{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T11:07:16Z","timestamp":1769857636335,"version":"3.49.0"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032155405","type":"print"},{"value":"9783032155412","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-15541-2_18","type":"book-chapter","created":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T20:07:49Z","timestamp":1769803669000},"page":"328-343","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["JWT Back to\u00a0the\u00a0Future on the\u00a0(Ab)use of\u00a0JWTs in\u00a0IoT Transactions"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8837-1356","authenticated-orcid":false,"given":"Alberto","family":"Battistello","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5122-1589","authenticated-orcid":false,"given":"Guido","family":"Bertoni","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0282-8894","authenticated-orcid":false,"given":"Filippo","family":"Melzani","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2901-2972","authenticated-orcid":false,"given":"Maria Chiara","family":"Molteni","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,31]]},"reference":[{"key":"18_CR1","unstructured":"Keys, Algorithms, COSE and CWT in Go. https:\/\/github.com\/ldclabs\/cose"},{"key":"18_CR2","unstructured":"Arduino: Arduino cloud provider examples (2019). https:\/\/github.com\/arduino\/ArduinoCloudProviderExamples"},{"key":"18_CR3","unstructured":"Arduino: Arduino eccx08jwspublickey (2019). https:\/\/github.com\/arduino-libraries\/ArduinoECCX08\/tree\/master\/examples\/Tools\/ECCX08JWSPublicKey"},{"key":"18_CR4","unstructured":"Arduino: Securely connecting a MKR GSM 1400 to google cloud IoT core (2024). https:\/\/docs.arduino.cc\/tutorials\/mkr-gsm-1400\/securely-connecting-a-mkr-gsm-1400-to-google-cloud-iot-core\/"},{"key":"18_CR5","unstructured":"ARM: ARM PSA. https:\/\/datatracker.ietf.org\/doc\/html\/draft-tschofenig-rats-psa-token"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Beltran, V., Skarmeta, A.F.: An overview on delegated authorization for CoAP: authentication and authorization for constrained environments (ACE). In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 706\u2013710 (2016)","DOI":"10.1109\/WF-IoT.2016.7845482"},{"key":"18_CR7","unstructured":"Black, J.: Authenticated encryption (2005)"},{"key":"18_CR8","doi-asserted-by":"crossref","unstructured":"Bormann, C., Hoffman, P.E.: Concise Binary Object Representation (CBOR). RFC 8949, December 2020","DOI":"10.17487\/RFC8949"},{"key":"18_CR9","unstructured":"Davis, D.: Defective sign & encrypt in S\/MIME, PKCS# 7, MOSS, PEM, PGP, and XML. In: USENIX Annual Technical Conference, General Track, pp. 65\u201378 (2001)"},{"key":"18_CR10","unstructured":"Analog Devices: How to create a secure Google to IoT core connection with MAXQ1065. https:\/\/www.analog.com\/en\/resources\/app-notes\/how-to-create-a-secure-google-iot-core-connection-with-maxq1065.html"},{"key":"18_CR11","unstructured":"Ericsson: ACE-OAuth \u2013 A new standard for lightweight authorization and access control. https:\/\/www.ericsson.com\/en\/blog\/2023\/7\/ace-oauth-standard-for-lightweight-authorization"},{"key":"18_CR12","unstructured":"Espressif: ESP32-WROOM-32SE. https:\/\/docs.espressif.com\/projects\/esp-idf\/en\/release-v4.3\/esp32\/api-reference\/peripherals\/secure_element.html"},{"key":"18_CR13","unstructured":"HiveMQ GmbH: Step Up Your MQTT Security with JWT Authentication on HiveMQ Cloud Starter. https:\/\/www.hivemq.com\/blog\/step-up-mqtt-security-jwt-authentication\/. Posted 18 Mar 2024"},{"key":"18_CR14","unstructured":"Google: Securing cloud-connected devices with cloud IoT and microchip (2018). https:\/\/cloud.google.com\/blog\/products\/gcp\/securing-cloud-connected-devices-with-cloud-iot-and-microchip"},{"key":"18_CR15","unstructured":"Google: GCP-IoT-core-examples (2023). https:\/\/cloud.google.com\/iot\/docs\/how-tos\/credentials\/jwts"},{"key":"18_CR16","unstructured":"IANA: IANA JSON Web Token registered Claims. https:\/\/www.iana.org\/assignments\/jwt\/jwt.xhtml"},{"key":"18_CR17","unstructured":"EMQ\u00a0Technologies Inc.: Migrate Your Business from GCP IoT Core 03 Use JSON Web Token (JWT) to Verify Device Credentials. https:\/\/www.emqx.com\/en\/blog\/migrate-your-business-from-gcp-iot-core-03. Posted 28 Nov 2022"},{"key":"18_CR18","unstructured":"Google Inc.: Best practices for running an IoT backend on google cloud. https:\/\/cloud.google.com\/architecture\/connected-devices\/bps-running-iot-backend-securely"},{"key":"18_CR19","unstructured":"Google Inc.: Google cloud platform IoT Arduino examples (2020). https:\/\/github.com\/GoogleCloudPlatform\/google-cloud-iot-arduino"},{"key":"18_CR20","doi-asserted-by":"crossref","unstructured":"Jones, M., Bradley, J., Sakimura, N.: JSON Web Signature (JWS). RFC 7515, RFC Editor (2015)","DOI":"10.17487\/RFC7515"},{"key":"18_CR21","doi-asserted-by":"crossref","unstructured":"Jones, M., Bradley, J., Sakimura, N.: JSON Web Token (JWT). RFC 7519, RFC Editor (2015)","DOI":"10.17487\/RFC7519"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Jones, M., Hildebrand, J.: JSON Web Encryption (JWE). RFC 7516, RFC Editor (2015)","DOI":"10.17487\/RFC7516"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Jones, M.B., Wahlstroem, E., Erdtman, S., Tschofenig, H.: CBOR Web Token (CWT). RFC 8392, May 2018","DOI":"10.17487\/RFC8392"},{"key":"18_CR24","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T., Richer, J., Campbell, B.: OAuth 2.0 Rich Authorization Requests. RFC 9396, RFC Editor (2023)","DOI":"10.17487\/RFC9396"},{"key":"18_CR25","unstructured":"Hollebeek, T., Velvindron, L.: Authentication and authorization for constrained environments. Internet-Draft draft-ietf-ace-about, Internet Engineering Task Force (2018). Work in Progress"},{"key":"18_CR26","doi-asserted-by":"crossref","unstructured":"Lundblade, L., Mandyam, G., O\u2019Donoghue, J., Wallace, C.: The entity attestation token (EAT). Internet-Draft draft-ietf-rats-eat-26, Internet Engineering Task Force, May 2024. Work in Progress","DOI":"10.17487\/RFC9711"},{"key":"18_CR27","unstructured":"Motorola: Single-Chip Microcomputer Data (1984). https:\/\/archive.org\/details\/bitsavers_motoroladaSingleChipMicrocomputerData_68061538"},{"key":"18_CR28","unstructured":"NXP: A71CH for secure connection to Google cloud IoT core. https:\/\/www.nxp.com\/docs\/en\/application-note\/AN12199.pdf"},{"key":"18_CR29","unstructured":"NXP: I2C-bus specification and user manual, 1 October 2021. https:\/\/www.nxp.com\/docs\/en\/user-guide\/UM10204.pdf"},{"key":"18_CR30","unstructured":"Inc. Okta. JWT.io. https:\/\/jwt.io"},{"key":"18_CR31","unstructured":"Palombini, F., Tiloca, M.: Key provisioning for group communication using ACE. Internet-Draft draft-ietf-ace-key-groupcomm-19, Internet Engineering Task Force, April 2024. Work in Progress"},{"key":"18_CR32","doi-asserted-by":"crossref","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, RFC Editor (2018)","DOI":"10.17487\/RFC8446"},{"key":"18_CR33","unstructured":"SAFE-eV. ECMF. https:\/\/github.com\/SAFE-eV\/OCMF-Open-Charge-Metering-Format\/blob\/master\/OCMF-en.md"},{"key":"18_CR34","unstructured":"Shingala, K.: JSON web token (JWT) based client authentication in message queuing telemetry transport (MQTT). CoRR, abs\/1903.02895 (2019)"},{"key":"18_CR35","unstructured":"Arduino S.r.l. Arduino security primer (2020). https:\/\/blog.arduino.cc\/2020\/07\/02\/arduino-security-primer\/"},{"key":"18_CR36","unstructured":"OASIS Standard: MQTT version 5.0 (2019). Retrieved 22 June 2020"}],"container-title":["Lecture Notes in Computer Science","Lightweight Cryptography for Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-15541-2_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T20:07:51Z","timestamp":1769803671000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-15541-2_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032155405","9783032155412"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-15541-2_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"31 January 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"LightSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Lightweight Cryptography for Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Istanbul","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"T\u00fcrkiye","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"lightsec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.encrypt-on.com\/activities\/conferences\/lightsec-2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}