Privacy-Preserving Single-Sign-on With Fine-Grained Access Control for IoT Devices.

IoT-based sharing economy is a win-win business model, where a transferor owns idle IoT devices and transfers the right to use a device to a user for a fee. Considering usage of multiple devices and privacy preservation, anonymous single-sign-on (ASSO) is a feasible solution for authentication. ASSO allows a user to access multiple devices with one token issued by the transferor and prevents the transferor from identifying the user. We also observe that in the scenario of IoT-based sharing economy, the token should (i) support attributes since a device should be available only to users with specific attributes (e.g., age) and (ii) avoid incurring significant communication/computation overhead as IoT devices are resource-constrained. In this paper, we proposed PILOT, a privacy-preserving single-sign-on with fine-grained access control for IoT devices. When a user attempts to access a device, he/she requests a token from the transferor. The token is actually a blind signature that cannot be tracked, and contains the user’s attributes which facilitate fine-grained access control on the device. Besides, the token consists of only four group elements and verification of the token involves only several exponentiation operations. This renders PILOT superior in terms of communication/computation overhead and suitable for IoT devices.