Privacy-Preserving eID Derivation for Self-Sovereign Identity Systems

Abraham, Andreas; Hörandner, Felix; Omolola, Olamide; Ramacher, Sebastian

doi:10.1007/978-3-030-41579-2_18

Cited by 12 publications

(26 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Usually, it was basic to authenticate a user with a token and certificate issued from the OSINT tool provider after registering the user. Also, one method is to use an identity authentication service using a decentralized identity (DID), which has become an issue recently [62,63]. DID is a technology in which the user has the authority to control his/her own information, and authentication can be performed with a minimum amount of information compared to the identification method controlled by the existing central system.…”

Section: Security Requirements For Users To Access and Use Osint Datamentioning

confidence: 99%

Current Status and Security Trend of OSINT

Hwang

Lee

Kim

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Recently, users have used open-source intelligence (OSINT) to gather and obtain information regarding the data of interest. The advantage of using data gathered by OSINT is that security threats arising in cyberspace can be addressed. However, if a user uses data collected by OSINT for malicious purposes, information regarding the target of an attack can be gathered, which may lead to various cybercrimes, such as hacking, malware, and a denial-of-service attack. Therefore, from a cybersecurity point of view, it is important to positively use the data gathered by OSINT in a positive manner. If exploited in a negative manner, it is important to prepare countermeasures that can minimize the damage caused by cybercrimes. In this paper, the current status and security trends of OSINT will be explained. Specifically, we present security threats and cybercrimes that may occur if data gathered by OSINT are exploited by malicious users. Furthermore, to solve this problem, we propose security requirements that can be applied to the OSINT environment. The proposed security requirements are necessary for securely gathering and storing data in the OSINT environment and for securely accessing and using the data collected by OSINT. The goal of the proposed security requirements is to minimize the damage when cybercrimes occur in the OSINT environment.

show abstract

Section: Security Requirements For Users To Access and Use Osint Datamentioning

confidence: 99%

Current Status and Security Trend of OSINT

Hwang

Lee

Kim

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Unlinkable signature-based disclosure schemes. Many mainstream SSI solutions are based on signature derivation (most notably Idemix's CL signatures [12] and JSON Web Tokens [19]), possibly storing revocations on blockchains [1]. These signatures bind the key of the identity holder to the disclosed data and usually allow derivation of a new signature that is also valid for the same data (which is claimed to make this data unlinkable, though fingerprinting makes users completely linkable as we have previously discussed).…”

Section: Related Workmentioning

confidence: 99%

A Truly Self-Sovereign Identity System

Stokkink

Ishmaev

Epema

et al. 2021

2021 IEEE 46th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

Existing digital identity management systems fail to deliver the desirable properties of control by the users of their own identity data, credibility of disclosed identity data, and network-level anonymity. The recently proposed Self-Sovereign Identity (SSI) approach promises to give users these properties. However, we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties. We show that the latency incurred by network-level anonymization in TCID is significantly larger than that of identity data disclosure protocols but is still low enough for practical situations. We conclude that current research on SSI is too narrowly focused on these data disclosure protocols.

show abstract

“…Such a derivation process needs to transform the data and maintain the data's trustworthiness. Abraham et al [50] proposed a privacy-preserving decentralized eID derivation for SSI, where intermediate parties cannot access the users' attributes in plain.…”

Section: Solving Ssi Challengesmentioning

confidence: 99%

“…On the downside, this counteracts the principles of SSI. A privacy-preserving decentralized eID derivation for SSI [50] is another approach that needs to be taken into account. In addition, some services might not even (willingly or unwillingly) enable FIM.…”

Section: Technical Factorsmentioning

confidence: 99%

eID and Self-Sovereign Identity Usage: An Overview

2021

View full text Add to dashboard Cite

The COVID-19 pandemic helped countries to increase the use of their mobile eID solutions. These are based on traditional identity management systems, which suffer from weaknesses, such as the reliance on a central entity to provide the identity data and the lack of control of the user over her or his data. The introduction of self-sovereign identity (SSI) for e-government systems can strengthen the privacy of the citizens while enabling identification also for the weakest. To successfully initiate SSI, different factors have to be taken into account. In order to have a clear understanding of the challenges, but also lessons learned, we provide an overview of existing solutions and projects and conducted an analysis of their experiences. Based on a taxonomy, we identified strong points, as well as encountered challenges. The contribution of this paper is threefold: First, we enhanced existing taxonomies based on the literature for further evaluations. Second, we analyzed eID solutions for lessons learned. Third, we evaluated more recently started SSI projects in different states of their lifecycle. This led to a comprehensive discussion of the lessons learned and challenges to address, as well as further findings.

show abstract

Privacy-Preserving eID Derivation for Self-Sovereign Identity Systems

Cited by 12 publications

References 18 publications

Current Status and Security Trend of OSINT

Current Status and Security Trend of OSINT

A Truly Self-Sovereign Identity System

eID and Self-Sovereign Identity Usage: An Overview

Contact Info

Product

Resources

About