On the Integration of Self-Sovereign Identity with TLS 1.3 Handshake to Build Trust in IoT Systems

• URL: http://arxiv.org/abs/2311.00386v2
• Date: Tue, 7 Nov 2023 13:50:51 GMT
• Title: On the Integration of Self-Sovereign Identity with TLS 1.3 Handshake to Build Trust in IoT Systems
• Authors: Leonardo Perugini, Andrea Vesco,
• Abstract summary: Self-Sovereign Identity (SSI) is a decentralised option that reduces the need for human intervention. This paper contributes to the adoption of SSI in large-scale IoT systems by addressing, for the first time, the extension of the original TLS 1.3 handshake.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The centralized PKI is not a suitable solution to provide identities in large-scale IoT systems. The main problem is the high cost of managing X.509 certificates throughout their lifecycle, from installation to regular updates and revocation. The Self-Sovereign Identity (SSI) is a decentralised option that reduces the need for human intervention, and therefore has the potential to significantly reduce the complexity and cost associated to identity management in large-scale IoT systems. However, to leverage the full potential of SSI, the authentication of IoT nodes needs to be moved from the application to the Transport Layer Security (TLS) level. This paper contributes to the adoption of SSI in large-scale IoT systems by addressing, for the first time, the extension of the original TLS 1.3 handshake to support two new SSI authentication modes while maintaining the interoperability with nodes implementing the original handshake protocol. The open source implementation of the new TLS 1.3 handshake protocol in OpenSSL is used to experimentally prove the feasibility of the approach.

Related papers

• An Efficient TLS 1.3 Handshake Protocol with VC Certificate Type [0.0]
  The paper presents a step forward in the design and implementation of a Transport Layer Security (TLS) handshake protocol. It enables the use of Verifiable Credential (VC) while maintaining full compliance with RFC-8446 and preserving all the security features of TLS 1.3. Results pave the way for the adoption of Self-Sovereign Identity in large-scale Internet of Things (IoT) systems.
  arXiv  Detail & Related papers  (2024-07-17T13:18:16Z)
• DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials [0.0]
  This article presents DID Link, a novel authentication scheme for TLS 1.3. It empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs. A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger.
  arXiv  Detail & Related papers  (2024-05-13T08:03:32Z)
• SSI4IoT: Unlocking the Potential of IoT Tailored Self-Sovereign Identity [5.025528181278946]
  Self-Sovereign Identity (SSI) techniques move control of digital identity from conventional identity providers to individuals. Existing applications of SSI mainly focus on creating person-to-person and person-to-service relationships.
  arXiv  Detail & Related papers  (2024-05-03T20:31:52Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
  The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
  arXiv  Detail & Related papers  (2023-10-12T09:33:50Z)
• A Novel DID Method Leveraging the IOTA Tangle and its Integration into OpenSSL [0.0]
  This paper presents a novel Decentralized IDentifier (DID) Method called Over-The-Tangle. The results suggest the adoption of a private gateway node synchronised with the IOTA Tangle on the mainnet for efficient DID control. A novel DID Operation and Provider is presented as a solution for building DID Method agility in OpenSSL.
  arXiv  Detail & Related papers  (2023-10-02T11:02:01Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)
• Practical quantum secure direct communication with squeezed states [55.41644538483948]
  We report the first table-top experimental demonstration of a CV-QSDC system and assess its security. This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
  arXiv  Detail & Related papers  (2023-06-25T19:23:42Z)
• Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels [77.34726150561087]
  Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks. We give an overview of current solutions that differ in their fundamental values and technological possibilities. We propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment.
  arXiv  Detail & Related papers  (2020-07-03T10:45:55Z)
• A Self-Integration Testbed for Decentralized Socio-technical Systems [2.8360662552057323]
  This paper introduces a novel testbed architecture for decentralized socio-technical systems running on the Internet of Things. It is designed for a seamless reusability of application-independent decentralized services by an IoT application, and different IoT applications by the same decentralized service. Pressure and crash tests during continuous operations of several weeks, with more than 80K network joining and leaving of agents, 2.4M parameter changes, and 100M communicated messages, confirm the robustness and practicality of the testbed architecture.
  arXiv  Detail & Related papers  (2020-02-06T12:18:28Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.