Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DAXiot: A Decentralized Authentication and Authorization Scheme for Dynamic IoT Networks

Artur Philipp, Axel Küpper

TL;DR

This work designs a privacy preserving challenge-response style authentication and authorization scheme based on Decentralized Identifiers and Verifiable Credentials that allows decentralized permission management of frequently changing network participants and supports authenticated encryption for data confidentiality.

Abstract

Federated and decentralized networks supporting frequently changing system participants are a requirement for future Internet of Things (IoT) use cases. IoT devices and networks often lack adequate authentication and authorization mechanisms, resulting in insufficient privacy for entities in such systems. In this work we address both issues by designing a privacy preserving challenge-response style authentication and authorization scheme based on Decentralized Identifiers and Verifiable Credentials. Our solution allows a decentralized permission management of frequently changing network participants and supports authenticated encryption for data confidentiality. We demonstrate our solution in an MQTT 5.0 scenario and evaluate its security, privacy guarantees, and performance.

DAXiot: A Decentralized Authentication and Authorization Scheme for Dynamic IoT Networks

TL;DR

This work designs a privacy preserving challenge-response style authentication and authorization scheme based on Decentralized Identifiers and Verifiable Credentials that allows decentralized permission management of frequently changing network participants and supports authenticated encryption for data confidentiality.

Abstract

Federated and decentralized networks supporting frequently changing system participants are a requirement for future Internet of Things (IoT) use cases. IoT devices and networks often lack adequate authentication and authorization mechanisms, resulting in insufficient privacy for entities in such systems. In this work we address both issues by designing a privacy preserving challenge-response style authentication and authorization scheme based on Decentralized Identifiers and Verifiable Credentials. Our solution allows a decentralized permission management of frequently changing network participants and supports authenticated encryption for data confidentiality. We demonstrate our solution in an MQTT 5.0 scenario and evaluate its security, privacy guarantees, and performance.
Paper Structure (20 sections, 2 figures, 1 table)

This paper contains 20 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Decentralized Identifiers
  5. Verifiable Credentials
  6. System Overview
  7. System Design and Message Flow
  8. Publisher creates ephemeral DID
  9. Publisher sends anonymous connection request
  10. Broker processes connection request
  11. Broker requests Authorization Credential
  12. Publisher processes Authorization Credential request
  13. Publisher sends Authentication Credential
  14. Broker processes Authorization Credential
  15. Broker processes authorizations
  16. ...and 5 more sections

Figures (2)

  • Figure 1: DAXiot system overview with actors and components in MQTT 5.0.
  • Figure 2: DAXiot message flow between publisher, broker and subscriber.