9.1. Introduction

The Internet of Things (IoT) is developing today in many sectors such as energy, telecommunications, e-health or transport systems (Chen et al. 2014). This advent of the IoT has led to a significant increase of the number of connected objects: watches, cameras, lighting systems, electric meters, etc.

To guarantee the proper functioning of applications in the IoT, it is vital to make these connected objects secure (Xiao et al. 2018). Indeed, if these objects are compromised, it could lead to many types of attack: denial of service, ransomware, industrial espionage, etc. In this security process, identity and access management is an essential first step. By authenticating communicating objects and by controlling access to resources (storage, calculation and communication links), it could be possible to limit the risk of objects being compromised (Fang et al. 2020a).

However, classical authentication and access control solutions could be complex to apply in the IoT environment (Xiao et al. 2018). Indeed, many connected objects only have limited capabilities and it would not be possible to deploy cryptographic solutions that are costly in terms of bandwidth, energy and calculating capacity ...