Related papers: DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials

DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials

URL: http://arxiv.org/abs/2405.07533v2
Date: Tue, 14 May 2024 16:42:17 GMT
Title: DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials
Authors: Sandro Rodriguez Garzon, Dennis Natusch, Artur Philipp, Axel Küpper, Hans Joachim Einsiedler, Daniela Schneider,
Abstract summary: This article presents DID Link, a novel authentication scheme for TLS 1.3. It empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs. A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Authentication in TLS is predominately carried out with X.509 digital certificates issued by certificate authorities (CA). The centralized nature of current public key infrastructures, however, comes along with severe risks, such as single points of failure and susceptibility to cyber-attacks, potentially undermining the security and trustworthiness of the entire system. With Decentralized Identifiers (DID) alongside distributed ledger technology, it becomes technically feasible to prove ownership of a unique identifier without requiring an attestation of the proof's public key by a centralized and therefore vulnerable CA. This article presents DID Link, a novel authentication scheme for TLS 1.3 that empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs instead of CA-issued identifiers. It facilitates the exchange of tamper-proof and 3rd-party attested claims in the form of DID-bound Verifiable Credentials after the TLS handshake to complete the authentication with a full identification of the communication partner. A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger. The significant speed improvement of the resulting TLS channel over a widely used, DID-based alternative transport protocol on the application layer demonstrates the potential of DID Link to become a viable solution for the establishment of secure and trustful end-to-end communication links with decentrally managed digital identities.

Related papers

An Efficient TLS 1.3 Handshake Protocol with VC Certificate Type [0.0]
The paper presents a step forward in the design and implementation of a Transport Layer Security (TLS) handshake protocol. It enables the use of Verifiable Credential (VC) while maintaining full compliance with RFC-8446 and preserving all the security features of TLS 1.3. Results pave the way for the adoption of Self-Sovereign Identity in large-scale Internet of Things (IoT) systems.
arXiv Detail & Related papers (2024-07-17T13:18:16Z)
Physical Layer Deception with Non-Orthogonal Multiplexing [52.11755709248891]
We propose a novel framework of physical layer deception (PLD) to actively counteract wiretapping attempts. PLD combines PLS with deception technologies to actively counteract wiretapping attempts. We prove the validity of the PLD framework with in-depth analyses and demonstrate its superiority over conventional PLS approaches.
arXiv Detail & Related papers (2024-06-30T16:17:39Z)
Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain. We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z)
Attribute-Based Authentication in Secure Group Messaging for Distributed Environments [2.254434034390528]
Messaging Layer security (MLS) and its underlying Continuous Group Key Agreement protocol allow a group of users to share a cryptographic secret in a dynamic manner. The use of digital certificates for authentication in a group goes against the group members' privacy. We provide an alternative method of authentication in which the solicitors, instead of revealing their identity, only need to prove possession of certain attributes.
arXiv Detail & Related papers (2024-05-20T14:09:28Z)
A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z)
On the Integration of Self-Sovereign Identity with TLS 1.3 Handshake to Build Trust in IoT Systems [0.0]
Self-Sovereign Identity (SSI) is a decentralised option that reduces the need for human intervention. This paper contributes to the adoption of SSI in large-scale IoT systems by addressing, for the first time, the extension of the original TLS 1.3 handshake.
arXiv Detail & Related papers (2023-11-01T09:22:31Z)
Incorporating Zero-Knowledge Succinct Non-interactive Argument of Knowledge for Blockchain-based Identity Management with off-chain computations [0.8621608193534839]
A novel blockchain-based fingerprint authentication system is proposed that integrates zk-SNARKs. The proposed method has the potential to provide a secure and efficient solution for blockchain-based identity management.
arXiv Detail & Related papers (2023-10-30T11:24:05Z)
Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
arXiv Detail & Related papers (2023-10-12T09:33:50Z)
Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security. This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z)
FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
arXiv Detail & Related papers (2023-05-10T12:10:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.