An Efficient TLS 1.3 Handshake Protocol with VC Certificate Type

TL;DR

This paper introduces an efficient TLS 1.3 handshake protocol that incorporates Verifiable Credentials, enabling secure, compliant, and minimal-impact integration of decentralized identity solutions suitable for IoT systems.

Contribution

The paper presents a novel TLS 1.3 handshake design using existing messages, facilitating VC integration with minimal implementation changes and maintaining performance.

Findings

Feasible implementation with minimal OpenSSL modifications

Comparable performance to traditional PKI-based solutions

Supports scalable, cost-effective identity management for IoT

Abstract

The paper presents a step forward in the design and implementation of a Transport Layer Security (TLS) handshake protocol that enables the use of Verifiable Credential (VC) while maintaining full compliance with RFC-8446 and preserving all the security features of TLS 1.3. The improvement over our previous work lies in the handshake design, which now only uses messages already defined for TLS 1.3. The design has an incredibly positive impact on the implementation, as we made minimal changes to the OpenSSL library and relied mostly on a novel external provider to handle VC and Decentralized IDentifier (DID) related operations. The experimental results prove the feasibility of the design and show comparable performance to the original solution based on Public Key Infrastructure (PKI) and X.509 certificates. These results pave the way for the adoption of Self-Sovereign Identity in large-scale Internet of Things (IoT) systems, with a clear benefit in terms of reducing the cost of identity management.