I N N O V A T I O N C E N T R E

IEEE Security & Privacy on the Blockchain

April 2018

Decentralizing Digital Identity:Open Challenges for Distributed Ledgers

Paul Dunphy1, Luke Garatt1, Fabien Petitcolas2

Innovation CentreVASCO Data Security

1Cambridge UK, 2Brussels, Belgium

The plan

§Setting the Scene§ Quick Identity Primer§ DLT-based identity

§Example: Sovrin

§A Research Agenda§ Refine understanding of DLT properties needed in identity§ Evaluate deployability in light of PKI challenges§ Evaluate exposure to public permissionless DLTs§ Gather new requirements for user experience

§ Final Remarks

© 2018 - VASCO Data Security 2

Quick digital identity primer

§ Identity and Access Management (IAM)§ “enables the right individuals to access the

right resources at the right times and for the right reasons”

§ Ubiquitous 3 party model§ User§ Identity Provider§ Relying Party

§ User centricity§ “that is, the idea of giving the user full

control of transactions involving her identity data” [1]

© 2018 - VASCO Data Security 3

Authentication• Single Sign On• Strong authentication• Authentication levels

Authorisation• Role-based• Rule-based• Attribute-based• Federation

User Management• Provisioning• User types• Identity Proofing• Revocation• Logging

User Directory• Directory• Data synchronization• Meta-directory• Virtual directory• Revocation

Identity and Access Management (IAM):

[1] Bhargav-Spantzel, A., Camenisch, J., Gross, T., & Sommer, D. (2007). User centricity: a taxonomy and open issues. Journal of Computer Security, 15(5), 493-527.

Applying DLT to digital identity

4

identifi

https://github.com/peacekeeper/blockchain-identity© 2018 - VASCO Data Security

identifi

55% of DLTs in design “track digital identity”

Applying DLT in digital identity

© 2018 - VASCO Data Security 5

55% of DLTs track digital identities2

[2] Garrick Hileman, & Michel Rauchs. (2017). 2017 Global Blockchain Benchmarking Study (SSRN Scholarly Paper No. ID 3040224). Rochester, NY: Social Science Research Network. Retrieved from https://papers.ssrn.com/abstract=3040224

identifi

55% of DLTs in design “track digital identity”

Applying DLT in digital identity

© 2018 - VASCO Data Security 6

Decentralized Trusted Identity

Self-Sovereign Identity[3] Dunphy, P., Petitcolas, F.A.P. 2018. A First Look at Identity Management Schemes on the Blockchain. In IEEE Security and Privacy Magazine (to appear July

2018). Also at arXiv:1801.03294 [cs.CR]

55% of DLTs track digital identities2

[2] Garrick Hileman, & Michel Rauchs. (2017). 2017 Global Blockchain Benchmarking Study (SSRN Scholarly Paper No. ID 3040224). Rochester, NY: Social Science Research Network. Retrieved from https://papers.ssrn.com/abstract=3040224

Example: Sovrin (a.k.a. Hyperledger Indy)

© 2018 - VASCO Data Security 7

Controls

User provides required claims

Read/write

• Ledger is a public permissioned user directory• Identifiers as decentralized Identifiers (DID)• Identity is a sequence of claims• Relies on Idemix anonymous credentials

User agentendpoint

User agent

Data vault Policy & keys

Ledger client

EP

Serviceendpoint

Relying party

Data vault Policy & keys

Ledger client

EP

Sovrin permissioned ledgerDIDs {public keys, end-point addresses}, claim definitions

Steward Steward Steward

Providerendpoint

Identity provider

Data vault Policy & keys

Ledger client

EP

Read/write

User requests and receives claims

Sovrin

§Pros§ Supports multiple unlinkable identifiers (e.g., one identifier per interaction)§ Acknowledges need for delegation (Agents)§ Supports Verifiable Claims (an emerging W3C standard)§ No obvious financial cost (to end-users anyway…)

§Cons§ User Experience not (yet?) considered§ Deployability of signing infrastructure§ Silver bullet use case

© 2018 - VASCO Data Security 8

A research agenda

§Refine understanding of DLT properties needed in identity

§Evaluate deployability in light of PKI challenges

§Support secure delegation of credentials

§Evaluate exposure to public permissionless DLTs

§Gather new requirements for user experience

© 2018 - VASCO Data Security 9

Refine vocabulary for DLT-based identity

§Coarse grained vocabulary for DLT-based digital identity

§But which properties of DLT are valuable in digital identity?

§Action: New ways to conceptually evaluate schemes and map them to usage scenarios

© 2018 - VASCO Data Security 10

Scheme Primary Secondary

uPort Immutability Transparency

Sovrin Decentralisation Auditability

ShoCard Immutability Auditability

Evaluate exposure to public permissionless DLT

§ Public and permissionless DLTs are wedded to proof of work consensus.§ Energy usage

§ Transaction load created and response to congestion

§ Transaction fees are often abstracted away

§ Action: Create models of envisioned user behaviour, transaction load and relevant economic constraints

© 2018 - VASCO Data Security 11

Scheme Authentication Identifier Creation

AccountRecovery

Attribute Storage

uPort No Yes Yes Yes

ShoCard No Yes - Yes

Usability Deployability

Cost

Evaluate deployability w.r.t. PKI

§ Public Key Infrastructure (PKI) adds trust to web browsing

§ Credential Lifecycle Challenges§ Key Management§ Establishment (e.g. EV certificates)§ Federation§ Revocation

§ Certificate Revocation Lists (CRL)§ OCSP

§ Open group PKI rarely used for human identity [4,5]

§ Action: Investigate and evaluate operational and technological differences vs. PKI

© 2018 - VASCO Data Security 12

[4] Don Davis. 1996. Compliance defects in public-key cryptography. In Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6, 17. Retrieved from http://dl.acm.org/citation.cfm?id=1267569.1267586

[5] Guida, R., Stahl, R., Bunt, T., Secrest, G., & Moorcones, J. (2004). Deploying and using public key technology: lessons learned in real life. IEEE Security Privacy, 2(4), 67–71. https://doi.org/10.1109/MSP.2004.41

Gather new user experience requirements

§ Identity management is not the user’s primary goal [6]

§ Upgrading the user’s workload to achieve already existing outcomes§ Key management§ Understand nuances of GDPR§ No helpdesk to call§ Account recovery

§ Action: Redouble efforts to understand how users achieve identity management – as it is

© 2018 - VASCO Data Security 13

[6] Rachna Dhamija and Lisa Dusseault. 2008. The Seven Flaws of Identity Management: Usability and Security Challenges. IEEE Security and Privacy6, 2 (March 2008), 24-29. DOI=http://dx.doi.org/10.1109/MSP.2008.49

Final remarks

§ This is an interesting space

§ Important to work from usage contexts

§ Let’s do research on:§ Refine understanding of DLT properties needed in identity§ Evaluate deployability in light of PKI challenges§ Support secure delegation of credentials§ Evaluate exposure to public permissionless DLTs§ Gather new requirements for user experience

© 2018 - VASCO Data Security 14

Email: paul.dunphy@vasco.comTwitter: @dunff