pith. sign in

arxiv: 1907.05527 · v1 · pith:H7ZQ2PAFnew · submitted 2019-07-12 · 💻 cs.CR

A Federated Lightweight Authentication Protocol for the Internet of Things

Maria L. B. A. Santos , Jessica C. Carneiro , Antonio M. R. Franco , Fernando A. Teixeira , Marco A. Henriques , Leonardo B. Oliveira This is my paper

Pith reviewed 2026-05-24 22:56 UTC · model grok-4.3

classification 💻 cs.CR
keywords federated identity managementIoT authenticationlightweight protocolsymmetric cryptographyimplicit certificatesresource-constrained devicesArduino evaluation
0
0 comments X

The pith

FLAT replaces heavy asymmetric cryptography in federated identity systems with symmetric cryptosystems and implicit certificates for IoT.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper argues that standard federated identity management systems rely on protocols and primitives too heavy for IoT devices. It introduces FLAT as a tailored protocol that uses lighter symmetric methods and implicit certificates instead. Measurements indicate this change cuts total data exchange overhead by roughly 31 percent versus a baseline while also lowering client-side transmission, reception, computation time, and overall exchange. The work shows the protocol still functions on low-resource hardware such as Arduino. A reader would care because IoT deployments need authentication that protects privacy without exhausting device resources.

Core claim

FLAT is a federated identity authentication protocol built for IoT that replaces weighty protocols and asymmetric cryptographic primitives with symmetric cryptosystems and implicit certificates. When compared with a baseline solution, FLAT reduces data exchange overhead by around 31 percent. The client component transmits less data, receives less data, exchanges less data overall, and finishes faster. The protocol continues to run efficiently on constrained platforms such as Arduino while preserving the security properties expected from traditional federated identity management.

What carries the argument

FLAT, the protocol that combines symmetric cryptosystems with implicit certificates to perform federated authentication without the overhead of traditional FIdM primitives.

If this is right

  • IoT devices can perform federated authentication with substantially lower communication cost.
  • Client-side operations become cheaper in transmitted bytes, received bytes, total bytes, and CPU time.
  • The same protocol remains usable on typical constrained microcontrollers without custom hardware.
  • Symmetric primitives plus implicit certificates suffice to replace heavier asymmetric stacks in this setting.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar lightweight replacements might apply to other resource-limited domains such as industrial sensors or medical wearables.
  • Widespread use could reduce the energy cost of identity checks across large fleets of battery-powered nodes.
  • The design leaves open the question of how FLAT would scale when many identity providers are involved simultaneously.

Load-bearing premise

The selected baseline accurately stands in for conventional federated identity management systems in IoT and FLAT keeps equivalent security guarantees while delivering the measured efficiency gains.

What would settle it

A side-by-side run on Arduino hardware that shows FLAT achieving less than a 20 percent reduction in total data exchange or that reveals a security property weaker than the baseline would falsify the central efficiency claim.

Figures

Figures reproduced from arXiv: 1907.05527 by Antonio M. R. Franco, Fernando A. Teixeira, Jessica C. Carneiro, Leonardo B. Oliveira, Marco A. Henriques, Maria L. B. A. Santos.

Figure 1
Figure 1. Figure 1: Traditional FIdM (adapted from Birrell and Schneider (2013), Figure 2). [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: FLAT applied to a tollway scenario. 3.2. Description [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: FLAT Message description. 3.4. Message description. The message used in FLAT is shown in [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Client’s finite-state machine-like implementation. [PITH_FULL_IMAGE:figures/full_fig_p011_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: FLAT architecture. We used RELIC6 as an underlying cryptographic library. On top of RELIC, we imple￾mented higher-level cryptosystems like Implicit Certificates. Besides, the toolkit already im￾plemented more common cryptosystems needed in FLAT like ECDSA, ECIES, AES, and HMAC. Respectively, FLAT employs these cryptosystems for digitally signing, asymmetri￾cally encrypting, symmetrically encrypting, and me… view at source ↗
Figure 6
Figure 6. Figure 6: FLAT demo: access (a) granted and (b) denied. [PITH_FULL_IMAGE:figures/full_fig_p013_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: SRAM costs. 5.1. RAM & Storage We make use of another protocol as a starting point for some comparisons and call it baseline. The baseline is similar to a traditional FIdM protocol ( [PITH_FULL_IMAGE:figures/full_fig_p014_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Communication costs. 5.2. Communication [PITH_FULL_IMAGE:figures/full_fig_p015_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Computation costs. end up being 4% and 2% less computationally efficient than baseline, respectively. But this is a very small price to pay compared to the gains obtained on other fronts. 1 10 100 1000 10000 FLAT Baseline Milliseconds Total Protocol Run-Time [PITH_FULL_IMAGE:figures/full_fig_p016_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Total protocol run-time. 5.4. Total Run-time We have measured the total amount of time that takes to run FLAT—i.e., around 65 ms ( [PITH_FULL_IMAGE:figures/full_fig_p016_10.png] view at source ↗
read the original abstract

Considering the world's IoT development and market, it is necessary to guarantee the security of the developed IoT applications as well as the privacy of their end users. In this sense, Federated Identity Management (FIdM) systems can be of great help as they improve user authentication and privacy. In this paper, we claim that traditional FIdM are mostly cumbersome and then ill-suited for IoT. As a solution to this problem, we come up with a federated identity authentication protocol exclusively tailored to IoT. Federated Lightweight Authentication of Things (FLAT), our solution, replaces weighty protocols and asymmetric cryptographic primitives used in traditional FIdM by lighter ones. For instance, FLAT synergistically combines symmetric cryptosystems and Implicit Certificates. The results show that FLAT can reduce the data exchange overhead by around 31% when compared to a baseline solution. FLAT's Client is also more efficient than the baseline solution in terms of data transmitted, data received, total data exchange, and computation time. Our results indicate that FLAT runs efficiently even on top of resource-constrained devices like Arduino.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper proposes Federated Lightweight Authentication of Things (FLAT), a protocol for federated identity management tailored to IoT. It replaces asymmetric primitives in traditional FIdM with symmetric cryptosystems and implicit certificates, and reports experimental results on Arduino showing ~31% reduction in data exchange overhead versus a baseline, plus gains in transmitted/received data, total exchange, and computation time.

Significance. If the security properties are equivalent to the baseline and the implementation details hold, the work offers a practical efficiency improvement for resource-constrained IoT authentication. The concrete Arduino measurements provide direct evidence of feasibility on constrained hardware, which strengthens the applied contribution.

major comments (2)
  1. [Evaluation] Evaluation section: the baseline protocol is not defined or justified in sufficient detail to establish it as representative of traditional FIdM systems; without explicit comparison of security properties and protocol steps, the 31% overhead reduction claim cannot be assessed for fairness.
  2. [Security Analysis] Security Analysis section (or equivalent): no threat model, informal security arguments, or reduction to standard assumptions is supplied to support the claim that FLAT maintains equivalent security while using lighter primitives; this is load-bearing for interpreting the efficiency results as a net improvement.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments. We address each major point below and will revise the manuscript to improve the evaluation and security sections.

read point-by-point responses

  1. Referee: [Evaluation] Evaluation section: the baseline protocol is not defined or justified in sufficient detail to establish it as representative of traditional FIdM systems; without explicit comparison of security properties and protocol steps, the 31% overhead reduction claim cannot be assessed for fairness.

    Authors: We agree that the baseline requires fuller specification for readers to evaluate the comparison. The baseline is a representative traditional FIdM protocol using asymmetric primitives (adapted from common federated authentication flows). In the revision we will add a complete description of its protocol steps, explicit security properties, and a side-by-side comparison with FLAT to substantiate the overhead measurements. revision: yes

  2. Referee: [Security Analysis] Security Analysis section (or equivalent): no threat model, informal security arguments, or reduction to standard assumptions is supplied to support the claim that FLAT maintains equivalent security while using lighter primitives; this is load-bearing for interpreting the efficiency results as a net improvement.

    Authors: We acknowledge the absence of an explicit threat model and security arguments in the current manuscript. Although the protocol design substitutes symmetric cryptosystems and implicit certificates while retaining the authentication structure, we will add a dedicated section containing an IoT-specific threat model and informal arguments showing preservation of the relevant security properties under standard assumptions. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper presents a protocol design and reports experimental performance measurements (e.g., 31% overhead reduction versus a baseline) without any equations, derivations, fitted parameters, or mathematical claims that could reduce to self-definition or self-citation. All load-bearing assertions rest on direct implementation results on resource-constrained devices and informal security arguments, none of which invoke prior author work as a uniqueness theorem or ansatz. This is the normal case of an applied systems paper whose central results are externally falsifiable via replication of the experiments.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract mentions no free parameters, axioms, or invented entities. The approach relies on standard symmetric cryptography and implicit certificates from prior literature.

pith-pipeline@v0.9.0 · 5747 in / 960 out tokens · 18707 ms · 2026-05-24T22:56:14.605822+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

42 extracted references · 42 canonical work pages

  1. [1]

    The internet of things: A survey

    Atzori, L., Iera, A., Morabito, G., 2010. The internet of things: A survey. Computer networks 54, 2787–2805. B. Oliveira, L., Kansal, A., Priyantha, B., Goraczko, M., Zhao, F., 2009. Secure-TWS: Au- thenticating Node to Multi-user Communication in Shared Sensor Networks, in: ACM In- ternational Conference on Information Processing in Sensor Networks (IPSN...

    work page 2010

  2. [2]

    Updating Key Size Estimations for Pairings

    Barbulescu, R., Duquesne, S., 2017. Updating Key Size Estimations for Pairings. Journal of Cryptology , 1–39

    work page 2017

  3. [3]

    Federated Identity Management Systems: A Privacy-based Characterization

    Birrell, E., Schneider, F.B., 2013. Federated Identity Management Systems: A Privacy-based Characterization. IEEE Security & Privacy 11, 36–48

    work page 2013

  4. [4]

    The internet of things vision: Key features, applications and open issues

    Borgia, E., 2014. The internet of things vision: Key features, applications and open issues. Computer Communications 54, 1–31

    work page 2014

  5. [5]

    Security of ecqv-certified ecdsa against passive adversaries

    Brown, D.R., Campagna, M.J., Vanstone, S.A., 2009. Security of ecqv-certified ecdsa against passive adversaries. IACR Cryptology ePrint Archive 2009, 620

    work page 2009

  6. [6]

    Provably Secure Implicit Certificate Schemes, in: International Conference on Financial Cryptography (FC’02), pp

    Brown, D.R.L., Gallant, R.P., Vanstone, S.A., 2002. Provably Secure Implicit Certificate Schemes, in: International Conference on Financial Cryptography (FC’02), pp. 156–165

    work page 2002

  7. [7]

    Federated Identity Management

    Chadwick, D., 2009. Federated Identity Management. Foundations of Security Analysis and Design V , 96–120

    work page 2009

  8. [8]

    Attribute Aggregation in Federated Identity Management

    Chadwick, D.W., Inman, G., 2009. Attribute Aggregation in Federated Identity Management. IEEE Computer 42, 33–40

    work page 2009

  9. [9]

    IoT-OAS: An OAuth-based Authorization Service Architecture for Secure Services in IoT Scenarios

    Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G., 2015. IoT-OAS: An OAuth-based Authorization Service Architecture for Secure Services in IoT Scenarios. IEEE Sensors Journal 15, 1224–1234

    work page 2015

  10. [10]

    An authentication and Authorization Infrastructure for the Web of Things, in: ACM Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’16), pp

    Domenech, M.C., Boukerche, A., Wangham, M.S., 2016. An authentication and Authorization Infrastructure for the Web of Things, in: ACM Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’16), pp. 39–46. 21

    work page 2016

  11. [11]

    OAuthing: Privacy-enhancing Federation for the Internet of Things, in: Cloudification of the Internet of Things (CIoT’16), pp

    Fremantle, P., Aziz, B., 2016. OAuthing: Privacy-enhancing Federation for the Internet of Things, in: Cloudification of the Internet of Things (CIoT’16), pp. 1–6

    work page 2016

  12. [12]

    Federated Identity and Access Manage- ment for the Internet of Things, in: International Workshop on Secure Internet of Things (SIoT’14), pp

    Fremantle, P., Aziz, B., Kopecký, J., Scott, P., 2014. Federated Identity and Access Manage- ment for the Internet of Things, in: International Workshop on Secure Internet of Things (SIoT’14), pp. 10–17

    work page 2014

  13. [13]

    Internet of things (iot): A vision, architectural elements, and future directions

    Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M., 2013. Internet of things (iot): A vision, architectural elements, and future directions. Future generation computer systems 29, 1645– 1660

    work page 2013

  14. [14]

    Bubbles of trust: A decentralized blockchain-based authentication system for iot

    Hammi, M.T., Hammi, B., Bellot, P., Serhrouchni, A., 2018. Bubbles of trust: A decentralized blockchain-based authentication system for iot. Computers & Security 78, 126 – 142

    work page 2018

  15. [15]

    An Analysis of RFID Authentication Schemes for Internet of Things in Healthcare Environment Using Elliptic Curve Cryptography

    He, D., Zeadally, S., 2015. An Analysis of RFID Authentication Schemes for Internet of Things in Healthcare Environment Using Elliptic Curve Cryptography. IEEE Internet of Things Journal 2, 72–83

    work page 2015

  16. [16]

    Demo: Building Comprehensible Access Control for the Internet of Things Using Beetle, in: ACM International Conference on Mobile Systems, Applications, and Services (MobiSys’16)

    Hong, J., Levy, A., Levis, P., 2016. Demo: Building Comprehensible Access Control for the Internet of Things Using Beetle, in: ACM International Conference on Mobile Systems, Applications, and Services (MobiSys’16)

    work page 2016

  17. [17]

    Identity Management Framework for Cloud Based Internet of Things, in: International Conference on Security of Internet of Things (SecurIT’12), pp

    Horrow, S., Sardana, A., 2012. Identity Management Framework for Cloud Based Internet of Things, in: International Conference on Security of Internet of Things (SecurIT’12), pp. 200–203

    work page 2012

  18. [18]

    Towards Viable Certificate-based Authentication for the Internet of Things, in: Workshop on Hot Topics on Wireless Network Security and Privacy (HotWiSec’13), ACM

    Hummen, R., Ziegeldorf, J.H., Shafagh, H., Raza, S., Wehrle, K., 2013. Towards Viable Certificate-based Authentication for the Internet of Things, in: Workshop on Hot Topics on Wireless Network Security and Privacy (HotWiSec’13), ACM. pp. 37–42

    work page 2013

  19. [19]

    UnlimitID: Privacy-preserving Federated Identity Management Using Algebraic MACs, in: Workshop on Privacy in the Electronic Society (WPES’16), ACM

    Isaakidis, M., Halpin, H., Danezis, G., 2016. UnlimitID: Privacy-preserving Federated Identity Management Using Algebraic MACs, in: Workshop on Privacy in the Electronic Society (WPES’16), ACM. pp. 139–142

    work page 2016

  20. [20]

    A secure authenti- cation scheme based on elliptic curve cryptography for iot and cloud servers

    Kumari, S., Karuppiah, M., Das, A.K., Li, X., Wu, F., Kumar, N., 2018. A secure authenti- cation scheme based on elliptic curve cryptography for iot and cloud servers. The Journal of Supercomputing 74, 6428–6453

    work page 2018

  21. [21]

    A Three-factor Anonymous Authentication Scheme for Wireless Sensor Networks in Internet of Things Environments

    Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A.K., Choo, K.K.R., 2018. A Three-factor Anonymous Authentication Scheme for Wireless Sensor Networks in Internet of Things Environments. Journal of Network and Computer Applications 103, 194–204. 22

    work page 2018

  22. [22]

    Authentication and Access Control in the Internet of Things, in: International Conference on Distributed Computing Systems Workshops (ICD- CSW), IEEE

    Liu, J., Xiao, Y., Chen, C.P., 2012. Authentication and Access Control in the Internet of Things, in: International Conference on Distributed Computing Systems Workshops (ICD- CSW), IEEE. pp. 588–592

    work page 2012

  23. [23]

    Implementing Public-Key Infrastructure for Sensor Networks

    Malan, D.J., Welsh, M., Smith, M.D., 2008. Implementing Public-Key Infrastructure for Sensor Networks. ACM Transactions on Sensor Networks 4, 22:1–22:23

    work page 2008

  24. [24]

    The Venn of Identity: Options and Issues in Federated Identity Management

    Maler, E., Reed, D., 2008. The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security & Privacy 6, 16–23

    work page 2008

  25. [25]

    Federated End-to-end Authentication for the Constrained Internet of Things Using IBC and ECC

    Markmann, T., Schmidt, T.C., Wählisch, M., 2015. Federated End-to-end Authentication for the Constrained Internet of Things Using IBC and ECC. ACM SIGCOMM Computer Communication Review 45, 603–604

    work page 2015

  26. [26]

    Miettinen, M., Huang, J., Nguyen, T.D., Asokan, N., Sadeghi, A.R., 2016. POSTER: Friend or Foe? Context Authentication for Trust Domain Separation in IoT Environments, in: ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec’16), ACM. pp. 225–226

    work page 2016

  27. [27]

    AoT: Authentication and Access Control for the Entire IoT Device Life-cycle, in: ACM Conference on Embedded Network Sensor Systems (Sensys’16), ACM

    Loureiro, A.A., Aranha, D.F., Patil, H.K., et al., 2016. AoT: Authentication and Access Control for the Entire IoT Device Life-cycle, in: ACM Conference on Embedded Network Sensor Systems (Sensys’16), ACM. pp. 1–15

    work page 2016

  28. [28]

    Chal- lenges of multi-factor authentication for securing advanced iot applications

    Ometov, A., Petrov, V., Bezzateev, S., Andreev, S., Koucheryavy, Y., Gerla, M., 2019. Chal- lenges of multi-factor authentication for securing advanced iot applications. IEEE Network 33, 82–88

    work page 2019

  29. [29]

    SPINS: Security Protocols for Sensor Networks

    Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J.D., 2002. SPINS: Security Protocols for Sensor Networks. Wireless Networks 8, 521–534

    work page 2002

  30. [30]

    Two-phase Authen- tication Protocol for Wireless Sensor Networks in Distributed IoT Applications, in: IEEE Wireless Communications and Networking Conference (WCNC’14), IEEE

    Porambage, P., Schmitt, C., Kumar, P., Gurtov, A., Ylianttila, M., 2014. Two-phase Authen- tication Protocol for Wireless Sensor Networks in Distributed IoT Applications, in: IEEE Wireless Communications and Networking Conference (WCNC’14), IEEE. pp. 2728–2733

    work page 2014

  31. [31]

    Federated authentication of things: Demo abstract, in: Proceedings of the 17th ACM/IEEE International Conference on Information Processing in Sensor Networks, IEEE Press

    Santos, M.L.B.A., Carneiro, J.C., Teixeira, F.A., Franco, A.M.R., Henriques, M.A.A., Oliveira, L.B., 2018. Federated authentication of things: Demo abstract, in: Proceedings of the 17th ACM/IEEE International Conference on Information Processing in Sensor Networks, IEEE Press. pp. 136–137

    work page 2018

  32. [32]

    Federated Identity Management

    Shim, S.S.Y., Bhalla, G., Pendyala, V., 2005. Federated Identity Management. IEEE Com- puter 38, 120–122

    work page 2005

  33. [33]

    Cryptography and Network Security: Principles and Practice

    Stallings, W., 2016. Cryptography and Network Security: Principles and Practice. Pearson

    work page 2016

  34. [34]

    Kerberos: An Authentication Service for Open Network Systems, in: USENIX Winter, USENIX

    Steiner, J.G., Neuman, B.C., Schiller, J.I., 1988. Kerberos: An Authentication Service for Open Network Systems, in: USENIX Winter, USENIX. pp. 191–202

    work page 1988

  35. [35]

    Physical Unclonable Functions for Device Authentication and Secret Key Generation, in: ACM/IEEE Design Automation Conference (DAC’07), ACM/IEEE

    Suh, G.E., Devadas, S., 2007. Physical Unclonable Functions for Device Authentication and Secret Key Generation, in: ACM/IEEE Design Automation Conference (DAC’07), ACM/IEEE. IEEE. pp. 9–14. 23 Turkanović, M., Brumen, B., Hölbl, M., 2014. A Novel User Authentication and Key Agree- ment Scheme for Heterogeneous Ad Hoc Wireless Sensor Networks, Based on the...

    work page 2007

  36. [36]

    Service Discovery for Mobile Ad Hoc Networks: a Survey of Issues and Techniques

    Ververidis, C.N., Polyzos, G.C., 2008. Service Discovery for Mobile Ad Hoc Networks: a Survey of Issues and Techniques. IEEE Communications Surveys & Tutorials 10, 30–45

    work page 2008

  37. [37]

    On the Anonymity of Two-factor Authentication Schemes for Wireless Sensor Networks: Attacks, Principle and Solutions

    Wang, D., Wang, P., 2014. On the Anonymity of Two-factor Authentication Schemes for Wireless Sensor Networks: Attacks, Principle and Solutions. Computer Networks 73, 41– 57

    work page 2014

  38. [38]

    An IdM and Key-based Au- thentication Method for Providing Single Sign-on in IoT, in: IEEE Global Communications Conference (GLOBECOM’15), IEEE

    Witkovski, A., Santin, A., Abreu, V., Marynowski, J., 2015. An IdM and Key-based Au- thentication Method for Providing Single Sign-on in IoT, in: IEEE Global Communications Conference (GLOBECOM’15), IEEE. pp. 1–6

    work page 2015

  39. [39]

    Instant and Ro- bust Authentication and Key Agreement Among Mobile Devices, in: ACM Conference on Computer and Communications Security (CCS’16), ACM

    Xi, W., Qian, C., Han, J., Zhao, K., Zhong, S., Li, X.Y., Zhao, J., 2016. Instant and Ro- bust Authentication and Key Agreement Among Mobile Devices, in: ACM Conference on Computer and Communications Security (CCS’16), ACM. pp. 616–627

    work page 2016

  40. [40]

    ETA: Efficient and Tiny and Authentication for Heterogeneous Wireless Systems, in: ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’13), ACM

    Yavuz, A.A., 2013. ETA: Efficient and Tiny and Authentication for Heterogeneous Wireless Systems, in: ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’13), ACM. pp. 67–72

    work page 2013

  41. [41]

    E-aua: An efficient anonymous user authentication protocol for mobile iot

    Zeng, X., Xu, G., Zheng, X., Xiang, Y., Zhou, W., 2018. E-aua: An efficient anonymous user authentication protocol for mobile iot. IEEE Internet of Things Journal 6, 1506–1519

    work page 2018

  42. [42]

    Authscope: Towards Automatic Discovery of Vulnerable Authorizations in Online Services, in: ACM Conference on Computer and Communications Security (CCS’17), ACM

    Zuo, C., Zhao, Q., Lin, Z., 2017. Authscope: Towards Automatic Discovery of Vulnerable Authorizations in Online Services, in: ACM Conference on Computer and Communications Security (CCS’17), ACM. pp. 799–813. 24

    work page 2017