Enabling Secure Authentication for Constrained IoT Devices with Self-Sovereign Identity
We are proud to announce that our paper “Empowering Resource-Constrained WoT Devices with Lightweight Self-Sovereign Identity Using Delegation” was presented at the International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT) 2025.
This work addresses a key challenge in modern IoT ecosystems: secure authentication for resource-constrained devices, which often lack the computational power to handle traditional security mechanisms.
Key Contributions
- We designed and implemented a decentralized authentication protocol based on Self-Sovereign Identity (SSI), tailored for devices with very limited memory and processing capabilities.
- Our approach introduces a delegated identity agent (based on the Aries Multi-Tenant Agent) that offloads authentication complexity from the device, while maintaining cryptographic security guarantees.
- We integrated the solution into the FIWARE ecosystem, enhancing security at the edge of IoT systems without altering the core architecture.
Experimental Results
- The protocol was tested using ESP32 microcontrollers and a Raspberry Pi 4 as SSI agent, showing that secure key generation, credential exchange, and mutual authentication are possible in under 2.6 seconds.
- A formal security verification using ProVerif confirms the system’s resistance to attacks on confidentiality, authenticity, and forward secrecy.
Why It Matters
This architecture paves the way for secure and scalable integration of low-power IoT devices into smart city, industrial, and healthcare environments—where both security and efficiency are critical.
Code and documentation are available here: https://github.com/biagioboi/distribuited-credo-ts