IT devices are day-by-day becoming more pervasive in several application fields and in the everyday life. The major driving factors are the ever increasing coverage of the Internet connectivity, the extreme popularity and capillarity of smartphones, tablets and wearables, together with the consolidation of the Internet of Things (IoT) paradigm. As a matter of fact, interconnected devices directly control and take decisions on industrial processes, regulate infrastructures and services in smart-cities, and manage quality-of-life and safety in smart-homes, taking decisions with user interactions or even autonomously. The involvement of these devices in so many applications, unfortunately introduces a set of unavoidable security and safety implications, related to both the criticality of the aforementioned applications and to the privacy of sensitive information produced and exploited in the process. To address these and other related issues, there is an increasing need of instruments to control the access and the right to perform specific actions on devices or data. These instruments need to be able to cope with the high complexity of the considered applications and environments, being flexible and adaptable to different contexts and architectures, from centralized to fully-distributed, able to handle a high amount of information as well as taking into account non-conventional trust assumptions. The considered technologies should regulate the actions of both human users and autonomous devices, being effective in enforcing security policies, still without introducing noticeable overhead, both on the side of performance and user experience. Hence, the design of secure and efficient mechanisms for continuous authentication, requiring limited-to-no active interaction is solicited. The ETAA workshop aims at being a forum for researchers and practitioners of security active in the field of new technologies for authenticating users and devices, and enforce security policies in new and emerging applications related to mobile/wearable devices and IoT.

Topics of interest include but are not limited to:

Behavioral Authentication Mechanisms
Emerging Technologies for Biometric Authentication
Novel Privacy challenges in Biometric Authentication
Context-based evolutionary policies.
Access and Usage Control in Mobile and Distributed Systems
Access and Usage Control in IoT
Social, Ethic and Legal Aspects of Biometric and Behavioral Authentication
Legal, Ethic and Forensic Aspects of Authorization
Aspects and Models of Authentication and Authorization through social networks.
Novel schemes for Trust and Reputation in Distributed Environments
Policy languages for advanced Access and Usage Control
Enforcement for Seamless and Continuous Authentication
Advanced authentication and authorization techniques for protecting Critical Infrastructures
Authentication protocols and Cryptography for IoT and Critical Infrastructure
Application of advanced authentication and authorization techniques to specific scenarios