Jakatdar, Ketki Shekhar (2024) Leveraging X.509 Certificates and OAuth for optimized use of DIDs and VCs in Constrained IoT Devices. Masters thesis, Dublin, National College of Ireland.
Preview |
PDF (Master of Science)
Download (1MB) | Preview |
Preview |
PDF (Configuration Manual)
Download (5MB) | Preview |
Abstract
Due to the rapid growth of IoT devices worldwide, unauthorized access to them they has become one of the biggest concerns. Verifiable credentials (VCs) and Decentralised identifiers (DIDs) based on blockchain technology, provide a strong alternative to centralised authorization. However, constrained IoT devices have low computing capability which makes them unable to process VCs and DIDs. To overcome this, the approach of delegating the DID and VC processing to an OAuth server is adopted. This research presents a novel approach to incorporate authorization proofs into X.509 certificates, reducing the redundant calls in the TLS v1.3 handshake. The implementation integrates Hyperledger Aries-Cloudagent-Python and modified ACE-OAuth server to handle the processing of DIDs and VCs. Key components include X.509 certificates with authorization proofs embedded as custom extensions and Proof of Possession (PoP) tokens. In order to simulate a real-world situation, the architecture illustrates a university (Faber) and a lecturer (Alice,) trying to access a constrained IoT printer. The results indicate reduction in the total steps from 6 to 4 and Round Trip Time (RTT) from approximately 2RTT to 1RTT.The achieved RTT for the TLS handshake is approximately 3.488 ms. Security testing included verifying the PoP token signature, preventing replay attacks, and detecting data tampering. Thus, the solution presented demonstrated both increased efficiency and security.
Actions (login required)
![]() |
View Item |