DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials

TL;DR

DID Link addresses the centralization of TLS authentication by enabling TLS 1.3 to operate with decentralized identities: self-issued X.509 certificates carry DIDs anchored in distributed ledgers, and post-handshake Verifiable Credentials can identify the subject. The approach introduces a dedicated identification sub-layer and TLS extensions to negotiate DID methods and VC presentations, while preserving TLS compatibility and security properties. Empirical evaluation shows that with cached DIDs, handshake performance approaches CA-based authentication, though resolving DIDs on remote ledgers can incur significant delays; DID Link also demonstrates superiority over application-layer DIDComm in data transfer after session establishment. This work advances practical decentrally managed identity at the transport layer, with implications for scalable, privacy-preserving authentication and potential integration with authorization workflows via VCs.

Abstract

Authentication in TLS is predominately carried out with X.509 digital certificates issued by certificate authorities (CA). The centralized nature of current public key infrastructures, however, comes along with severe risks, such as single points of failure and susceptibility to cyber-attacks, potentially undermining the security and trustworthiness of the entire system. With Decentralized Identifiers (DID) alongside distributed ledger technology, it becomes technically feasible to prove ownership of a unique identifier without requiring an attestation of the proof's public key by a centralized and therefore vulnerable CA. This article presents DID Link, a novel authentication scheme for TLS 1.3 that empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs instead of CA-issued identifiers. It facilitates the exchange of tamper-proof and 3rd-party attested claims in the form of DID-bound Verifiable Credentials after the TLS handshake to complete the authentication with a full identification of the communication partner. A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger. The significant speed improvement of the resulting TLS channel over a widely used, DID-based alternative transport protocol on the application layer demonstrates the potential of DID Link to become a viable solution for the establishment of secure and trustful end-to-end communication links with decentrally managed digital identities.

Figures (6)

• Figure 1: (m)TLS 1.3 handshake
• Figure 2: X.509 digital certificates and their conceptual relation to Decentralized Identifiers and Verifiable Credentials
• Figure 3: Bilateral off-ledger issuance and presentation of Verifiable Credentials that are cryptographically bound to VDR-anchored Decentralized Identifiers.
• Figure 4: Using DIDs in X.509 certificates during the TLS handshake for the pseudo-anonymous authentication and VPs afterwards to (mutually) identify entities after the TCP connection establishment with DID Link.
• Figure 5: Average durations of the TLS handshakes and VC exchanges depending on the configuration after 1k runs for each configuration. The first (and third) column of each configuration shows the durations measured at the client while the second (and fourth) column the ones experienced at the server.