An Efficient TLS 1.3 Handshake Protocol with VC Certificate Type

• URL: http://arxiv.org/abs/2407.12536v2
• Date: Tue, 8 Oct 2024 09:08:20 GMT
• Title: An Efficient TLS 1.3 Handshake Protocol with VC Certificate Type
• Authors: Leonardo Perugini, Andrea Vesco,
• Abstract summary: The paper presents a step forward in the design and implementation of a Transport Layer Security (TLS) handshake protocol. It enables the use of Verifiable Credential (VC) while maintaining full compliance with RFC-8446 and preserving all the security features of TLS 1.3. Results pave the way for the adoption of Self-Sovereign Identity in large-scale Internet of Things (IoT) systems.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The paper presents a step forward in the design and implementation of a Transport Layer Security (TLS) handshake protocol that enables the use of Verifiable Credential (VC) while maintaining full compliance with RFC-8446 and preserving all the security features of TLS 1.3. The improvement over our previous work lies in the handshake design, which now only uses messages already defined for TLS 1.3. The design has an incredibly positive impact on the implementation, as we made minimal changes to the OpenSSL library and relied mostly on a novel external provider to handle VC and Decentralized IDentifier (DID) related operations. The experimental results prove the feasibility of the design and show comparable performance to the original solution based on Public Key Infrastructure (PKI) and X.509 certificates. These results pave the way for the adoption of Self-Sovereign Identity in large-scale Internet of Things (IoT) systems, with a clear benefit in terms of reducing the cost of identity management.

Related papers

• An Enhanced Online Certificate Status Protocol for Public Key Infrastructure with Smart Grid and Energy Storage System [0.6757476692230008]
  We introduce the OCSP Stapling approach to optimize OCSP query costs in our smart grid environment. Our experimental results show that OCSP stapling increases both efficiency and security, creating a more robust architecture for the smart grid.
  arXiv  Detail & Related papers  (2024-09-17T06:57:17Z)
• DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials [0.0]
  This article presents DID Link, a novel authentication scheme for TLS 1.3. It empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs. A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger.
  arXiv  Detail & Related papers  (2024-05-13T08:03:32Z)
• Blockchain-enabled Trustworthy Federated Unlearning [50.01101423318312]
  Federated unlearning is a promising paradigm for protecting the data ownership of distributed clients. Existing works require central servers to retain the historical model parameters from distributed clients. This paper proposes a new blockchain-enabled trustworthy federated unlearning framework.
  arXiv  Detail & Related papers  (2024-01-29T07:04:48Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs [2.0198678236144474]
  This paper introduces a novel approach using WebAssembly to address these issues. We present the design of a portable and fully attested publish/subscribe system as a holistic approach. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker.
  arXiv  Detail & Related papers  (2023-12-01T16:37:48Z)
• Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems [0.0]
  We present a design that utilizes the Station to Station (STS) protocol with implicit certificates. We show that with a slight computational increase of 20% compared to a static ECDSA key derivation, we are able to mitigate many session-related security vulnerabilities.
  arXiv  Detail & Related papers  (2023-11-19T22:40:21Z)
• Fossil 2.0: Formal Certificate Synthesis for the Verification and Control of Dynamical Models [54.959571890098786]
  This paper presents Fossil 2.0, a new major release of a software tool for the synthesis of certificates. Fossil 2.0 is much improved from its original release, including new interfaces and a significantly expanded certificate portfolio.
  arXiv  Detail & Related papers  (2023-11-16T11:18:21Z)
• On the Integration of Self-Sovereign Identity with TLS 1.3 Handshake to Build Trust in IoT Systems [0.0]
  Self-Sovereign Identity (SSI) is a decentralised option that reduces the need for human intervention. This paper contributes to the adoption of SSI in large-scale IoT systems by addressing, for the first time, the extension of the original TLS 1.3 handshake.
  arXiv  Detail & Related papers  (2023-11-01T09:22:31Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)
• Practical quantum secure direct communication with squeezed states [55.41644538483948]
  We report the first table-top experimental demonstration of a CV-QSDC system and assess its security. This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
  arXiv  Detail & Related papers  (2023-06-25T19:23:42Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.