A Truly Self-Sovereign Identity System

Existing digital identity management systems fail to deliver the desirable properties of control by the users of their own identity data, credibility of disclosed identity data, and network-level anonymity. The recently proposed Self-Sovereign Identity (SSI) approach promises to give users these properties. However, we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties. We show that the latency incurred by network-level anonymization in TCID is significantly larger than that of identity data disclosure protocols but is still low enough for practical situations. We conclude that current research on SSI is too narrowly focused on these data disclosure protocols.

[1]  Bart Jacobs,et al.  Credential Design in Attribute-Based Identity Management , 2013 .

[2]  D. Baars Towards self-sovereign identity using blockchain technology , 2016 .

[3]  Bryan Ford,et al.  Peer-to-Peer Communication Across Network Address Translators , 2005, USENIX Annual Technical Conference, General Track.

[4]  E. Ezhilarasan,et al.  A Review on Mobile Technologies: 3G, 4G and 5G , 2017, 2017 Second International Conference on Recent Trends and Challenges in Computational Models (ICRTCCM).

[5]  Herbert Leitold,et al.  STORK: Architecture, Implementation and Pilots , 2010, ISSE.

[6]  Christoph Meinel,et al.  A Survey on Essential Components of a Self-Sovereign Identity , 2018, Comput. Sci. Rev..

[7]  Nicole S. van der Meulen The challenge of countering identity theft: Recent developments in the United States, the United Kingdom, and the European Union. Report commissioned by the National Infrastructure Cyber Crime program (NICC) , 2008 .

[8]  Roger Wattenhofer,et al.  Attacks on Peer-to-Peer Networks , 2005 .

[9]  William E. Burr,et al.  Recommendation for Key Management Part 3: Application-Specific Key Management Guidance , 2009 .

[10]  Shafi Goldwasser,et al.  Proof of Plaintext Knowledge for the Ajtai-Dwork Cryptosystem , 2005, TCC.

[11]  Alex Biryukov,et al.  Bitcoin over Tor isn't a Good Idea , 2014, 2015 IEEE Symposium on Security and Privacy.

[12]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[13]  Ning Ding,et al.  Characterizing and modeling the impact of wireless signal strength on smartphone battery drain , 2013, SIGMETRICS '13.

[14]  Kevin S. Bauer,et al.  On the Optimal Path Length for Tor , 2010 .

[15]  Yuan Tian,et al.  OAuth Demystified for Mobile Application Developers , 2014, CCS.

[16]  Lukas Malina,et al.  Unlinkable Attribute-Based Credentials with Practical Revocation on Smart-Cards , 2012, CARDIS.

[17]  Sébastien Marcel,et al.  Biometric Antispoofing Methods: A Survey in Face Recognition , 2014, IEEE Access.

[18]  José G. Faísca,et al.  Decentralized Semantic Identity , 2016, SEMANTiCS.

[19]  Ade Setyawan Sajim Open-Source Software-Based SRAM-PUF for Secure Data and Key Storage Using Off-The-Shelf SRAM , 2018 .

[20]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[21]  Guruduth Banavar,et al.  A Case for Message Oriented Middleware , 1999, DISC.

[22]  Zhang Zhe,et al.  A review on consensus algorithm of blockchain , 2017, 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[23]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[24]  B. Bollobás The evolution of random graphs , 1984 .

[25]  Hannes Hartenstein,et al.  Network Layer Aspects of Permissionless Blockchains , 2019, IEEE Communications Surveys & Tutorials.

[26]  Erik C. Rye,et al.  A Study of MAC Address Randomization in Mobile Devices and When it Fails , 2017, Proc. Priv. Enhancing Technol..

[27]  Chris Roberts,et al.  Biometric attack vectors and defences , 2007, Comput. Secur..

[28]  Jim Groom,et al.  The Path to Self-Sovereign Identity , 2017 .

[29]  Michael Hicks,et al.  Deanonymizing mobility traces: using social network as a side-channel , 2012, CCS.

[30]  Christian Smith,et al.  Toward distributed key management for offline authentication , 2018, SAICSIT.

[31]  Robert Tappan Morris,et al.  A performance vs. cost framework for evaluating DHT design tradeoffs under churn , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[32]  Frank Stajano,et al.  The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , 2012, 2012 IEEE Symposium on Security and Privacy.

[33]  Martin Garriga,et al.  Towards a Taxonomy of Microservices Architectures , 2017, SEFM Workshops.

[34]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[35]  Georgios Loukas,et al.  Protection Against Denial of Service Attacks: A Survey , 2010, Comput. J..

[36]  Yvo Desmedt,et al.  Abuses in Cryptography and How to Fight Them , 1988, CRYPTO.

[37]  Alex Biryukov,et al.  Deanonymization and Linkability of Cryptocurrency Transactions Based on Network Analysis , 2019, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[38]  Joaquim Ferreira,et al.  Self-Sovereign Identity: Use-cases, Technologies, and Challenges for Industrial IoT , 2019, 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA).

[39]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[40]  Bojan Mrazovac,et al.  Performance evaluation of using Protocol Buffers in the Internet of Things communication , 2016, 2016 International Conference on Smart Systems and Technologies (SST).

[41]  Anders Møller,et al.  Type test scripts for TypeScript testing , 2017, Proc. ACM Program. Lang..

[42]  Robin McKenzie,et al.  Use Cases for Identity Management in E-Government , 2008, IEEE Security & Privacy.

[43]  Todd A. Jacobs Secure token-based authentication with YubiKey 4 , 2016 .

[44]  Sebastian Ramacher,et al.  Privacy-Preserving eID Derivation for Self-Sovereign Identity Systems , 2019, ICICS.

[45]  M. Frans Kaashoek,et al.  Vivaldi: a decentralized network coordinate system , 2004, SIGCOMM 2004.

[46]  Andrew Miller,et al.  Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees , 2018, SIGMETRICS.

[47]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[48]  Marc Shapiro,et al.  Conflict-Free Replicated Data Types , 2011, SSS.

[49]  Bart Jacobs,et al.  IRMA : practical , decentralized and privacy-friendly identity management using smartphones , 2017 .

[50]  Guillaume Pierre,et al.  A survey of DHT security techniques , 2011, CSUR.

[51]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[52]  Johan A. Pouwelse,et al.  Deployment of a Blockchain-Based Self-Sovereign Identity , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[53]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[54]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[55]  Rolf Lindemann,et al.  The Evolution of Authentication , 2013, ISSE.

[56]  Marko Vukolic,et al.  The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication , 2015, iNetSeC.

[57]  Vincenzo Piuri,et al.  Biometric Recognition in Automated Border Control , 2016, ACM Comput. Surv..

[58]  Johan A. Pouwelse,et al.  UDP NAT and Firewall Puncturing in the Wild , 2011, Networking.

[59]  Michael B. Jones,et al.  Design Rationale behind the Identity Metasystem Architecture , 2007, ISSE.

[60]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[61]  Peter R. Pietzuch,et al.  Distributed event-based systems , 2006 .

[62]  Jaap-Henk Hoepman,et al.  Fast revocation of attribute-based credentials for both users and verifiers , 2015, Comput. Secur..

[63]  Chinmay Saraf,et al.  Blockchain platforms: A compendium , 2018, 2018 IEEE International Conference on Innovative Research and Development (ICIRD).

[64]  Scott Shenker,et al.  Scheduling for reduced CPU energy , 1994, OSDI '94.

[65]  Fabián E. Bustamante,et al.  Structured and Unstructured Overlays under the Microscope: A Measurement-based View of Two P2P Systems That People Use , 2006, USENIX Annual Technical Conference, General Track.

[66]  Walid Saad,et al.  Device Fingerprinting in Wireless Networks: Challenges and Opportunities , 2015, IEEE Communications Surveys & Tutorials.

[67]  Frank Piessens,et al.  Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms , 2016, AsiaCCS.

[68]  Thomas S. Heydt-Benjamin,et al.  Cryptographic Protocols of the Identity Mixer Library , 2009 .

[69]  Paul F. Syverson,et al.  Improving Efficiency and Simplicity of Tor Circuit Establishment and Hidden Services , 2007, Privacy Enhancing Technologies.

[70]  Burkhard Stiller,et al.  KYoT: Self-sovereign IoT Identification with a Physically Unclonable Function , 2020, 2020 IEEE 45th Conference on Local Computer Networks (LCN).

[71]  Rafael Accorsi Automated Privacy Audits to Complement the Notion of Control for Identity Management , 2007, IDMAN.

[72]  Christoph Meinel,et al.  An Integration Architecture to Enable Service Providers for Self-sovereign Identity , 2019, 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA).

[73]  Jesper Grolin,et al.  Corporate legitimacy in risk society: the case of Brent Spar , 1998 .

[74]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[75]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[76]  Financial Regulations and Price Inconsistencies across Bitcoin Markets , 2016 .

[77]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[78]  Jun Wang,et al.  TRIBLER: a social‐based peer‐to‐peer system , 2008, IPTPS.

[79]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[80]  Primavera De Filippi,et al.  Self-Sovereign Identity in a Globalized World: Credentials-Based Identity Systems as a Driver for Economic Inclusion , 2020, Frontiers in Blockchain.

[81]  Karl Aberer,et al.  A decentralised public key infrastructure for customer-to-customer e-commerce , 2005, Int. J. Bus. Process. Integr. Manag..

[82]  Manca Bizjak,et al.  emmy - Trust-Enhancing Authentication Library , 2019, IFIPTM.

[83]  Carmela Troncoso,et al.  ClaimChain: Improving the Security and Privacy of In-band Key Distribution for Messaging , 2017, WPES@CCS.

[84]  Jörn Erbguth,et al.  Self-sovereign identity on public blockchains and the GDPR , 2020, SAC.

[85]  Kun Peng,et al.  An Efficient Range Proof Scheme , 2010, 2010 IEEE Second International Conference on Social Computing.

[86]  Yiming Hu,et al.  An efficient and secure peer-to-peer overlay network , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[87]  Andreas Wolf,et al.  An Overview of Recent Advances in Assessing and Mitigating the Face Morphing Attack , 2018, 2018 26th European Signal Processing Conference (EUSIPCO).

[88]  D. Khovratovich Sovrin : digital identities in the blockchain era , 2016 .

[89]  P. Erdos,et al.  On the evolution of random graphs , 1984 .

[90]  Ankur Sodhi,et al.  A Survey of Zero-Knowledge Proof for Authentication , 2015 .

[91]  Ramin Yahyapour,et al.  A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications , 2017, 2017 IEEE 5th International Conference on Future Internet of Things and Cloud (FiCloud).

[92]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[93]  Liam Peyton,et al.  An audit trail service to enhance privacy compliance in federated identity management , 2007, CASCON.

[94]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, IEEE Symposium on Security and Privacy.

[95]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[96]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[97]  Idit Keidar,et al.  Brahms: byzantine resilient random membership sampling , 2008, PODC '08.