International Journal of Computer Science & Network Security

국제컴퓨터통신보호논문지학회 (International Journal of Computer Science & Network Security)
권호 표지
DOI QR코드

DOI QR Code

Self-Sovereign Identity Management: A Comparative Study and Technical Enhancements

  • Noot A. Alissa (Imam Mohammad bin Saud Islamic University, College of Computer and Information Sciences, Department of Computer Science) ;
  • Waleed A. Alrodhan (Imam Mohammad bin Saud Islamic University, College of Computer and Information Sciences, Department of Computer Science)
  • 투고 : 2023.12.05
  • 발행 : 2023.12.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Nowadays usage of different applications of identity management IDM demands prime attention to clarify which is more efficient regarding preserve privacy as well as security to perform different operations concerning digital identity. Those operations represent the available interactions with identity during its lifecycle in the digital world e.g., create, update, delete, verify and so on. With the rapid growth in technology, this field has been evolving with a number of IDM models being proposed to ensure that identity lifecycle and face some significant issues. However, the control and ownership of data remines in the hand of identity service providers for central and federated approaches unlike in the self-sovereign identity management SSIM approach. SSIM is the recent IDM model were introduced to solve the issue regarding ownership of identity and storing the associated data of it. Thus, SSIM aims to grant the individual's ability to govern their identities without intervening administrative authorities or approval of any authority. Recently, we noticed that numerous IDM solutions enable individuals to own and control their identities in order to adapt with SSIM model. Therefore, we intend to make comparative study as much of these solutions that have proper technical documentation, reports, or whitepapers as well as provide an overview of IDM models. We will point out the existing research gaps and how this study will bridge it. Finally, the study will propose a technical enhancement, everKEY solution, to address some significant drawbacks in current SSIM solutions.

키워드

참고문헌

  1. Quintana, L. and Hermida, J., 2019. El metodo hermeneutico y la investigacion en Ciencias Sociales. Aportes al Derecho, 1(3), pp.1-16.
  2. Azarian, R., 2011. Potentials and limitations of comparative method in social science. International Journal of Humanities and Social Science, 1(4), pp.113-125.
  3. ISO/IEC 24760-1:2019. IT Security and Privacy - A framework for identity management - Part 1: Terminology and concepts.
  4. Alrodhan, W.A. and Mitchell, C.J., 2010, May. Enhancing user authentication in claim-based identity management. In 2010 International Symposium on Collaborative Technologies and Systems (pp. 75-83). IEEE.
  5. ITU-T X.1250: Baseline capabilities for enhanced global identity management and interoperability. Framework. Sep.2009.
  6. Coskun, B. and Herley, C., 2008, September. Can "something you know" be saved?. In International Conference on Information Security (pp. 421-440). Springer, Berlin, Heidelberg.
  7. Allen, C., 2016. The path to self-sovereign identity, Apr.
  8. Cameron, K., 2009. The laws of identity. 2005. Microsoft Corporation.
  9. Ferris, C., 2004. Web services architecture. Standard, W3C World, p.10.
  10. Hughes, J. and Maler, E., 2005. Security assertion markup language (saml) v2. 0 technical overview. OASIS SSTC Working Draft sstc-samltech-overview-2.0-draft-08, 13.
  11. Cantor, S., Kemp, J., Philpott, R. and Maler, E. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2. Tech. Rep, 2009.
  12. M. Sporny, D. Longley, M. Sabadello, D. Reed, O. Steele, and C. Allen, "Decentralized Identifiers v1.0 Core architecture, data model, and representations," W3C Technical report, 2021. [online]. Available: https://www.w3.org/TR/did-core/
  13. M. Sporny, D. Longley, and D. Chadwick, "Verifiable Credentials Data Model 1.1" W3C Technical report, 2021. [online]. Available: https://www.w3.org/TR/vcdata-model/
  14. International Standardization Organization ISO 22739, Blockchain and Distributed Ledger Technologies-Vocabulary,2020(En).[online].Available:https://www.iso.org/obp/ui#iso:std:iso:22739:ed-1:v1:en
  15. S. Nakamoto. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. [Online]. Available: https://bitcoin.org/bitcoin.pdf
  16. Bernabe, J.B., Canovas, J.L., Hernandez-Ramos, J.L., Moreno, R.T. and Skarmeta, A., 2019. Privacy-preserving solutions for blockchain: Review and challenges. IEEE Access, 7, pp.164908-164940. https://doi.org/10.1109/ACCESS.2019.2950872
  17. Fraga-Lamas, P. and Fernandez-Carames, T.M., 2019. A review on blockchain technologies for an advanced and cyber-resilient automotive industry. IEEE access, 7, pp.17578-17598. https://doi.org/10.1109/ACCESS.2019.2895302
  18. Zheng, Z., Xie, S., Dai, H., Chen, X. and Wang, H., 2017, June. An overview of blockchain technology: Architecture, consensus, and future trends. In 2017 IEEE international congress on big data (BigData congress) (pp. 557-564). IEEE.
  19. Lu, Y., 2019. The blockchain: State-of-the-art and research challenges. Journal of Industrial Information Integration, 15, pp.80-90. https://doi.org/10.1016/j.jii.2019.04.002
  20. Viriyasitavat, W. and Hoonsopon, D., 2019. Blockchain characteristics and consensus in modern business processes. Journal of Industrial Information Integration, 13, pp.32-39. https://doi.org/10.1016/j.jii.2018.07.004
  21. D. Yaga, P. Mell, N. Roby, and K. Scarfone, Draft NISTIR 8202: Blockchain Technology Overview. NIST, 2018 [online]. Available: https://csrc.nist.gov/publications/detail/nistir/8202/draft
  22. Aydar, M., Cetin, S.C., Ayvaz, S. and Aygun, B., 2019. Private key encryption and recovery in blockchain. arXiv preprint arXiv:1907.04156.
  23. Akram, S.V., Malik, P.K., Singh, R., Anita, G. and Tanwar, S., 2020. Adoption of blockchain technology in various realms: Opportunities and challenges. Security and Privacy, 3(5), p.e109.
  24. Hardjono, T., Lipton, A. and Pentland, A., 2019. Toward an interoperability architecture for blockchain autonomous systems. IEEE Transactions on Engineering Management, 67(4), pp.1298-1309. https://doi.org/10.1109/TEM.2019.2920154
  25. Hepp, T., Sharinghousen, M., Ehret, P., Schoenhals, A. and Gipp, B., 2018. On-chain vs. off-chain storage for supply-and blockchain integration. it-Information Technology, 60(5-6), pp.283-291. https://doi.org/10.1515/itit-2018-0019
  26. Eberhardt, J. and Heiss, J., 2018, December. Off-chaining models and approaches to off-chain computations. In Proceedings of the 2nd Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers (pp. 7-12).
  27. Kim, S.T., 2020. Bitcoin dilemma: Is popularity destroying value? Finance Research Letters, 33, p.101228.
  28. Greenspan, G., 2015. Multichain private blockchain-white paper. URl: http://www.multichain.com/download/MultiChain-White-Paper.pdf, pp.57-60.
  29. Buterin, V., 2013. Ethereum white paper. GitHub repository, 1, pp.22-23.
  30. Dhulavvagol, P.M., Bhajantri, V.H. and Totad, S.G., 2020. Blockchain ethereum clients performance analysis considering E-voting application. Procedia Computer Science, 167, pp.2506-2515. https://doi.org/10.1016/j.procs.2020.03.303
  31. HYPERLEDGER, "An Overview of Hyperledger Foundation," 2021, [Online]. Available: https://www.hyperledger.org/wpcontent/uploads/2021/11/HL_Paper_HyperledgerOverview_102721.pdf
  32. Schwartz, D., Youngs, N. and Britto, A., 2014. The ripple protocol consensus algorithm. Ripple Labs Inc White Paper, 5(8), p.151.
  33. Gurcan, O., Del Pozzo, A. and Tucci-Piergiovanni, S., 2017, October. On the bitcoin limitations to deliver fairness to users. In OTM Confederated International Conferences" On the Move to Meaningful Internet Systems" (pp. 589-606). Springer, Cham.
  34. Brown, R.G., Carlyle, J., Grigg, I. and Hearn, M., 2016. Corda: an introduction. R3 CEV, August, 1(15), p.14.
  35. Morgan, J.P., 2016. Quorum whitepaper. New York: JP Morgan Chase.
  36. Buterin, V., 2014. A next-generation smart contract and decentralized application platform. white paper, 3(37), pp.2-1.
  37. Baliga, A., Subhod, I., Kamat, P. and Chatterjee, S., 2018. Performance evaluation of the quorum blockchain platform. arXiv preprint arXiv:1809.03421.
  38. Naik, N. and Jenkins, P., 2020, April. Self-Sovereign Identity Specifications: Govern your identity through your digital wallet using blockchain technology. In 2020 8th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud) (pp. 90-95). IEEE.
  39. Cameron, K., 2009. The laws of identity. 2005. Microsoft Corporation. - duplicated
  40. Satybaldy, A., Nowostawski, M. and Ellingsen, J., 2019, August. Self-Sovereign Identity Systems. In IFIP International Summer School on Privacy and Identity Management (pp. 447-461). Springer, Cham.
  41. El Haddouti, S. and El Kettani, M.D.E.C., 2019, April. Analysis of identity management systems using blockchain technology. In 2019 International Conference on Advanced Communication Technologies and Networking (CommNet) (pp. 1-7). IEEE.
  42. Dunphy, P. and Petitcolas, F.A., 2018. A first look at identity management schemes on the blockchain. IEEE security & privacy, 16(4), pp.20-29. https://doi.org/10.1109/MSP.2018.3111247
  43. Kaneriya, J. and Patel, H., 2020, December. A Comparative Survey on Blockchain Based Self Sovereign Identity System. In 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS) (pp. 1150-1155). IEEE.
  44. Liu, J., Hodges, A., Clay, L. and Monarch, J., 2020, September. An analysis of digital identity management systems-a two-mapping view. In 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS) (pp. 92-96). IEEE.
  45. Gilani, K., Bertin, E., Hatin, J. and Crespi, N., 2020, September. A survey on blockchain-based identity management and decentralized privacy for personal data. In 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS) (pp. 97-101). IEEE.
  46. Ferdous, M.S., Chowdhury, F. and Alassafi, M.O., 2019. In search of self-sovereign identity leveraging blockchain technology. IEEE Access, 7, pp.103059- 103079. https://doi.org/10.1109/ACCESS.2019.2931173
  47. Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, P., Philpott, R. and Maler, E., 2005. Profiles for the oasis security assertion markup language (saml) v2. 0. OASIS standard.
  48. Grassi, P., Garcia, M. and Fenton, J., 2020. Digital identity guidelines (No. NIST Special Publication (SP) 800-63-3). National Institute of Standards and Technology.
  49. Li, C. and Palanisamy, B., 2018, October. Decentralized release of self-emerging data using smart contracts. In 2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS) (pp. 213-220). IEEE.
  50. Nofer, M., Gomber, P., Hinz, O. and Schiereck, D., 2017. Blockchain. Business & Information Systems Engineering, 59(3), pp.183-187. https://doi.org/10.1007/s12599-017-0467-3
  51. Parameswaran, M., Susarla, A. and Whinston, A.B., 2001. P2P networking: an information sharing alternative. Computer, 34(7), pp.31-38. https://doi.org/10.1109/2.933501
  52. Conti, M., Kumar, E.S., Lal, C. and Ruj, S., 2018. A survey on security and privacy issues of bitcoin. IEEE Communications Surveys & Tutorials, 20(4), pp.3416-3452. https://doi.org/10.1109/COMST.2018.2842460
  53. Upadhyay, N., 2020. Demystifying blockchain: A critical analysis of challenges, applications and opportunities. International Journal of Information Management, 54, p.102120
  54. P. Windley and D. Reed, "Sovrin: A protocol and token for self sovereign identity and decentralized trust," Sovrin Foundation whitepaper, 2018. [online]. Available: https://sovrin.org/wpcontent/uploads/Sovrin-Protocol-and-Token-WhitePaper.pdf
  55. Evernym. [Online]. Available: https://www.evernym.com/
  56. Hyperledger Indy. [Online]. Available: https://www.hyperledger.org/projects/hyperledgerindy
  57. uport.me. [Online]. Available: https://developer.uport.me/
  58. Lundkvist, C., Heck, R., Torstensson, J., Mitton, Z. and Sena, M., uPort: A platform for self-sovereign identity. white paper, 2017. [online]. Available: https://whitepaper.uport.me/uPort_whitepaper_DRAFT20170221.pdf.
  59. Reid, B., Witteman, B. and Brad, W., 2018. Everid whitepaper. EverID, techreport,
  60. Cai, W., Wang, Z., Ernst, J.B., Hong, Z., Feng, C. and Leung, V.C., 2018. Decentralized applications: The blockchain-empowered software system. IEEE Access, 6, pp.53019-53033. https://doi.org/10.1109/ACCESS.2018.2870644
  61. LifeID. [online]. Available: https://lifeid.io/
  62. LifeID, "An open-source, blockchain-based platform for self-sovereign identity," LifeID, Tech. Rep.[Online]. Available: https://lifeid.io/whitepaper.pdf
  63. Soramitsu. [Online]. Available: https://soramitsu.co.jp
  64. "Hyperledger Iroha", Available on: https://github.com/hyperledger/iroha
  65. Takemiya, M. and Vanieiev, B., 2018, July. Sora identity: Secure, digital identity on the blockchain. In 2018 ieee 42nd annual computer software and applications conference (compsac) (Vol. 2, pp. 582-587). IEEE.
  66. SelfKey. [online]. Available: https://selfkey.org/
  67. SelfKey, "Selfkey," The SelfKey Foundation, Tech. Rep., Sep. 2017. [Online]. Available: https://selfkey.org/wpcontent/uploads/2017/11/selfkey-whitepaper-en.pdf
  68. Civic Secure Identity Ecosystem-Decentralized Identity & Reusable KYC. [Online]. Available: https://www.civic.com.
  69. Lingham, V. and Smith, J., Civic white paper, 2018. [online]. Available: https://tokensale.civic.com.CivicTokenSaleWhitePaper.Pdf.
  70. Identity.com, [online]. Available: https://www.identity.com/
  71. Blockstack. [Online]. Available: https://blockstack.org
  72. Ali, M. Stacks 2.0 Apps and Smart Contracts for Bitcoin. Stacks whitepaper, 2020. [online]. Available: https://coinpaprika.com/storage/cdn/whitepapers/10650531.pdf
  73. Ali, M., Shea, R., Nelson, J. and Freedman, M.J., 2017. Blockstack Technical Whitepaper. 2017. [online]. Available: http://nil.lcs.mit.edu/6.824/2020/papers/blockstack2017.pdf
  74. Shocard .[online]. Available: https://shocard.com
  75. ShoCard, S.I.T.A., 2016. Travel Identity of the Future-White Paper.
  76. Jolocom. [Online]. Available: http://jolocom.io.
  77. Robles, K. and Appelcline, S., 2016. Hierarchical Deterministic Keys for Bootstrapping a Self-Sovereign Identity. Retrieved April, 28, p.2019.
  78. Jolocom, J., a decentralized, open source solution for digital identity and access management, Jolocom white paper, 2019. URL https://github.com/jolocom/jolocom-lib/wiki/Jolocom-Whitepaper.
  79. Dock.[online]. Available: https://www.dock.io/
  80. Dock, decentralized data exchange powered by Ethereum, Whitepaper Dock Protocol V0.5. Mar. 2018.
  81. Sphere Identity.[online]. Available: https://sphereidentity.com/en/
  82. Sphere Identity, Sphere Identity Whitepaper V1.1, May. 2019.
  83. NuID. [online]. Available: https://nuid.io/
  84. NuID: A Model for Trustless, Decentralized Authentication and Self-Sovereign Identity, whitepaper, NuID, 2017. [online]. Available: https://nuid.io/pdf/nuid-white-paper.pdf
  85. Summers, A., 2022. Understanding Blockchain and Cryptocurrencies: A Primer for Implementing and Developing Blockchain Projects. CRC Press.
  86. Bashir, I., 2022. Blockchain Consensus: An Introduction to Classical, Blockchain, and Quantum Consensus Protocols
  87. Hafid, A., Hafid, A.S. and Samih, M., 2020. Scaling blockchains: A comprehensive survey. IEEE Access, 8, pp.125244-125262. https://doi.org/10.1109/ACCESS.2020.3007251
  88. Datarella. [online]. Available: https://datarella.com/everid/