OAuthing: privacy-enhancing federation for the Internet of Things

Paul Fremantle, Benjamin Aziz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

290 Downloads (Pure)


The Internet of Things (IoT) has significant security and privacy risks. Currently, most devices connect to a cloud service that is provided by the manufacturer of the device.

We outline a proposed model for IoT that allows the identity of users and devices to be federated. Users and devices are issued with secure, random, anonymised identities that are not shared with third-parties. We demonstrate how devices can be connected to third-party applications without inherently de-anonymising them. Sensor data and actuator commands are federated through APIs to cloud services. All access to device data and commands is based on explicit consent from users. Each user’s data is handled by a personal cloud instance providing improved security and isolation.

We demonstrate this model is workable with a prototype system that implements the major features of the model. We present experiment results including performance, capacity and cost metrics from the prototype. We compare this work with other related work, and outline areas for discussion and future work.
Original languageEnglish
Title of host publicationProceedings of the Second International Conference on Cloudification of the Internet of Things
PublisherIEEE Computer Society
ISBN (Electronic)978-1509049608
ISBN (Print)978-1509049615
Publication statusPublished - 9 Mar 2017
Event2nd Cloudification on the Internet of Things: CIoT 2016 - Paris, France
Duration: 23 Nov 201625 Nov 2016


Conference2nd Cloudification on the Internet of Things


  • Internet of Things
  • data privacy
  • security
  • middleware
  • risk analysis
  • application program interfaces
  • cloud computing


Dive into the research topics of 'OAuthing: privacy-enhancing federation for the Internet of Things'. Together they form a unique fingerprint.

Cite this