Next-generation user authentication schemes for IoT applications

The unprecedented rise of IoT has revolutionized every business vertical enthralling people to embrace IoT applications in their day-to-day lives to accrue multifaceted benefits. It is absolutely fair to say that a day without connected IoT systems, such as smart devices, smart enterprises, smart homes or offices, etc., would hamper our conveniences, drastically. Many IoT applications for these connected systems are safety-critical, and any unauthorized access could have severe consequences to their consumers and society. In the overall IoT security spectrum, human-to-machine authentication for IoT applications is a critical and foremost challenge owing to highly prescriptive characteristics of conventional user authentication schemes, i.e., knowledge-based or token-based authentication schemes, currently used in them. Furthermore, studies have reported numerous users’ concerns, from both the security and usability perspectives, that users are facing in using available authentication schemes for IoT applications. Therefore, an impetus is required to upgrade user authentication schemes for new IoT age applications to address any unforeseen incidents or unintended consequences. This dissertation aims at designing next-generation user authentication schemes for IoT applications to secure connected systems, namely, smart devices, smart enterprises, smart homes, or offices. To accomplish my research objectives, I perform a thorough study of ways and types of user authentication mechanisms emphasizing their security and usability ramifications. Subsequently, based on the substantive findings of my studies, I design, prototype, and validate our proposed user authentication schemes. I exploit both physiological and behavioral biometrics to design novel schemes that provide implicit (frictionless), continuous (active) or risk-based (non-static) authentication for multi-user scenarios. Afterward, I present a comparative analysis of the proposed schemes in terms of accuracy against the available state-of-the-art user authentication solutions. Also, I conduct SUS surveys to evaluate the usability of user authentication schemes.