Federated and decentralized networks supporting frequently changing system participants are a requirement for future Internet of Things (IoT) use cases. IoT devices and networks often lack adequate authentication and authorization mechanisms, resulting in insufficient privacy for entities in such systems. In this work we address both issues by designing a privacy preserving challenge-response style authentication and authorization scheme based on Decentralized Identifiers and Verifiable Credentials. Our solution allows a decentralized permission management of frequently changing network participants and supports authenticated encryption for data confidentiality. We demonstrate our solution in an MQTT 5.0 scenario and evaluate its security, privacy guarantees, and performance.

翻译：支持参与者频繁变更的联邦式与去中心化网络是未来物联网应用场景的必备要求。物联网设备及网络通常缺乏完善的认证与授权机制，导致系统实体的隐私保护不足。针对上述问题，本文设计了一种基于去中心化标识符与可验证凭证的隐私保护型挑战-响应式认证与授权方案。该方案支持对频繁变更的网络参与者进行去中心化权限管理，并通过认证加密保障数据机密性。我们基于MQTT 5.0场景验证了该方案，并评估了其安全性、隐私保护能力及性能表现。