Which authentication method to choose. A legal perspective on user-device authentication in IoT ecosystems (Draft version)

The IoT has raised a set of challenges due to the enormous amount of data processed and the complex implementation of mechanisms to guarantee these data are exclusively accessed by authorized users. In these ecosystems some devices represent a first “access door” to data obtained from other devices or stored in the Cloud, therefore there is a particular need to implement strong authentication mechanisms that limit unauthorized accesses to thereof. The aim of this paper is to offer a legal perspective on the forces tensioning in the most common authentication methods implemented in this type of devices, account taken of the particularities of an IoT ecosystem. Due to the topic object of discussion, it is necessary to lay the technological ground in order to perform a subsequent legal analysis. The conclusions attempt to answer the question of which authentication method could be the best choice as well as offering some lines for further research and development in the area.