I N N O V A T I O N C E N T R E
IEEE Security & Privacy on the Blockchain
April 2018
Decentralizing Digital Identity:Open Challenges for Distributed Ledgers
Paul Dunphy1, Luke Garatt1, Fabien Petitcolas2
Innovation CentreVASCO Data Security
1Cambridge UK, 2Brussels, Belgium
The plan
§Setting the Scene§ Quick Identity Primer§ DLT-based identity
§Example: Sovrin
§A Research Agenda§ Refine understanding of DLT properties needed in identity§ Evaluate deployability in light of PKI challenges§ Evaluate exposure to public permissionless DLTs§ Gather new requirements for user experience
§ Final Remarks
© 2018 - VASCO Data Security 2
Quick digital identity primer
§ Identity and Access Management (IAM)§ “enables the right individuals to access the
right resources at the right times and for the right reasons”
§ Ubiquitous 3 party model§ User§ Identity Provider§ Relying Party
§ User centricity§ “that is, the idea of giving the user full
control of transactions involving her identity data” [1]
© 2018 - VASCO Data Security 3
Authentication• Single Sign On• Strong authentication• Authentication levels
Authorisation• Role-based• Rule-based• Attribute-based• Federation
User Management• Provisioning• User types• Identity Proofing• Revocation• Logging
User Directory• Directory• Data synchronization• Meta-directory• Virtual directory• Revocation
Identity and Access Management (IAM):
[1] Bhargav-Spantzel, A., Camenisch, J., Gross, T., & Sommer, D. (2007). User centricity: a taxonomy and open issues. Journal of Computer Security, 15(5), 493-527.
Applying DLT to digital identity
4
identifi
https://github.com/peacekeeper/blockchain-identity© 2018 - VASCO Data Security
identifi
55% of DLTs in design “track digital identity”
Applying DLT in digital identity
© 2018 - VASCO Data Security 5
55% of DLTs track digital identities2
[2] Garrick Hileman, & Michel Rauchs. (2017). 2017 Global Blockchain Benchmarking Study (SSRN Scholarly Paper No. ID 3040224). Rochester, NY: Social Science Research Network. Retrieved from https://papers.ssrn.com/abstract=3040224
identifi
55% of DLTs in design “track digital identity”
Applying DLT in digital identity
© 2018 - VASCO Data Security 6
Decentralized Trusted Identity
Self-Sovereign Identity[3] Dunphy, P., Petitcolas, F.A.P. 2018. A First Look at Identity Management Schemes on the Blockchain. In IEEE Security and Privacy Magazine (to appear July
2018). Also at arXiv:1801.03294 [cs.CR]
55% of DLTs track digital identities2
[2] Garrick Hileman, & Michel Rauchs. (2017). 2017 Global Blockchain Benchmarking Study (SSRN Scholarly Paper No. ID 3040224). Rochester, NY: Social Science Research Network. Retrieved from https://papers.ssrn.com/abstract=3040224
Example: Sovrin (a.k.a. Hyperledger Indy)
© 2018 - VASCO Data Security 7
Controls
User provides required claims
Read/write
• Ledger is a public permissioned user directory• Identifiers as decentralized Identifiers (DID)• Identity is a sequence of claims• Relies on Idemix anonymous credentials
User agentendpoint
User agent
Data vault Policy & keys
Ledger client
EP
Serviceendpoint
Relying party
Data vault Policy & keys
Ledger client
EP
Sovrin permissioned ledgerDIDs {public keys, end-point addresses}, claim definitions
Steward Steward Steward
Providerendpoint
Identity provider
Data vault Policy & keys
Ledger client
EP
Read/write
User requests and receives claims
Sovrin
§Pros§ Supports multiple unlinkable identifiers (e.g., one identifier per interaction)§ Acknowledges need for delegation (Agents)§ Supports Verifiable Claims (an emerging W3C standard)§ No obvious financial cost (to end-users anyway…)
§Cons§ User Experience not (yet?) considered§ Deployability of signing infrastructure§ Silver bullet use case
© 2018 - VASCO Data Security 8
A research agenda
§Refine understanding of DLT properties needed in identity
§Evaluate deployability in light of PKI challenges
§Support secure delegation of credentials
§Evaluate exposure to public permissionless DLTs
§Gather new requirements for user experience
© 2018 - VASCO Data Security 9
Refine vocabulary for DLT-based identity
§Coarse grained vocabulary for DLT-based digital identity
§But which properties of DLT are valuable in digital identity?
§Action: New ways to conceptually evaluate schemes and map them to usage scenarios
© 2018 - VASCO Data Security 10
Scheme Primary Secondary
uPort Immutability Transparency
Sovrin Decentralisation Auditability
ShoCard Immutability Auditability
Evaluate exposure to public permissionless DLT
§ Public and permissionless DLTs are wedded to proof of work consensus.§ Energy usage
§ Transaction load created and response to congestion
§ Transaction fees are often abstracted away
§ Action: Create models of envisioned user behaviour, transaction load and relevant economic constraints
© 2018 - VASCO Data Security 11
Scheme Authentication Identifier Creation
AccountRecovery
Attribute Storage
uPort No Yes Yes Yes
ShoCard No Yes - Yes
Usability Deployability
Cost
Evaluate deployability w.r.t. PKI
§ Public Key Infrastructure (PKI) adds trust to web browsing
§ Credential Lifecycle Challenges§ Key Management§ Establishment (e.g. EV certificates)§ Federation§ Revocation
§ Certificate Revocation Lists (CRL)§ OCSP
§ Open group PKI rarely used for human identity [4,5]
§ Action: Investigate and evaluate operational and technological differences vs. PKI
© 2018 - VASCO Data Security 12
[4] Don Davis. 1996. Compliance defects in public-key cryptography. In Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6, 17. Retrieved from http://dl.acm.org/citation.cfm?id=1267569.1267586
[5] Guida, R., Stahl, R., Bunt, T., Secrest, G., & Moorcones, J. (2004). Deploying and using public key technology: lessons learned in real life. IEEE Security Privacy, 2(4), 67–71. https://doi.org/10.1109/MSP.2004.41
Gather new user experience requirements
§ Identity management is not the user’s primary goal [6]
§ Upgrading the user’s workload to achieve already existing outcomes§ Key management§ Understand nuances of GDPR§ No helpdesk to call§ Account recovery
§ Action: Redouble efforts to understand how users achieve identity management – as it is
© 2018 - VASCO Data Security 13
[6] Rachna Dhamija and Lisa Dusseault. 2008. The Seven Flaws of Identity Management: Usability and Security Challenges. IEEE Security and Privacy6, 2 (March 2008), 24-29. DOI=http://dx.doi.org/10.1109/MSP.2008.49
Final remarks
§ This is an interesting space
§ Important to work from usage contexts
§ Let’s do research on:§ Refine understanding of DLT properties needed in identity§ Evaluate deployability in light of PKI challenges§ Support secure delegation of credentials§ Evaluate exposure to public permissionless DLTs§ Gather new requirements for user experience
© 2018 - VASCO Data Security 14
Email: [email protected]: @dunff