Politecnico di Torino (logo)

SSI-aware TLS handshake in OpenSSL

Leonardo Perugini

SSI-aware TLS handshake in OpenSSL.

Rel. Antonio Lioy, Andrea Guido Antonio Vesco, Alberto Carelli. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2023

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (4MB) | Preview

Self-Sovereign Identity (SSI) is a new digital identity paradigm that allows users to create and control their own identity, without relying on any centralised authority. A user can generate its own identity (Decentralized Identifiers) stored in a Distributed Ledger (DL) and associates authentic and demonstrable attributes to it (Verifiable Credentials). The Transport Layer Security (TLS) protocol version 1.3 is a client/server Internet protocol that allows two endpoints to communicate securely by providing authentication of the parties, confidentiality and integrity of the messages. In TLS identities are issued in the form of X.509 certificates by Certification Authorities (CAs), which are centralized entities who have full control on the certificates they emit. In this project I have designed an SSI-aware version of TLS providing an authentication mechanism that substitutes X.509 certificates with Decentralized Identifiers. Furthermore, to facilitate the transition to this new identity system I have also developed a hybrid TLS model to allow an endpoint identify itself with a Decentralized Identifier and still allow the other to make use of an X.509 certificate and vice-versa. I have implemented and tested the solution in OpenSSL, an open-source, widespread and multiplatform cryptographic library that supports TLS 1.3.

Relators: Antonio Lioy, Andrea Guido Antonio Vesco, Alberto Carelli
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 69
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: FONDAZIONE LINKS
URI: http://webthesis.biblio.polito.it/id/eprint/26884
Modify record (reserved for operators) Modify record (reserved for operators)