Jie Xu,Kaiping Xue,Hangyu Tian,Jianan Hong,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tvt.2020.2986041

IF: 6.8

2020-01-01

IEEE Transactions on Vehicular Technology

Abstract:More and more users are eager to obtain more comprehensive network services without revealing their private information. Traditionally, in order to access a network, a user is authorized with an identity and corresponding keys, which are generated and managed by the network operator. All users' personally identifying information are centralized stored by the network operator. However, this approach makes users lose the control of their personally identifying information. Users are concerned about who can access these sensitive data and whether they have been compromised. In this paper, we propose a blockchain-based identity management and authentication scheme for mobile networks, where users' identifying information are controlled by the users themselves. Our scheme let users generate their self-sovereign identities (SSIs) and corresponding public keys and private keys. The private key used to authenticate the user's identifying information is only known to the user. We use blockchain to record SSIs and public keys of legitimate user, and adopt chameleon hash to delete illegal users' information on the blockchain, while keeping the block head unchanged. Furthermore, other service providers can obtain the user's SSI and public key and authenticate users by querying the blockchain. Experimental results confirm that our scheme can greatly reduce the revocation overhead and communication overhead.

Shlok Gilda,Tanvi Jain,Aashish Dhalla

DOI: https://doi.org/10.48550/arXiv.2207.02207

2022-07-06

Abstract:Authentication and authorization of a user's identity are generally done by the service providers or identity providers. However, these centralized systems limit the user's control of their own identity and are prone to massive data leaks due to their centralized nature. We propose a blockchain-based identity management system to authenticate and authorize users using attribute-based access control policies and privacy-preserving algorithms and finally returning the control of a user's identity to the user. Our proposed system would use a private blockchain, which would store the re-certification events and data access and authorization requests for users' identities in a secure, verifiable manner, thus ensuring the integrity of the data. This paper suggests a mechanism to digitize documents such as passports, driving licenses, electricity bills, etc., issued by any government authority or other authority in an immutable and secure manner. The data owners are responsible for authenticating and propagating the users' identities as and when needed using the OpenID Connect protocol to enable single sign-on. We use advanced cryptographic algorithms to provide pseudonyms to the users, thus ensuring their privacy. These algorithms also ensure the auditability of transactions as and when required. Our proposed system helps in mitigating some of the issues in the recent privacy debates. The project finds its applications in citizen transfers, inter-country service providence, banks, ownership transfer, etc. The generic framework can also be extended to a consortium of banks, hospitals, etc.

Cryptography and Security

Mengjuan Zhai,Yanli Ren,Guorui Feng,Xinpeng Zhang

DOI: https://doi.org/10.23919/jcc.2022.06.004

2022-01-01

China Communications

Abstract:With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional central-ized authentication scheme,identity information such as the user's private key is generated,stored,and man-aged by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair iden-tity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret shar-ing(SUSS),which allows users to update the trap-door and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bit-coin,the redactable blockchain in our identity authen-tication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.

A. Shobanadevi,Sumegh Tharewal,Mukesh Soni,D. Dinesh Kumar,Ihtiram Raza Khan,Pankaj Kumar

DOI: https://doi.org/10.1007/s13198-021-01494-0

2021-11-27

International Journal of System Assurance Engineering and Management

Abstract:Blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system. A blockchain is essentially a digital ledger of transactions that is duplicated and distributed across the entire network of computer systems on the blockchain. Blockchain is an especially promising and revolutionary technology because it helps reduce risk, stamps out fraud, and brings transparency in a scalable way for myriad uses. Blockchain offers decentralised credentials, making it a global system. It also promotes user-to-user data transmission. However, blockchain-based identity management is crucial for data security. The user owns the identification. Blockchain-based IDMs solve conventional IDM flaws. As technology advances, so does the need for user data protection. Advance payment to safeguard data is unacceptable. So, identity management solutions assist overcome the flaws. Blockchain consists of three important concepts: blocks, nodes, and miners. Blockchain makes life simpler by changing the way personal data is stored are made available. While the government and other third parties are addressing the problem, the users are still exposed to identity management. Personal identity management takes increasing security and productivity. Blockchain eliminates the third party by transferring data between two entities. This work develops a categorization model for Ethereum addresses based on a few criteria. Voting categorization outperforms the other models with an accuracy of 88.89% and an AUC Score of 97%.

Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.

Randy Gregory Rozario,Proshanta Roy,Prince Chandra Talukder,Al Imtiaz,Partha Chakraborty

DOI: https://doi.org/10.1109/ICBDS58040.2023.10346426

2023-10-06

Abstract:In the digital era, identity management is essential due to the growing cyber threats and weaknesses in the national ID systems now in place. It is difficult to get and update IDs using the current manual procedure. With an emphasis on data security and transparency, this article offers a blockchain-based identity management system to address these concerns. The suggested system auto-starts from birth, creating distinctive IDs and keeping extensive data, such as national ID information, academic credentials, and more. It is built using blockchain technology, which offers security and user control over identification data. This technology provides a secure, decentralized platform that improves privacy and identity data security. It has the potential to transform identity management across multiple sectors, notwithstanding implementation difficulties. The paper provides a comprehensive analysis of our projected smart identity management system for Bangladesh, beginning with an overview of the system's architecture, proof-of-work, workflow, and required procedures for developing a functional prototype. The system's architecture is based on blockchain technology, which offers a secure and decentralized platform for keeping identity information. In order to increase privacy and security, the architecture is designed to give users control over their identity information. The system is intended to offer a decentralized, safe, and open platform for handling identity data while protecting the confidentiality of individual user information. The advantages of employing this system make it a potential alternative for strengthening the security and privacy of identification information, notwithstanding the difficulties connected with its implementation.

Engineering,Computer Science

Jing He,Xiaofeng MA,Dawei Zhang,Feng Peng

DOI: https://doi.org/10.1051/sands/2024013

2024-10-16

Security and Safety

Abstract:Decentralized identity represents an innovative approach based on blockchain to achieve effective identity management. This method utilizes decentralized identifiers and verifiable credential to enable trusted authentication, free circulation of identity information, and self-sovereign control over identity data functionalities. The current decentralized identity systems rely on entirely anonymous identifiers, lacking robust identity regulation. Furthermore, they face challenges such as identity attribute leakage during verifiable credential presentation and the issuers' struggle to reliably revoke credentials. To address these issues, efficient and practical schemes have been designed based on BBS signature, zero-knowledge proof, dynamic accumulator and blockchain technology: one for decentralized identifiers management and the other for verifiable credential privacy protection, both of which are supervised and revocable. The former ensures the privacy of subject identity while achieving regulatability and revocability of identity data by regulator. The latter facilitates selective disclosure of anonymous credentials and reliable revocation. A security analysis shows that the proposed scheme meets anonymity, non-forgeability, regulatory reliability, and revocability reliability, and offers comprehensive and effective privacy protection measures. The experimental results demonstrate that the algorithms designed operate at a millisecond level, which satisfies the demands of blockchain identity management scenarios.

Jaynill Gopal,Stacey Omeleze-Baror

DOI: https://doi.org/10.34190/iccws.19.1.2041

2024-03-21

International Conference on Cyber Warfare and Security

Abstract:In the digital age digital data has been seen as the new currency for both companies and bad actors,leading to mismanagement of personal data by both entities. This mismanagement could lead to personal databeing breached while this may prove to be beneficial to certain entities, this however is not the case for usersand digital citizens. In recent years there has been an influx in data breaches and data mismanagement casesthroughout various industries, including corporations such as Apple and Facebook, involving critical datarelating to user's digital identities, personal data, and other identifiable information. This issue may beaddressed by employing the use of blockchain technology, a technology that has been recognized as a securesystem promoting security and privacy, we can prevent this mismanagement of data and data breaches fromhappening. While blockchain is a relatively new technology, there is potential to use it in the current age of theinternet and digital identities by employing blockchain technology to secure one’s digital identity. This researchaims to propose a potential solution to the issue of data protection and data breaches by proposing andmaking use of a conceptual model which makes use of a multi-level blockchain system. The system isolatesdata from digital identities between various digital platforms to minimize the amount of data breaches thatmay occur – further minimizing the amount of personal data which may be breached. This system allows theuser to have full control over who may access their private data, while preventing bad actors from accessingthe data without the user’s authorization. The multi-level blockchain splits the user's data according toindustrial or digital sector in which their data is used, with a master blockchain acting as the connecting link toa person's digital identity. Making use of this multi-level blockchain allows for the user to control who hasaccess to their data, while remaining anonymous and secure in a digital platform‘s database or digital storage.

Chuxin Zhuang,Qingyun Dai,Yue Zhang

DOI: https://doi.org/10.1007/s12083-021-01277-1

2022-01-01

Abstract:Currently, more and more intellectual property (IP) applications, including blockchain-based platforms, are presented to protect personal intellectual achievement. However, these applications are independent of each other, and the user’s identity information is controlled by an organization, which may not only reveal the user’s identity information due to the single point of failure, but also add extra communication overhead when the user accesses other applications. Additionally, current research focuses on the user’s control over their information, while the IP field requires tracing the user’s identity information in the event of IP dispute. In this paper, we propose a blockchain-based privacy-preserving and traceability identity management scheme for IP, where the user’s identity information is private and traceable. Our proposed scheme lets users generate their identity (ID) and corresponding public keys and private keys. Key pairs are used for authentication when accessing the services. We use blockchain to record ID and public key of the legitimate user, and adopt improved-Shamir secret sharing to achieve privacy-preserving and traceability of real identity information and reduce storage overhead. Experimental results confirm that our proposed scheme can protect user’s privacy and effectively reduce storage and computation overhead.

computer science, information systems,telecommunications

Zhiming Song,Enhua Yan,Junrong Song,Rong Jiang,Yimin Yu,Taowei Chen

DOI: https://doi.org/10.1007/s13369-024-09178-0

IF: 2.807

2024-06-06

Arabian Journal for Science and Engineering

Abstract:The blockchain-based digital identity system (BDIS) has emerged as a promising alternative to centralized digital identity systems. While BDISs offer numerous advantages such as decentralization and enhanced security, traditional implementations still exhibit weaknesses in ensuring identity authenticity, controllability, and auditability while maintaining privacy. This paper aims to address these challenges by proposing novel approaches. It separates the functions of verifying physical identity and issuing digital credentials into two distinct roles: the identity verifier and the credential provider, employing linkable ring signatures to obscure the verifier's identity and significantly mitigate the risk of identity information leakage—a common issue in traditional schemes where a single entity performs both tasks. Additionally, this paper addresses the overlooked aspect of identity controllability in traditional schemes, especially proactive and passive revocation with privacy in mind, by integrating cryptographic commitments, zero-knowledge proofs, PS randomized signatures, cryptographic accumulators, and AES encryption. This approach ensures privacy while enabling both types of revocation. Furthermore, it tackles the neglected auditability of identity privacy in traditional schemes by combining linkable ring signatures with smart contract events and other technologies, ensuring auditable privacy protection. Fourth, a blockchain smart contract is utilized to manage system parameters and implement on-chain verification of privacy-protected identities, ensuring cross-platform capability, transparent verification, and resilience against single-point failures. A use case is provided, evaluating the system's performance. Comparative analysis and security discussions suggest that the proposed system rectifies deficiencies in current BDISs and offers improved applicability, execution performance, and security.

multidisciplinary sciences

Ruibiao Chen,Fangxing Shu,Shuokang Huang,Lei Huang,Huafang Liu,Jin Liu,Kai Lei

DOI: https://doi.org/10.23919/jcin.2021.9387704

2021-01-01

Journal of Communications and Information Networks

Abstract:Reliable identity management and authentication are significant for network security. In recent years, as traditional centralized identity management systems suffer from security and scalability problems, decentralized identity management has received considerable attention in academia and industry. However, with the increasing sharing interaction among each domain, management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore. To solve these problems, we propose BIdM, a decentralized cross- domain identity management system based on blockchain. We design a decentralized identifier (DID) for naming identities based on the consortium blockchain technique. Since the identity subject fully controls the life cycle and ownership of the proposed DID, it can be signed and issued without a central authentication node's intervention. Simultaneously, every node in the system can participate in identity authentication and trust establishment, thereby solving the centralized mechanism's single point of failure problem. To further improve authentication efficiency and protect users' privacy, BIdM introduces a one-way accumulator as an identity data structure, which guarantees the validity of entity identity. We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation. The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.

Li Zhiji,Zhiji Li

DOI: https://doi.org/10.4236/jis.2022.132003

2022-01-01

Journal of Information Security

Abstract:Decentralized identity authentication is generally based on blockchain, with the protection of user privacy as the core appeal. But traditional decentralized credential system requires users to show all the information of the entire credential to the verifier, resulting in unnecessary overexposure of personal information. From the perspective of user privacy, this paper proposed a verifiable credential scheme with selective disclosure based on BLS (Bohen- Lynn-Shacham) aggregate signature. Instead of signing the credentials, we sign the claims in the credentials. When the user needs to present the credential to verifier, the user can select a part of but not all claims to be presented. To reduce the number of signatures of claims after selective disclosure, BLS aggregate signature is achieved to aggregate signatures of claims into one signature. In addition, our scheme also supports the aggregation of credentials from different users. As a result, verifier only needs to verify one signature in the credential to achieve the purpose of batch verification of credentials. We analyze the security of our aggregate signature scheme, which can effectively resist aggregate signature forgery attack and credential theft attack. The simulation results show that our selective disclosure scheme based on BLS aggregate signature is acceptable in terms of verification efficiency, and can reduce the storage cost and communication overhead. As a result, our scheme is suitable for blockchain, which is strict on bandwidth and storage overhead.

Xiushu Jin,Kazumasa Omote

DOI: https://doi.org/10.1371/journal.pone.0310094

IF: 3.7

2024-09-13

PLoS ONE

Abstract:In the development of web applications, the rapid advancement of Internet technologies has brought unprecedented opportunities and increased the demand for user authentication schemes. Before the emergence of blockchain technology, establishing trust between two unfamiliar entities relied on a trusted third party for identity verification. However, the failure or malicious behavior of such a trusted third party could undermine such authentication schemes (e.g., single points of failure, credential leaks). A secure authorization system is another requirement of user authentication schemes, as users must authorize other entities to act on their behalf in some situations. If the transfer of authentication permissions is not adequately restricted, security risks such as unauthorized transfer of permissions to entities may occur. Some research has proposed blockchain-based decentralized user authentication solutions to address these risks and enhance availability and auditability. However, as we know, most proposed schemes that allow users to transfer authentication permissions to other entities require significant gas consumption when deployed and triggered in smart contracts. To address this issue, we proposed an authentication scheme with transferability solely based on hash functions. By combining one-time passwords with Hashcash, the scheme can limit the number of times permissions can be transferred while ensuring security. Furthermore, due to its reliance solely on hash functions, our proposed authentication scheme has an absolute advantage regarding computational complexity and gas consumption in smart contracts. Additionally, we have deployed smart contracts on the Goerli test network and demonstrated the practicality and efficiency of this authentication scheme.

multidisciplinary sciences

Xiangke Mao,Chao Li,Yong Zhang,Guigang Zhang,Chunxiao Xing

DOI: https://doi.org/10.3390/app14156816

2024-01-01

Abstract:In the current landscape of medical data management, processing data across diverse institutions and maximizing their value are paramount. However, traditional methods lack a secure and efficient mechanism for end-to-end traceability and supervision, posing challenges in distributed scenarios lacking mutual trust. Leveraging blockchain’s decentralized, tamper-proof, and traceable features, this paper introduces a blockchain-based medical data management platform. This platform enables full-process management of raw data, operational behaviors, intermediate data, and final data, meeting the needs of trusted storage and supervision of data. We propose two methods, namely, naive method and DAG-based method, to realize forward tracking and backward tracing of medical data stored on the blockchain, respectively. We validated and analyzed the storage and query performance of the medical data management platform on real medical data, and we also conducted experimental analyses on the efficiency of the proposed traceability algorithm under different data scales and processing path lengths. The results demonstrate that our platform and traceability methods effectively meet the management needs of medical data distributed across institutions.

Yang Liu,Debiao He,Mohammad S. Obaidat,Neeraj Kumar,Muhammad Khurram Khan,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.jnca.2020.102731

IF: 7.574

2020-09-01

Journal of Network and Computer Applications

Abstract:<p>Identity management solutions are generally designed to facilitate the management of digital identities and operations such as authentication, and have been widely used in real-world applications. In recent years, there have been attempts to introduce blockchain-based identity management solutions, which allow the user to take over control of his/her own identity (i.e. self-sovereign identity). In this paper, we provide an in-depth review of existing blockchain-based identity management papers and patents published between May 2017 and January 2020. Based on the analysis of the literature, we identify potential research gaps and opportunities, which will hopefully help inform future research agenda.</p>

computer science, interdisciplinary applications, software engineering, hardware & architecture

Kaiping Xue,Xinyi Luo,Hangyu Tian,Jianan Hong,David S. L. Wei,Jian Li

DOI: https://doi.org/10.1109/tvt.2021.3138203

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:In mobile communication networks, when a user roams to and accesses a foreign network, the foreign operator needs to request the user’s subscription data from a centralized authentication server, which is managed by the user’s home operator. However, centralized authentication introduces single point of failure. Meanwhile, the real-time participation of the home operator and the trust relationship between the foreign operator and the home operator are difficult to guarantee. In this paper, by adopting blockchain and smart contracts, we propose a secure and efficient access control scheme of user subscription data in roaming scenarios. We further design a flexible user authentication scheme, which utilizes derivable tokens based on the proposed access control scheme. By using blockchain to store and manage user subscription data, access control can be decentralized without any trusted third party. Besides, by implementing automatic verification of access privilege through smart contracts, the limitation of the home operators’ real-time participation is eliminated. In addition, to further improve security and reduce the on-chain storage overhead, we optimize the data encryption and storage scheme utilizing threshold secret sharing. Our security and performance analysis show that the proposed user subscription data access control scheme for roaming service provides high-level security while causing acceptable time and storage overhead.

You Sun,Rui Zhang,Xin Wang,Kaiqiang Gao,Ling Liu

DOI: https://doi.org/10.1109/icccn.2018.8487349

2018-01-01

Abstract:Blockchain is one of the technology innovations for sharing data across organizations through a peer to peer overlay network. Many blockchain- based data sharing applications, such as sharing Electronic Health Records (EHRs) among different Care Delivery Organizations (CDOs), require privacy preserving verification services with dual capabilities. On one hand, the users want to verify the authenticity of EHR data as well as the identity of the signer. On the other hand, the signer wants to keep his real identity private such that others cannot trace and infer his identity information. However, typical blockchain systems that use pseudonyms as public keys, such as Bitcoin's blockchain, cannot support such privacy-preserving verification. In such systems, it is hard to verify the authenticity of signer's identity, and adversaries or curious parties can guess the real identity from the series of statements and actions taken with a specific pseudonym through inference attacks, such as by transaction graph analysis. In this paper, we propose a decentralized attribute- based signature scheme for healthcare blockchain, which provides efficient privacy-preserving verification of authenticity of EHR data and signer's identity. We also describe a holistic on-chain and off- chain collaborative storage system for efficient storage and verification EHR data. The analysis and experiments show that our scheme is effective and deployable.

Linsheng Yu,Mingxing He,Hongbin Liang,Ling Xiong,Yang Liu

DOI: https://doi.org/10.3390/s23031264

2023-01-22

Abstract:Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Baocheng Wang,Zetao Li

DOI: https://doi.org/10.3390/fi13100247

2021-09-24

Future Internet

Abstract:Recently, with the great development of e-health, more and more countries have made certain achievements in the field of electronic medical treatment. The digitization of medical equipment and the structuralization of electronic medical records are the general trends. While bringing convenience to people, the explosive growth of medical data will further promote the value of mining medical data. Obviously, finding out how to safely store such a large amount of data is a problem that urgently needs to be solved. Additionally, the particularity of medical data makes it necessarily subject to great privacy protection needs. This reinforces the importance of designing a safe solution to ensure data privacy. Many existing schemes are based on single-server architecture, which have some natural defects (such as single-point faults). Although blockchain can help solve such problems, there are still some deficiencies in privacy protection. To solve these problems, this paper designs a medical data privacy protection system, which integrates blockchain, group signature, and asymmetric encryption to realize reliable medical data sharing between medical institutions and protect the data privacy of patients. This paper proves theoretically that it meets our security and privacy requirements, and proves its practicability through system implementation.

Jiakun Hao,Jianbo Gao,Peng Xiang,Jiashuo Zhang,Ziming Chen,Hao Hu,Zhong Chen

DOI: https://doi.org/10.1109/smc53992.2023.10394499

2023-01-01

Abstract:Decentralized identity (DID) is an identity management framework aiming to return the ownership of an identity to its corresponding user. Recent studies propose to store the identifiers of DID issuers and implement identity management systems based on blockchain. However, existing systems cannot avoid identity tampering and verifiable credential abuse of decentralized identities, which makes the identity management opaque. In this paper, we propose TDID, a Transparent and efficient Decentralized IDentity management system with blockchain. The key insight behind TDID is to manage the registration and authentication of DIDs via smart contracts, and design Structured Merkle Patricia Tree (SMPT) as an underlying data structure to store identity data on blockchain. The smart contract based processes can improve transparency of decentralized identity management, while the SMPT data structure can realize efficient storage of DID data. We implement and evaluate TDID on different identity management operations, and the experimental results show that TDID can achieve about 3.1 times for write operation and 6.3 times for read operation while improving the transparency of DID management.