NORMA eResearch @NCI Library

Leveraging X.509 Certificates and OAuth for optimized use of DIDs and VCs in Constrained IoT Devices

Jakatdar, Ketki Shekhar (2024) Leveraging X.509 Certificates and OAuth for optimized use of DIDs and VCs in Constrained IoT Devices. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
PDF (Configuration Manual)
Download (5MB) | Preview

Abstract

Due to the rapid growth of IoT devices worldwide, unauthorized access to them they has become one of the biggest concerns. Verifiable credentials (VCs) and Decentralised identifiers (DIDs) based on blockchain technology, provide a strong alternative to centralised authorization. However, constrained IoT devices have low computing capability which makes them unable to process VCs and DIDs. To overcome this, the approach of delegating the DID and VC processing to an OAuth server is adopted. This research presents a novel approach to incorporate authorization proofs into X.509 certificates, reducing the redundant calls in the TLS v1.3 handshake. The implementation integrates Hyperledger Aries-Cloudagent-Python and modified ACE-OAuth server to handle the processing of DIDs and VCs. Key components include X.509 certificates with authorization proofs embedded as custom extensions and Proof of Possession (PoP) tokens. In order to simulate a real-world situation, the architecture illustrates a university (Faber) and a lecturer (Alice,) trying to access a constrained IoT printer. The results indicate reduction in the total steps from 6 to 4 and Round Trip Time (RTT) from approximately 2RTT to 1RTT.The achieved RTT for the TLS handshake is approximately 3.488 ms. Security testing included verifying the PoP token signature, preventing replay attacks, and detecting data tampering. Thus, the solution presented demonstrated both increased efficiency and security.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Sahni, Vikas
UNSPECIFIED
Uncontrolled Keywords: Decentralized Identifier (DID); Verifiable Credential (VC); ACEOAuth; Hyperledger Aries-Cloudagent-Python; X509 certificates; Rount Trip Time (RTT)
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security > Database security > Blockchains (Databases)
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security > Database security > Blockchains (Databases)
Z Bibliography. Library Science. Information Resources > ZA Information resources > ZA4050 Electronic information resources > Databases > Distributed databases > Blockchains (Databases)
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunications > Computer networks > Internet of things
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 30 Jul 2025 09:30
Last Modified: 30 Jul 2025 09:30
URI: https://norma.ncirl.ie/id/eprint/8323

Actions (login required)

View Item View Item