The Self-Sovereign Identity (SSI) is a decentralized paradigm enabling full control over the data used to build and prove the identity. In Internet of Things networks with security requirements, the Self-Sovereign Identity can play a key role and bring benefits with respect to centralized identity solutions. The challenge is to make the SSI compatible with resource-constraint IoT networks. In line with this objective, the paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set. The solution is built around the proof of membership notion. The paper analyzes two membership solutions, a novel solution designed by the Authors using Merkle trees as a building block and a second one based on the adaptation of Boneh, Boyen and Shacham (BBS) group signature scheme. The paper concludes with a performance estimation and a comparative analysis.

Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks / Pino, Alessandro; Margaria, Davide; Vesco, Andrea. - ELETTRONICO. - (2023), pp. 310-317. (Intervento presentato al convegno 2023 33rd International Telecommunication Networks and Applications Conference tenutosi a Melbourne (AUS) nel 29 November 2023 - 01 December 2023) [10.1109/ITNAC59571.2023.10368540].

Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks

Margaria, Davide;Vesco, Andrea
2023

Abstract

The Self-Sovereign Identity (SSI) is a decentralized paradigm enabling full control over the data used to build and prove the identity. In Internet of Things networks with security requirements, the Self-Sovereign Identity can play a key role and bring benefits with respect to centralized identity solutions. The challenge is to make the SSI compatible with resource-constraint IoT networks. In line with this objective, the paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set. The solution is built around the proof of membership notion. The paper analyzes two membership solutions, a novel solution designed by the Authors using Merkle trees as a building block and a second one based on the adaptation of Boneh, Boyen and Shacham (BBS) group signature scheme. The paper concludes with a performance estimation and a comparative analysis.
2023
979-8-3503-1713-8
File in questo prodotto:
File Dimensione Formato  
Combining_Decentralized_IDentifiers_with_Proof_of_Membership_to_Enable_Trust_in_IoT_Networks.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 581.65 kB
Formato Adobe PDF
581.65 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2984904