Haotian Deng,Jinwen Liang,Chuan Zhang,Ximeng Liu,Liehuang Zhu,Song Guo

DOI: https://doi.org/10.1109/tc.2024.3398509

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:Decentralized identity (DID) systems conforming to the World Wide Web Consortium (W3C) Decentralized Identifiers (DIDs) and Verifiable Credentials Data Model recommendations have recently attracted attention due to their better autonomy, interoperability, and openness design. However, those W3C recommendations lack a design for addressing the single point of failure (SPOF) and identity revocation, which could seriously compromise the robustness and practicality of DID systems. To remedy these limitations, we propose FutureDID, a DID system that enables multiple parties to jointly issue credentials and efficiently revoke DID identities, providing a robust and practical DID system. FutureDID is designed with a multi-party credential issuing mechanism based on distributed key generation technology, which transforms trust from a single entity to distributed committees and facilitates authentication between issuers, making it more resistant to SPOF. Moreover, the underlying blockchain system is built on a chameleon hash function to ensure tamper-proof and enable efficient identity revocation. We have implemented a prototype system using FISCO BCOS and conducted extensive evaluations to demonstrate the effectiveness and practicality of our system. Our evaluations have shown that FutureDID provides a significant improvement in efficiency, achieving at least a 60 × efficiency improvement in identity revocation compared to state-of-the-art systems.

Jing He,Xiaofeng MA,Dawei Zhang,Feng Peng

DOI: https://doi.org/10.1051/sands/2024013

2024-10-16

Security and Safety

Abstract:Decentralized identity represents an innovative approach based on blockchain to achieve effective identity management. This method utilizes decentralized identifiers and verifiable credential to enable trusted authentication, free circulation of identity information, and self-sovereign control over identity data functionalities. The current decentralized identity systems rely on entirely anonymous identifiers, lacking robust identity regulation. Furthermore, they face challenges such as identity attribute leakage during verifiable credential presentation and the issuers' struggle to reliably revoke credentials. To address these issues, efficient and practical schemes have been designed based on BBS signature, zero-knowledge proof, dynamic accumulator and blockchain technology: one for decentralized identifiers management and the other for verifiable credential privacy protection, both of which are supervised and revocable. The former ensures the privacy of subject identity while achieving regulatability and revocability of identity data by regulator. The latter facilitates selective disclosure of anonymous credentials and reliable revocation. A security analysis shows that the proposed scheme meets anonymity, non-forgeability, regulatory reliability, and revocability reliability, and offers comprehensive and effective privacy protection measures. The experimental results demonstrate that the algorithms designed operate at a millisecond level, which satisfies the demands of blockchain identity management scenarios.

Zhiming Song,Enhua Yan,Junrong Song,Rong Jiang,Yimin Yu,Taowei Chen

DOI: https://doi.org/10.1007/s13369-024-09178-0

IF: 2.807

2024-06-06

Arabian Journal for Science and Engineering

Abstract:The blockchain-based digital identity system (BDIS) has emerged as a promising alternative to centralized digital identity systems. While BDISs offer numerous advantages such as decentralization and enhanced security, traditional implementations still exhibit weaknesses in ensuring identity authenticity, controllability, and auditability while maintaining privacy. This paper aims to address these challenges by proposing novel approaches. It separates the functions of verifying physical identity and issuing digital credentials into two distinct roles: the identity verifier and the credential provider, employing linkable ring signatures to obscure the verifier's identity and significantly mitigate the risk of identity information leakage—a common issue in traditional schemes where a single entity performs both tasks. Additionally, this paper addresses the overlooked aspect of identity controllability in traditional schemes, especially proactive and passive revocation with privacy in mind, by integrating cryptographic commitments, zero-knowledge proofs, PS randomized signatures, cryptographic accumulators, and AES encryption. This approach ensures privacy while enabling both types of revocation. Furthermore, it tackles the neglected auditability of identity privacy in traditional schemes by combining linkable ring signatures with smart contract events and other technologies, ensuring auditable privacy protection. Fourth, a blockchain smart contract is utilized to manage system parameters and implement on-chain verification of privacy-protected identities, ensuring cross-platform capability, transparent verification, and resilience against single-point failures. A use case is provided, evaluating the system's performance. Comparative analysis and security discussions suggest that the proposed system rectifies deficiencies in current BDISs and offers improved applicability, execution performance, and security.

multidisciplinary sciences

Ruibiao Chen,Fangxing Shu,Shuokang Huang,Lei Huang,Huafang Liu,Jin Liu,Kai Lei

DOI: https://doi.org/10.23919/jcin.2021.9387704

2021-01-01

Journal of Communications and Information Networks

Abstract:Reliable identity management and authentication are significant for network security. In recent years, as traditional centralized identity management systems suffer from security and scalability problems, decentralized identity management has received considerable attention in academia and industry. However, with the increasing sharing interaction among each domain, management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore. To solve these problems, we propose BIdM, a decentralized cross- domain identity management system based on blockchain. We design a decentralized identifier (DID) for naming identities based on the consortium blockchain technique. Since the identity subject fully controls the life cycle and ownership of the proposed DID, it can be signed and issued without a central authentication node's intervention. Simultaneously, every node in the system can participate in identity authentication and trust establishment, thereby solving the centralized mechanism's single point of failure problem. To further improve authentication efficiency and protect users' privacy, BIdM introduces a one-way accumulator as an identity data structure, which guarantees the validity of entity identity. We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation. The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.

Jie Yin,Yang Xiao,Qingqi Pei,Ying Ju,Lei Liu,Ming Xiao,Celimuge Wu

DOI: https://doi.org/10.1109/jiot.2022.3145089

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) applications have penetrated into all aspects of human life. Millions of IoT users and devices, online services, and applications combine to create a complex and heterogeneous network, which complicates the digital identity management. Distributed identity is a promising paradigm to solve IoT identity problems and allows users to have soverignty over their private data. However, the existing state-of-the-art methods are unsuitable for IoT due to continuing issues regarding resource limitations for IoT devices, security and privacy issues, and lack of a systematic proof system. Accordingly, in this article, we propose SmartDID, a novel blockchain-based distributed identity aimed at establishing a self-sovereign identity and providing strong privacy preservation. First, we configure IoT devices as light nodes and design a Sybil-resistant, unlinkable, and supervisable distributed identity that does not rely on central identity providers. We further develop a dual-credential model based on commitment and zero-knowledge proofs to protect the privacy of sensitive attributes, on-chain identity data, and linkage of credentials. Moreover, we combine the basic credential proofs to prove the knowledge of solutions to more complex problems and create a systematic proof system. We go on to provide the security analysis of SmartDID. Experimental analysis shows that our scheme achieves better performance in terms of both credential generation and proof generation when compared with CanDID.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yizhong Liu,Boyu Zhao,Zedan Zhao,Jianwei Liu,Xun Lin,Qianhong Wu,Willy Susilo

DOI: https://doi.org/10.1109/jiot.2024.3380068

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Web3 is a revolutionary Internet paradigm that focusing decentralization, user empowerment, and intelligence. One of its key technologies is decentralized identity (DID), which has gained significant attention recently. However, existing DID solutions are not scalable enough to be compatible with the large-scale identity node applications required by Web3 across various fields. To overcome this challenge, we propose the first multi-layer Web3 DID architecture utilizing sharding blockchain, which provides management, scalability, and compatibility. This architecture leverages leader shards and the main chain to establish trust, while regular shards manage DID-related transactions. Specific system processes and query optimizations are also given. Besides, formal security analysis and comprehensive simulation evaluations have demonstrated that the architecture can achieve all proposed security and performance goals, including low latency of down to 2 seconds and high throughput of up to 90KTPS.

computer science, information systems,telecommunications,engineering, electrical & electronic

Deepak Maram,Harjasleen Malvai,Fan Zhang,Nerla Jean-Louis,Alexander Frolov,Tyler Kell,Tyrone Lobban,Christine Moy,Ari Juels,Andrew Miller

DOI: https://doi.org/10.1109/SP40001.2021.00038

2021-01-01

Abstract:We present CanDID, a platform for practical, user-friendly realization of decentralized identity, the idea of empowering end users with management of their own credentials.While decentralized identity promises to give users greater control over their private data, it burdens users with management of private keys, creating a significant risk of key loss. Existing and proposed approaches also presum...

Efat Samir,Hongyi Wu,Mohamed Azab,Chunsheng Xin,Qiao Zhang,Chun Sheng Xin

DOI: https://doi.org/10.1109/jiot.2021.3112537

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:In a ubiquitous environment enclosing cooperative Internet-of-Things (IoT) devices, individuals, and entities, digital identity management (DIM) becomes critical and challenging. DIM pertains to device identities authentication and verification to enable trustworthy service exchange, data collection, and decision making. DIM is the supporting pillar for all online services and the foundation for security and authentication mechanisms. Due to the extreme heterogeneity, scale, and configuration complexity of such environments, enabling trustworthy DIM is crucial and seriously challenging. In an IoT context, devices use local digital identities stored within a tamper-proof unit and verified by a centralized authority for authentication. The recent attacks on IoT systems showed how vulnerable such a design is. It is also an inherent problem that influences humans. From that, self-sovereign identity (SSI) has emerged as a decentralized DIM approach embracing the concept of portable self-possession identity. SSI was presented to couple the digital identity from the owner to enable large-scale cooperation. However, digital identity storage and verification still occur on the device and in a centralized manner. Utilizing a local single-point-of-failure storage memory for verifiable credentials is one of the considerable drawbacks in contemporary SSI. In this regard, this article introduces decentralized trustworthy-self-sovereign identity management (DT-SSIM), a novel decentralized trustworthy SSI management framework. DT-SSIM integrates the secret share scheme with the blockchain-based smart contracts technologies to provide transparent and trustworthy SSI-based DIM services for IoT. Storing IoT identity credentials outside the devices' local storage preserves the identity credentials from being tampered with or misused. Evaluations and discussions show the resiliency assessment of the system and the cost and estimated running times for verification pro-esses in DT-SSIM.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiao Chen,Jie Ding,Zhenyu Lu

DOI: https://doi.org/10.1109/tits.2020.3013279

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Commercialized 5G technology will provide reliable and efficient connectivity of motor vehicles that could support the dissemination of information under an intelligent transportation system. However, such service still suffers from risks or threats due to malicious content producers. The traditional public key infrastructure (PKI) cannot restrain such untrusted but legitimate publishers. Therefore, a trust-based service management mechanism is required to secure information dissemination. The issue of how to achieve a trust management model becomes a key problem in the situation. This paper proposes a novel prototype of the decentralized trust management system (DTMS) based on blockchain technologies. Compared with the conventional and centralized trust management system, DTMS adopts a decentralized consensus-based trust evaluation model and a blockchain-based trust storage system, which provide a transparent evaluation procedure and irreversible storage of trust credits. Moreover, the proposed trust model improves blockchain efficiency by only allowing trusted nodes participating in the validation and consensus process. Additionally, the designed system creatively applies a trusted execution environment (TEE) to secure the trust evaluation process together with an incentive model that is used to stimulate more participation and penalize malicious behaviours. Finally, to evaluate our new design prototype, both numerical analysis and practical experiments are implemented for performance evaluation.

engineering, electrical & electronic,transportation science & technology, civil

Arnaf Aziz Torongo,Mohsen Toorani

DOI: https://doi.org/10.48550/arXiv.2307.16239

2023-07-30

Abstract:Blockchain-based decentralized identity management provides a promising solution to improve the security and privacy of healthcare systems and make them scalable. Traditional Identity Management Systems are centralized, which makes them single-point-of-failure, vulnerable to attacks and data breaches, and non-scalable. In contrast, decentralized identity management based on the blockchain can ensure secure and transparent access to patient data while preserving privacy. This approach enables patients to control their personal health data while granting permission for medical personnel to access specific information as needed. We propose a decentralized identity management system for healthcare systems named BDIMHS based on a permissioned blockchain with Hyperledger Indy and Hyperledger Aries. We develop further descriptions of required functionalities and provide high-level procedures for network initialization, enrollment, registration, issuance, verification and revocation functionalities. The proposed solution improves data security, privacy, immutability, interoperability, and patient autonomy by using selective disclosure, zero-knowledge proofs, Decentralized Identifiers, and Verifiable Credentials. Furthermore, we discuss the potential challenges associated with implementing this technology in healthcare and evaluate the performance and security of the proposed solution.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jia Guo,Wei Yu,Songpu Ai,Junwei Cao

DOI: https://doi.org/10.1109/ICEI60179.2023.00021

2023-01-01

Abstract:In the field of the energy internet, the consumption of distributed power generation for renewable energy is increasing steadily. Considering either the energy security or the transportation loss, the locally generated power would be the first choice. More frequent and more accurate peer-to-peer distributed energy transactions with complicated quality requirements are a significant challenge for current power trading systems. It would be risky and unnecessary to design and operate a centralized trading system to deal with all local transactions on the entire grid. At the same time, the system also needs vital capabilities like supervision and regulations. In this paper, a decentralized identity based energy trading system is proposed over a blockchain network and the distributed identifier (DID) is adopted to identify different energy entities and participants. The verifiable presentation (VP) is adopted by the system to simplify the detection and supervision process of the participants and to minimize information leakage during the transaction lifecycle. On the blockchain network as a highly trusted universal data registry, the entire workflow of energy trading is immutable and traceable. Simulation results show that the energy trading system could operate well.

A. Shobanadevi,Sumegh Tharewal,Mukesh Soni,D. Dinesh Kumar,Ihtiram Raza Khan,Pankaj Kumar

DOI: https://doi.org/10.1007/s13198-021-01494-0

2021-11-27

International Journal of System Assurance Engineering and Management

Abstract:Blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system. A blockchain is essentially a digital ledger of transactions that is duplicated and distributed across the entire network of computer systems on the blockchain. Blockchain is an especially promising and revolutionary technology because it helps reduce risk, stamps out fraud, and brings transparency in a scalable way for myriad uses. Blockchain offers decentralised credentials, making it a global system. It also promotes user-to-user data transmission. However, blockchain-based identity management is crucial for data security. The user owns the identification. Blockchain-based IDMs solve conventional IDM flaws. As technology advances, so does the need for user data protection. Advance payment to safeguard data is unacceptable. So, identity management solutions assist overcome the flaws. Blockchain consists of three important concepts: blocks, nodes, and miners. Blockchain makes life simpler by changing the way personal data is stored are made available. While the government and other third parties are addressing the problem, the users are still exposed to identity management. Personal identity management takes increasing security and productivity. Blockchain eliminates the third party by transferring data between two entities. This work develops a categorization model for Ethereum addresses based on a few criteria. Voting categorization outperforms the other models with an accuracy of 88.89% and an AUC Score of 97%.

Mirza Kamrul Bashar Shuhan,Syed Md. Hasnayeen,Tanmoy Krishna Das,Md. Nazmus Sakib,Md Sadek Ferdous

2023-04-30

Abstract:Federated Identity Management has proven its worth by offering economic benefits and convenience to Service Providers and users alike. In such federations, the Identity Provider (IdP) is the solitary entity responsible for managing user credentials and generating assertions for the users, who are requesting access to a service provider's resource. This makes the IdP centralised and exhibits a single point of failure for the federation, making the federation prone to catastrophic damages. The paper presents our effort in designing and implementing a decentralised system in establishing an identity federation. In its attempt to decentralise the IdP in the federation, the proposed system relies on blockchain technology, thereby mitigating the single point of failure shortcoming of existing identity federations. The system is designed using a set of requirements In this article, we explore different aspects of designing and developing the system, present its protocol flow, analyse its performance, and evaluate its security using ProVerif, a state-of-the-art formal protocol verification tool.

Cryptography and Security

Shlok Gilda,Tanvi Jain,Aashish Dhalla

DOI: https://doi.org/10.48550/arXiv.2207.02207

2022-07-06

Abstract:Authentication and authorization of a user's identity are generally done by the service providers or identity providers. However, these centralized systems limit the user's control of their own identity and are prone to massive data leaks due to their centralized nature. We propose a blockchain-based identity management system to authenticate and authorize users using attribute-based access control policies and privacy-preserving algorithms and finally returning the control of a user's identity to the user. Our proposed system would use a private blockchain, which would store the re-certification events and data access and authorization requests for users' identities in a secure, verifiable manner, thus ensuring the integrity of the data. This paper suggests a mechanism to digitize documents such as passports, driving licenses, electricity bills, etc., issued by any government authority or other authority in an immutable and secure manner. The data owners are responsible for authenticating and propagating the users' identities as and when needed using the OpenID Connect protocol to enable single sign-on. We use advanced cryptographic algorithms to provide pseudonyms to the users, thus ensuring their privacy. These algorithms also ensure the auditability of transactions as and when required. Our proposed system helps in mitigating some of the issues in the recent privacy debates. The project finds its applications in citizen transfers, inter-country service providence, banks, ownership transfer, etc. The generic framework can also be extended to a consortium of banks, hospitals, etc.

Cryptography and Security

Cristian Nicolae Butincu,Adrian Alexandrescu

DOI: https://doi.org/10.1109/access.2024.3394537

IF: 3.9

2024-05-03

IEEE Access

Abstract:The increased digitalization of society raises concerns regarding data protection and user privacy, and criticism on how the companies handle user data without being transparent and without providing adequate mechanisms for users to control how their own data is being processed or shared. To address this problem and open the way for a secure and efficient society, where the privacy of citizens is paramount, the identity concept and proof of identity mechanisms need to be redesigned from the ground up. In this paper we discuss how the emerging Web3 technologies like distributed ledger technology (DLT), blockchain, smart contracts, decentralized storage systems, and crypto wallets can be leveraged to design and implement a decentralized digital identity system based on decentralized identifiers (DID) and self-sovereign identities (SSI). Such a system puts the users in full control over their own data while also providing a solid backbone for building interoperable systems that are secure, scalable, and efficient. We propose different architectures for the decentralized identity infrastructure and storage layer, and also discuss the mapping of these architectures on cloud platforms. The main goal is to provide an architectural blueprint for a scalable, secure, privacy-preserving and trusted system.

computer science, information systems,telecommunications,engineering, electrical & electronic

Biao Ma,Haifeng Qian

DOI: https://doi.org/10.1007/s12083-024-01866-w

IF: 3.488

2024-11-28

Peer-to-Peer Networking and Applications

Abstract:Traditional identity management solutions currently encounter numerous challenges. (1) These solutions store user information in centralized databases, thereby exposing them to potential risks such as single points of failure and privacy breaches. (2) The lack of data compatibility between various applications leads to escalated communication expenses. (3) While existing solutions strive to tackle these challenges through blockchain, tracking malicious users often proves to be challenging. Moreover, due to the full-replication strategies of the blockchain, the storage overhead becomes excessive. To address these challenges, this paper introduces a scalable identity management scheme utilizing blockchain technology, with the primary goal of enhancing identity protection and traceability. We also integrate blockchain technology with Reed-Solomon (RS) encoding and Certificateless Aggregate Signature (CLAS) to safeguard user information, with each node specifically storing a portion of the encoded data block. In contrast to traditional identity management solutions. (1) Our approach tackles the single point of failure problem by blockchain. Simultaneously, it ensures the security of identity and the ability to track malicious users. Users need only upload information once to access different applications without maintaining multiple sets of account passwords. (2) Furthermore, compared to the traditional blockchain full replication strategy, our method significantly reduces storage overhead from O ( n ) to O (1), greatly improving scalability. Meanwhile, we eliminate time for block searches, accelerating the processes of authentication and information traceability. (3) Our scheme employs CLAS to verify data integrity, ensuring the reliability of received data. In the real world, our solution demonstrates high availability and scalability, with performance analysis and experimental evaluation providing relevant data for validation.

computer science, information systems,telecommunications

Patrick Herbke,Sid Lamichhane,Kaustabh Barman,Sanjeet Raj Pandey,Axel Küpper,Andreas Abraham,Markus Sabadello

2024-09-02

Abstract:Supply chain data management faces challenges in traceability, transparency, and trust. These issues stem from data silos and communication barriers. This research introduces DIDChain, a framework leveraging blockchain technology, Decentralized Identifiers, and the InterPlanetary File System. DIDChain improves supply chain data management. To address privacy concerns, DIDChain employs a hybrid blockchain architecture that combines public blockchain transparency with the control of private systems. Our hybrid approach preserves the authenticity and reliability of supply chain events. It also respects the data privacy requirements of the participants in the supply chain. Central to DIDChain is the cheqd infrastructure. The cheqd infrastructure enables digital tracing of asset events, such as an asset moving from the milk-producing dairy farm to the cheese manufacturer. In this research, assets are raw materials and products. The cheqd infrastructure ensures the traceability and reliability of assets in the management of supply chain data. Our contribution to blockchain-enabled supply chain systems demonstrates the robustness of DIDChain. Integrating blockchain technology through DIDChain offers a solution to data silos and communication barriers. With DIDChain, we propose a framework to transform the supply chain infrastructure across industries.

Cryptography and Security,Networking and Internet Architecture

Libin Xia,Jiashuo Zhang,Xihan Zhang,Yue Li,Jianbo Gao,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1109/dapps57946.2023.00028

2023-01-01

Abstract:The popularity of decentralized applications brings increasing on-chain audit concerns. Since on-chain accounts do not link to real-world identities, decentralized applications have been wildly used for illegal activities like money laundering. Decentralized identity (DID) is one of the most promising solutions to guarantee on-chain auditability in a privacy-preserving way. However, the existing DID systems suffer from two limitations, making them rarely adopted in on-chain decentralized applications. First, most previous systems only provide partial auditability, meaning that their regulators cannot trace users' real-world identities after users' malicious behaviors occur. Second, current solutions are usually isolated systems, causing a lack of interoperability with on-chain decentralized applications. To address the problems, we propose Didapper, a practical and auditable on-chain identity service with both privacy and auditability for decentralized applications. We introduce group signatures to provide anonymous and traceable credentials for on-chain users and decentralized applications. In order to meet the efficiency and flexibility requirements, we design credential structure and workflow mostly compatible with W3C standards (a DID recommendation that enables verifiable, decentralized digital identity), and realize credential verification service with updatable policies. We implement Didapper and evaluate it on Ethereum, and the results show that the performance of Didapper is acceptable in practice.

Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.