Analyzing and comparing the security of self-sovereign identity management systems through threat modeling

Abstract: The concept of Self-Sovereign Identity (SSI) promises to strengthen the security and user-centricity of identity management. Since any secure online service relies on secure identity management, we comparatively analyze the intrinsic security of SSI. Thus, we adopt a hybrid threat modeling approach comprising STRIDE, attack trees, and ratings towards this unique context. Data flow diagrams of the isolated, centralized and the SSI model serve as the foundation for the assessment. The evolution of the paradigms … Show more

“…Since Rayhan Ahmed et al [33] mainly describe the current state of blockchain and SSI and outline ten attacks on the consensus and network layers, we described in Sections 6.4 and 6.6, we disregard the publication in this section. Hence, we focus on Naik et al [32] and Grüner et al [34]. Naik et al [32] first identify assets and potential attacks before generating an attack tree for each identified attack.…”

“…Naik et al [32] first identify assets and potential attacks before generating an attack tree for each identified attack. Grüner et al [34] apply STRIDE to the various components of SSI. In the following, we summarize and combine the results of both approaches.…”

“…Grüner et al [34] apply the STRIDE model to the user agent. Thereby, the authors recognize spoofing (acquiring the private key, stealing or covertly accessing the user agent device, and exploiting the recovery mechanism of the identity), tampering with the user agent's data, repudiating identity actions (deliberately disclosing the private key, revoking an identity, and deliberately losing the user agent device), revealing confidential identity information, denying identity actions (stealing or breaking the user agent device, deleting the private key, and exploiting identity revocation), and elevation of privileges on the user agent (not applicable).…”

“…Grüner et al [34] regard the organizational agent. By applying STRIDE, they identify spoofing (misusing an identity), tampering (manipulating a configuration), repudiation (illegitimate revocing a VC), revealing confidential identity information (not applicable), denying identity actions, and elevating privileges (taking-over a role).…”

“…By utilizing STRIDE, Grüner et al [34] identify in the area of communication the issues of spoofing and tampering (spoofing communication partner), repudiation (disputing a message), and revealing confidential information (intercepting traffic).…”

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

“…Since Rayhan Ahmed et al [33] mainly describe the current state of blockchain and SSI and outline ten attacks on the consensus and network layers, we described in Sections 6.4 and 6.6, we disregard the publication in this section. Hence, we focus on Naik et al [32] and Grüner et al [34]. Naik et al [32] first identify assets and potential attacks before generating an attack tree for each identified attack.…”

“…Naik et al [32] first identify assets and potential attacks before generating an attack tree for each identified attack. Grüner et al [34] apply STRIDE to the various components of SSI. In the following, we summarize and combine the results of both approaches.…”

“…Grüner et al [34] apply the STRIDE model to the user agent. Thereby, the authors recognize spoofing (acquiring the private key, stealing or covertly accessing the user agent device, and exploiting the recovery mechanism of the identity), tampering with the user agent's data, repudiating identity actions (deliberately disclosing the private key, revoking an identity, and deliberately losing the user agent device), revealing confidential identity information, denying identity actions (stealing or breaking the user agent device, deleting the private key, and exploiting identity revocation), and elevation of privileges on the user agent (not applicable).…”

“…Grüner et al [34] regard the organizational agent. By applying STRIDE, they identify spoofing (misusing an identity), tampering (manipulating a configuration), repudiation (illegitimate revocing a VC), revealing confidential identity information (not applicable), denying identity actions, and elevating privileges (taking-over a role).…”

“…By utilizing STRIDE, Grüner et al [34] identify in the area of communication the issues of spoofing and tampering (spoofing communication partner), repudiation (disputing a message), and revealing confidential information (intercepting traffic).…”

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Self-Sovereign Identity Management in Ship-Based 5G-Devices Use Case

DistIN: Analysis and Validation of a Concept and Protocol for Distributed Identity Information Networks