Communication Encryption and Authentication in the Smart Home
As the number of Internet-enabled devices is growing and those devices are entering more and more fields of society as health care and manufacturing, the number of attacks on these IoT devices is increasing as well. The increased number and use in sensitive areas makes these devices a valuable target. Two aspects are very important when talking about securing IoT devices and data transmission. They are authentication and establishing a secured channel for data transfer. This has traditionally been solved by employing mutual TLS. The issue with this approach is a large overhead of managing certificates and a centralized infrastructure. Therefore, this thesis will look at a new way of achieving this by utilizing technologies created for Self-sovereign identity.
Recent developments in the space of SSI have given rise to new technologies like Digital Identifiers and Verifiable Credentials. Together they can be used to replace certificate by providing a way to establish a secured channel with the use of session generated DIDs and authentication with a present-proof protocol. The benefit is that Verifiable Credentials can proof claims by validating the signature with a DID registered on a blockchain. This way, the benefits of a blockchain can be utilized like distribution and resistance to tempering. Furthermore, decoupling the establishment of the secured channel and authentication into two steps adds flexibility. The task of this thesis is to create a new approach based on SSI and test its most common implementation Hyperledger Indy and Aries.
The objective of this thesis is to find an approach or combination of approaches for the previously mentioned problems and tasks in the context of secure channel creation in a decentralized manner. This particularly includes the state of the art regarding authentication with asymmetric encryption. The demonstration of feasibility with an implementation prototype of the concept is part of this thesis as well as a suitable evaluation with exemplary use cases.