. Perlner, A. R.Regenscheid, W. E. Burr, J. P. Richer, N. B. Lefkovitz, J. M. Danker,Y.-Y. Choong, K. K. Greene, and M. F. Theofanos, Digital identityguidelines: Authentication and Lifecycle Management. Gaithersburg,MD: National Institute of Standards and Technology, 2017.

[3] P. Gope and T. Hwang, “A Realistic Lightweight Anonymous Authen-tication Protocol for Securing Real-Time Application Data Access inWireless Sensor Networks,” IEEE Transactions on Industrial Electron-ics, vol. 63, no. 11, pp. 7124–7132, 2016.

[4] IBM Institute for Business Value, “Internet of threats: Securing theInternet of Things for industrial and utility companies - BenchmarkIn-sights@IBV,” BenchmarkInsights@IBV, 2018.

[5] K. Habib and W. Leister, “Context-Aware Authentication for the Internetof Things: The Eleventh International Conference on Autonomic andAutonomous Systems : May 24-29, 2015, Rome Italy,” IARIA, 2015.

[6] A.-R. Sadeghi, C. Wachsmann, and M. Waidner, “Security and PrivacyChallenges in Industrial Internet of Things,” Proceedings of the 52ndannual design automation conference, pp. 1–6, 2015.

[7] A. Sajid, H. Abbas, and K. Saleem, “Cloud-Assisted IoT-Based SCADASystems Security: A Review of the State of the Art and FutureChallenges,” IEEE Access, vol. 4, pp. 1375–1384, 2016.

[8] C. Perera, A. Zaslavsky, P. Christen, and D. Georgakopoulos, “ContextAware Computing for The Internet of Things: A Survey,” IEEE Com-munications Surveys & Tutorials, vol. 16, no. 1, pp. 414–454, 2014.

[9] M. Miettinen, T. D. Nguyen, A.-R. Sadeghi, and N. Asokan, “Revisitingcontext-based authentication in IoT,” in Proceedings of the 55th AnnualDesign Automation Conference on - DAC ’18 (Unknown, ed.), (NewYork, New York, USA), pp. 1–6, ACM Press, 2018.

[10] M. Fomichev, F. Alvarez, D. Steinmetzer, P. Gardner-Stephen, andM. Hollick, “Survey and Systematization of Secure Device Pairing,”IEEE Communications Surveys & Tutorials, vol. 20, no. 1, pp. 517–550, 2018.

[11] M. Conti and C. Lal, “A Survey on Context-based Co-presence Detec-tion Techniques,” 2018.

[12] M. Fomichev, M. Maass, L. Almon, A. Molina, and M. Hollick, “Perilsof Zero-Interaction Security in the Internet of Things.”

[13] A. Kalamandeen, A. Scannell, E. de Lara, A. Sheth, and A. LaMarca,“Ensemble: Cooperative Proximity-based Authentication,” Proceedingsof the 8th international conference on Mobile systems, applications, andservices, p. 331, 2010.

[14] P. Morgner, S. Mattejat, Z. Benenson, C. Muller, and F. Armknecht,“Insecure to the touch,” in Proceedings of the 10th ACM Conferenceon Security and Privacy in Wireless and Mobile Networks (G. Noubir,M. Conti, and S. K. Kasera, eds.), (New York, NY, USA), pp. 230–240,ACM, 2017.

[15] S. Mathur, R. Miller, A. Varshavsky, W. Trappe, and N. Mandayam,“Proximate: Proximity-based Secure Pairing using Ambient WirelessSignals,” Proceedings of the 9th international conference on Mobilesystems, applications, and services, p. 211, 2011.

[16] T. Halevi, D. Ma, N. Saxena, and T. Xiang, “Secure Proximity Detectionfor NFC Devices Based on Ambient Sensor Data,” European Symposiumon Research in Computer Security, vol. 7459, pp. 379–396, 2012.

[17] L. Xiao, Q. Yan, W. Lou, G. Chen, and Y. T. Hou, “Proximity-BasedSecurity Techniques for Mobile Users in Wireless Networks,” IEEETransactions on Information Forensics and Security, vol. 8, no. 12,pp. 2089–2100, 2013.

[18] D. Schurmann and S. Sigg, “Secure Communication Based on AmbientAudio,” IEEE Transactions on Mobile Computing, vol. 12, no. 2,pp. 358–370, 2013.

[19] M. Rostami, A. Juels, and F. Koushanfar, “Heart-to-heart (H2H): Au-thentication for Implanted Medical Devices,” Proceedings of the 2013ACM SIGSAC conference on Computer & communications security,pp. 1099–1112, 2013.

[20] T. Halevi, H. Li, M. Di, N. Saxena, J. Voris, and T. Xiang, “Context-Aware Defenses to RFID Unauthorized Reading and Relay Attacks,”IEEE Transactions on Emerging Topics in Computing, vol. 1, no. 2,pp. 307–318, 2013.

[21] P. Urien and S. Piramuthu, “Elliptic curve-based RFID/NFC authentica-tion with temperature sensor input for relay attacks,” Decision SupportSystems, vol. 59, pp. 28–36, 2014.

[22] B. Shrestha, N. Saxena, H. T. T. Truong, and N. Asokan, “Drone to theRescue: Relay-Resilient Authentication using Ambient Multi-sensing,”International Conference on Financial Cryptography and Data Security,vol. 8437, pp. 349–364, 2014.

[23] M. Miettinen, N. Asokan, T. D. Nguyen, A.-R. Sadeghi, and M. Sob-hani, “Context-Based Zero-Interaction Pairing and Key Evolution forAdvanced Personal Devices,” Proceedings of the 2014 ACM SIGSACConference on Computer and Communications Security, pp. 880–891,2014.

[24] H. T. T. Truong, X. Gao, B. Shrestha, N. Saxena, N. Asokan, andP. Nurmi, “Using contextual co-presence to strengthen Zero-InteractionAuthentication: Design, integration and usability,” Pervasive and MobileComputing, vol. 16, pp. 187–204, 2015.

[25] N. Karapanos, C. Marforio, C. Soriente, and S. Capkun, “Sound-Proof:Usable Two-Factor Authentication Based on Ambient Sound,” in 24thUSENIX Security Symposium (USENIX Security 15) (USENIX Asso-ciation, ed.), (Washington, D.C.), pp. 483–498, USENIX Association,2015.

[26] C. Shepherd, I. Gurulian, E. Frank, K. Markantonakis, R. N. Akram,E. Panaousis, and K. Mayes, “The Applicability of Ambient Sensors asProximity Evidence for NFC Transactions,” in 2017 IEEE Security andPrivacy Workshops (SPW), pp. 179–188, IEEE, 2017.

[27] J. Mika, C. Vaas, I. Sluganovic, H. Liljestrand, N. Asokan, and I. Mar-tinovic, “STASH: Securing transparent authentication schemes usingprover-side proximity verification: 12-14 June 2017, San Diego, CA,USA,” Sensing, Communication, and Networking (SECON), 2017 14thAnnual IEEE International Conference on, pp. 1–9, 2017.

[28] S. Piramuthu and R. Doss, “On sensor-based solutions for simultaneouspresence of multiple RFID tags,” Decision Support Systems, vol. 95,pp. 102–109, 2017.

[29] Z. Gu and Y. Liu, “Scalable Group Audio-Based Authentication Schemefor IoT Devices: CIS 2016 : 16-19 December 2016, Wuxi, Jiangsu

68

Province, China : proceedings,” 12th International Conference on Com-putational Intelligence and Security, 2016.

[30] W. S. Melo, Jr., R. C. S. Machado, and L. F. R. C. Carmo, “UsingPhysical Context-Based Authentication against External Attacks: Modelsand Protocols,” Security and Communication Networks, vol. 2018,no. Volume 2018 // 4, pp. 1–14, 2018.

[31] J. Chung, M. Donahoe, C. Schmandt, I.-J. Kim, P. Razavai, and M. Wise-man, “Indoor Location Sensing Using Geo-Magnetism,” Proceedings ofthe 9th international conference on Mobile systems, applications, andservices, p. 141, 2011.

[32] J. Han, M. Harishankar, X. Wang, A. J. Chung, and P. Tague, “Convoy:Physical Context Verification for Vehicle Platoon Admission,” Proceed-ings of the 18th International Workshop on Mobile Computing Systemsand Applications, pp. 73–78, 2017.

[33] J. Han, A. J. Chung, M. K. Sinha, M. Harishankar, S. Pan, H. Y.Noh, P. Zhang, and P. Tague, “Do You Feel What I Hear? EnablingAutonomous IoT Device Pairing Using Different Sensor Types,” in 2018IEEE Symposium on Security and Privacy (SP), pp. 836–852, IEEE,2018.

[34] R. Mayrhofer and H. Gellersen, “Shake Well Before Use: Intuitiveand Secure Pairing of Mobile Devices,” IEEE Transactions on MobileComputing, vol. 8, no. 6, pp. 792–806, 2009.

[35] P. Morgner, C. Muller, M. Ring, B. Eskofier, C. Riess, F. Armknecht,and Z. Benenson, “Privacy Implications of Room Climate Data,” inComputer security - ESORICS 2017 (S. N. Foley, D. Gollmann, andE. Snekkenes, eds.), vol. 10493 of Lecture Notes in Computer Science,pp. 324–343, Cham: Springer, 2017.

[36] D. Gafurov, E. Snekkenes, and P. Bours, “Gait Authentication andIdentification Using Wearable Accelerometer Sensor: 7 - 8 June 2007,Alghero, Italy,” 2007 IEEE Workshop on Automatic Identification Ad-vanced Technologies, 2007, 2009.

[37] H. Lasi, P. Fettke, H.-G. Kemper, T. Feld, and M. Hoffmann, “Industry4.0,” Business & Information Systems Engineering, vol. 6, no. 4,pp. 239–242, 2014.

69