Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SoK: Trusting Self-Sovereign Identity (2404.06729v2)

Published 10 Apr 2024 in cs.CR

Abstract: Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities, eliminating reliance on third-party data custodians and reducing the risk of data breaches. However, the concept of trust in SSI remains complex and fragmented. This paper systematically analyzes trust in SSI in light of its components and threats posed by various actors in the system. As a result, we derive three distinct trust models that capture the threats and mitigations identified across SSI literature and implementations. Our work provides a foundational framework for future SSI research and development, including a comprehensive catalogue of SSI components and design requirements for trust, shortcomings in existing SSI systems and areas for further exploration.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (157)
  1. Privacy-Preserving eID Derivation for Self-Sovereign Identity Systems. In Information and Communications Security (Lecture Notes in Computer Science), Jianying Zhou, Xiapu Luo, Qingni Shen, and Zhen Xu (Eds.). Springer International Publishing, Cham, 307–323. https://doi.org/10.1007/978-3-030-41579-2_18
  2. Revocable and Offline-Verifiable Self-Sovereign Identities. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, Guangzhou, China, 1020–1027. https://doi.org/10.1109/TrustCom50675.2020.00136
  3. Qualified eID Derivation Into a Distributed Ledger Based IdM System. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, New York, NY, USA, 1406–1412. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00195
  4. Carlisle Adams. 2011. Achieving Non-Transferability in Credential Systems Using Hidden Biometrics. Security and Communication Networks 4, 2 (February 2011), 195–206. https://doi.org/10.1002/sec.136
  5. Christopher Allen. 2016. The Path to Self-Sovereign Identity. https://www.lifewithalacrity.com/article/the-path-to-self-soverereign-identity/
  6. FIDO Alliance. 2023. FIDO Alliance - Open Authentication Standards More Secure than Passwords. https://fidoalliance.org/
  7. DNS-IdM: A Blockchain Identity Management System to Secure Personal Data Sharing in a Network. Applied Sciences 9, 15 (July 2019), 2953. https://doi.org/10.3390/app9152953
  8. Wallet And Credential Interactions Editor’s Draft. https://identity.foundation/waci-didcomm/
  9. Archiveddocs. 2016. Securing PKI: Monitoring Public Key Infrastructure. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786432(v=ws.11)
  10. Rachel Arnold and Dave Longley. 2019. Zero-Knowledge Proofs Do Not Solve the Privacy-Trust Problem of Attribute-Based Credentials: What If Alice Is Evil? IEEE Communications Standards Magazine 3, 4 (December 2019), 26–31. https://doi.org/10.1109/MCOMSTD.001.1900027
  11. Key-Private Proxy Re-encryption. In Topics in Cryptology – CT-RSA 2009 (Lecture Notes in Computer Science), Marc Fischlin (Ed.). Springer, Berlin, Heidelberg, 279–294. https://doi.org/10.1007/978-3-642-00862-7_19
  12. NGI Atlantic. 2022. Next Generation SSI Standards — NGI Atlantic. https://ngiatlantic.eu/funded-experiments/next-generation-ssi-standards
  13. auth0.com. 2023. JWT.IO. http://jwt.io/
  14. Foteini Baldimtsi and Anna Lysyanskaya. 2013. Anonymous Credentials Light. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS ’13). Association for Computing Machinery, New York, NY, USA, 1087–1098. https://doi.org/10.1145/2508859.2516687
  15. Greg Bernstein and Manu Sporny. 2023. Jsonld-Signatures-Bbs. MATTR. https://w3c.github.io/vc-di-bbs/
  16. Enhancing the Security and Privacy of Self-Sovereign Identities on Hyperledger Indy Blockchain. In 2020 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, Montreal, QC, Canada, 1–7. https://doi.org/10.1109/ISNCC49221.2020.9297357
  17. A Survey on Decentralized Identifier Methods for Self Sovereign Identity. In The Italian Conference on CyberSecurity, Vol. 3488. CEUR, Bari, Italy, 1–15.
  18. Short Group Signatures. In Advances in Cryptology – CRYPTO 2004, David Hutchison, Takeo Kanade, Josef Kittler, Jon M. Kleinberg, Friedemann Mattern, John C. Mitchell, Moni Naor, Oscar Nierstrasz, C. Pandu Rangan, Bernhard Steffen, Madhu Sudan, Demetri Terzopoulos, Dough Tygar, Moshe Y. Vardi, Gerhard Weikum, and Matt Franklin (Eds.). Vol. 3152. Springer Berlin Heidelberg, Berlin, Heidelberg, 41–55. https://doi.org/10.1007/978-3-540-28628-8_3
  19. Short Signatures from the Weil Pairing. In Advances in Cryptology — ASIACRYPT 2001 (Lecture Notes in Computer Science), Colin Boyd (Ed.). Springer, Berlin, Heidelberg, 514–532. https://doi.org/10.1007/3-540-45682-1_30
  20. Anonymity: A Secure Identity Management Using Smart Contracts. In SSRN Electronic Journal. SSRN, Jaipur, India, 497–504. https://doi.org/10.2139/ssrn.3352370
  21. David Bradbury. 2023. Unauthorized Access to Okta’s Support Case Management System: Root Cause and Remediation. https://cms.oktaweb.dev/harfiles
  22. Privacy by Design Foundation. 2023. What Is IRMA? ⋅⋅\cdot⋅ IRMA Docs. https://irma.app/docs/what-is-irma/
  23. Carole Cadwalladr and Emma Graham-Harrison. 2018. Revealed: 50 Million Facebook Profiles Harvested for Cambridge Analytica in Major Data Breach. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election
  24. Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited. In Trust and Trustworthy Computing (Lecture Notes in Computer Science), Michael Franz and Panos Papadimitratos (Eds.). Springer International Publishing, Cham, 1–20. https://doi.org/10.1007/978-3-319-45572-3_1
  25. Solving Revocation with Efficient Update of Anonymous Credentials. In Security and Cryptography for Networks, David Hutchison, Takeo Kanade, Josef Kittler, Jon M. Kleinberg, Friedemann Mattern, John C. Mitchell, Moni Naor, Oscar Nierstrasz, C. Pandu Rangan, Bernhard Steffen, Madhu Sudan, Demetri Terzopoulos, Doug Tygar, Moshe Y. Vardi, Gerhard Weikum, Juan A. Garay, and Roberto De Prisco (Eds.). Vol. 6280. Springer Berlin Heidelberg, Berlin, Heidelberg, 454–471. https://doi.org/10.1007/978-3-642-15317-4_28
  26. Jan Camenisch and Anna Lysyanskaya. 2001. An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In Advances in Cryptology — EUROCRYPT 2001 (Lecture Notes in Computer Science), Birgit Pfitzmann (Ed.). Springer, Berlin, Heidelberg, 93–118. https://doi.org/10.1007/3-540-44987-6_7
  27. Jan Camenisch and Anna Lysyanskaya. 2002. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In Advances in Cryptology — CRYPTO 2002, Gerhard Goos, Juris Hartmanis, Jan Van Leeuwen, and Moti Yung (Eds.). Vol. 2442. Springer Berlin Heidelberg, Berlin, Heidelberg, 61–76. https://doi.org/10.1007/3-540-45708-9_5
  28. Jan Camenisch and Anna Lysyanskaya. 2003. A Signature Scheme with Efficient Protocols. In Security in Communication Networks (Lecture Notes in Computer Science), Stelvio Cimato, Giuseppe Persiano, and Clemente Galdi (Eds.). Springer, Berlin, Heidelberg, 268–289. https://doi.org/10.1007/3-540-36413-7_20
  29. Kim Cameron. 2005. The Laws of Identity.
  30. Dipto Chakravarty and Tushar Deshpande. 2018. Blockchain-Enhanced Identities for Secure Interaction. In 2018 IEEE International Symposium on Technologies for Homeland Security (HST). IEEE, Woburn, MA, 1–4. https://doi.org/10.1109/THS.2018.8574130
  31. CHAPI. 2023. CHAPI Credential Handler API. https://chapi.io/
  32. Anonymous Tokens with Stronger Metadata Bit Hiding from Algebraic MACs. In Advances in Cryptology – CRYPTO 2023 (Lecture Notes in Computer Science), Helena Handschuh and Anna Lysyanskaya (Eds.). Springer Nature Switzerland, Cham, 418–449. https://doi.org/10.1007/978-3-031-38545-2_14
  33. Credential Transparency System. In Security and Cryptography for Networks (Lecture Notes in Computer Science), Clemente Galdi and Stanislaw Jarecki (Eds.). Springer International Publishing, Cham, 313–335. https://doi.org/10.1007/978-3-031-14791-3_14
  34. Melissa Chase and Anna Lysyanskaya. 2006. On Signatures of Knowledge. In Advances in Cryptology - CRYPTO 2006 (Lecture Notes in Computer Science), Cynthia Dwork (Ed.). Springer, Berlin, Heidelberg, 78–96. https://doi.org/10.1007/11818175_5
  35. Zhide Chen and Li Xu. 2006. Anti-Collusion Anonymous Credentials Scheme. In The Sixth IEEE International Conference on Computer and Information Technology (CIT’06). IEEE, Seoul, 150–150. https://doi.org/10.1109/CIT.2006.52
  36. Verifiable Credential Proof Generation and Verification Model for Decentralized SSI-Based Credit Scoring Data. IEICE Transactions on Information and Systems E104.D, 11 (November 2021), 1857–1868. https://doi.org/10.1587/transinf.2021NGP0006
  37. Dutch Blockchain Coalition. 2023. Dutch Decentralized Identity Profile (DDIP). DutchBlockchainCoalition. https://github.com/DutchBlockchainCoalition/DIIP
  38. A Propose for a Federated Ledger for Regulated Self-Sovereignty. In 2018 13th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, Caceres, 1–4. https://doi.org/10.23919/CISTI.2018.8399301
  39. Antea Cule. 2023. Louisiana Age Verification Law: Challenges and Solutions.
  40. DIDComm Messaging Specification v2 Editor’s Draft. https://identity.foundation/didcomm-messaging/spec/
  41. Ivan Damgård. 2002. On ΣΣ\Sigmaroman_Σ-protocols. Lecture Notes, University of Aarhus, Department for Computer Science (2002), 84.
  42. Privacy Pass: Bypassing Internet Challenges Anonymously. Proceedings on Privacy Enhancing Technologies 2018, 3 (June 2018), 164–180. https://doi.org/10.1515/popets-2018-0026
  43. A Credential-Based System for the Anonymous Delegation of Rights. In New Approaches for Security, Privacy and Trust in Complex Environments, Hein Venter, Mariki Eloff, Les Labuschagne, Jan Eloff, and Rossouw Von Solms (Eds.). Vol. 232. Springer US, Boston, MA, 169–180. https://doi.org/10.1007/978-0-387-72367-9_15
  44. Kyle Den Hartog. 2022. Indy DID Method. https://hackmd.io/@kdenhartog/S1eUS2BQw
  45. Peer DID Method Specification. https://identity.foundation/peer-did-method-spec/
  46. Tor: The {}Second-Generation{} Onion Router. In 13th USENIX Security Symposium (USENIX Security 04). USENIX Association, San Diego, CA, 18.
  47. Toward a Post-Quantum Zero-Knowledge Verifiable Credential System for Self-Sovereign Identity.
  48. EBSI. 2023a. DID Method for Legal Entities. https://hub.ebsi.eu/vc-framework/did/did-methods/legal-entities
  49. EBSI. 2023b. Issuer Trust Model — EBSI Hub. https://hub.ebsi.eu/vc-framework/trust-model/issuer-trust-model
  50. EBSI. 2023c. Overview of EBSI’s Revocation Methods — EBSI Hub. https://hub.ebsi.eu/vc-framework/credential-status-framework/revocation-methods
  51. SoK: Data Sovereignty. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society, Delft, Netherlands, 122–143. https://doi.org/10.1109/EuroSP57164.2023.00017
  52. Decentralized Identity Foundation. 2023a. Decentralized-Identity/Ion. Decentralized Identity Foundation. https://github.com/decentralized-identity/ion
  53. Decentralized Identity Foundation. 2023b. Ethr DID Resolver. Decentralized Identity Foundation. https://github.com/decentralized-identity/ethr-did-resolver
  54. IOTA Foundation. 2023c. IOTA. https://www.iota.org
  55. IRMA Foundation. 2023d. IRMA. https://privacybydesign.foundation/irma-en/
  56. Sovrin Foundation. 2018. Sovrin: A Protocol and Token for Self Sovereign Identity and Decentralized Trust. https://sovrin.org/wp-content/uploads/Sovrin-Protocol-and-Token-White-Paper.pdf
  57. Sovrin Foundation. 2019. Sovrin Glossary V3. https://sovrin.org/wp-content/uploads/Sovrin-Glossary-V3.pdf
  58. Josh Fruhlinger. 2020. Equifax Data Breach FAQ: What Happened, Who Was Affected, What Was the Impact? https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
  59. Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials. Journal of Cryptology 32, 2 (April 2019), 498–546. https://doi.org/10.1007/s00145-018-9281-4
  60. Subodh Gangan. 2015. A Review of Man-in-the-Middle Attacks. https://doi.org/10.48550/arXiv.1504.02115 arXiv:1504.02115 [cs]
  61. Incorporating Biometrics into Veiled Certificates: Preventing Unauthorized Use of Anonymous Certificates. Electronic Commerce Research 17, 2 (June 2017), 289–316. https://doi.org/10.1007/s10660-016-9222-y
  62. Did:Web Method Specification. https://w3c-ccg.github.io/did-method-web/
  63. W3C JSON-LD Working Group. 2023. JSON-LD - JSON for Linking Data. https://json-ld.org/
  64. A Quantifiable Trust Model for Blockchain-Based Identity Management. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, Halifax, NS, Canada, 1475–1482. https://doi.org/10.1109/Cybermatics_2018.2018.00250
  65. Analyzing and Comparing the Security of Self-Sovereign Identity Management Systems through Threat Modeling. International Journal of Information Security 22, 5 (Oct. 2023), 1231–1248. https://doi.org/10.1007/s10207-023-00688-w
  66. Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance. In 2019 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE, Xiamen, China, 633–640. https://doi.org/10.1109/SSCI44817.2019.9003094
  67. Anonymous Credential Schemes with Encrypted Attributes. In Cryptology and Network Security, Swee-Huay Heng, Rebecca N. Wright, and Bok-Min Goi (Eds.). Vol. 6467. Springer Berlin Heidelberg, Berlin, Heidelberg, 314–333. https://doi.org/10.1007/978-3-642-17619-7_22
  68. Ulrich Haböck and Stephan Krenn. 2019. Breaking and Fixing Anonymous Credentials for the Cloud. In Cryptology and Network Security, Yi Mu, Robert H. Deng, and Xinyi Huang (Eds.). Vol. 11829. Springer International Publishing, Cham, 249–269. https://doi.org/10.1007/978-3-030-31578-8_14
  69. Private Digital Identity on Blockchain. CEUR 2599 (2019), 7.
  70. Daniel Hardman. 2019. Aries-Rfcs/Concepts/0207-Credential-Fraud-Threat-Model/README.Md ⋅⋅\cdot⋅ Hyperledger/Aries-Rfcs. https://github.com/hyperledger/aries-rfcs/blob/main/concepts/0207-credential-fraud-threat-model/README.md
  71. Daniel Hardman. 2020a. Need to Clarify Revocation vs. Rotation ⋅⋅\cdot⋅ Issue #386 ⋅⋅\cdot⋅ W3c/Did-Core. https://github.com/w3c/did-core/issues/386
  72. Daniel Hardman. 2020b. No Paradox Here: ZKPs Deliver Savvy Trust. https://dhh1128.github.io/zkpcreds//trust-paradox-rebuttal.html
  73. Tim Hinchliffe. 2022. WEF Pushes Digital ID, CBDC, ESG & Crackdowns on ’Misinformation’: Future Focus Report. https://www.sociable.co/business/wef-digital-id-cbdc-esg-misinformation-future-focus-report/.
  74. Internet X.509 Public Key Infrastructure Certificate and CRL Profile. https://www.ietf.org/rfc/rfc2459.txt
  75. Introduction to Trust Over IP. https://trustoverip.org/wp-content/uploads/Introduction-to-ToIP-V2.0-2021-11-17.pdf
  76. Hyperledger. 2020. Issuer Key Rotation — Anoncreds Design. https://github.com/hyperledger/indy-node/blob/main/design/anoncreds.md
  77. Hyperledger. 2022. Hyperledger/Aries-Rfcs. Hyperledger. https://github.com/hyperledger/aries-rfcs
  78. Hyperledger. 2023a. AnonCreds Revocation. Hyperledger. https://github.com/hyperledger/anoncreds-revocation
  79. Hyperledger. 2023b. AnonCreds Specification. Hyperledger. https://github.com/hyperledger/anoncreds-spec
  80. Hyperledger. 2023c. Hyperledger Fabric. https://hyperledger-fabric.readthedocs.io/en/latest/index.html
  81. Hyperledger. 2023d. Hyperledger Indy - Hyperledger Indy - Hyperledger Foundation. https://wiki.hyperledger.org/display/indy
  82. Hyperledger. 2023e. Hyperledger Iroha. https://iroha.readthedocs.io/en/main/
  83. Hyperledger. 2023f. Indy SDK. Hyperledger. https://github.com/hyperledger/indy-sdk
  84. Subgroup of the New Technologies Working Group (NTWG) ICAO Technical Advisory Group on the Traveller Identification Programme (TAG/TRIP). 2020. Guiding Core Principles for the Development of a Digital Travel Credential (DTC). https://www.icao.int/Security/FAL/TRIP/PublishingImages/Pages/Publications/Guiding%20core%20principles%20for%20the%20development%20of%20a%20Digital%20Travel%20Credential%20%20%28DTC%29.PDF
  85. Russell Impagliazzo and Sara Miner More. 2003. Anonymous Credentials with Biometrically-Enforced Non-Transferability. In Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society. ACM, Washington, DC, 60–71. https://doi.org/10.1145/1005140.1005150
  86. Lattice Signature with Efficient Protocols, Application to Anonymous Credentials.
  87. The Elliptic Curve Digital Signature Algorithm (ECDSA). International Journal of Information Security 1, 1 (01 Aug 2001), 36–63. https://doi.org/10.1007/s102070100002
  88. Towards Attribute-Based Credentials in the Cloud. In Cryptology and Network Security, Srdjan Capkun and Sherman S. M. Chow (Eds.). Vol. 11261. Springer International Publishing, Cham, 179–202. https://doi.org/10.1007/978-3-030-02641-7_9
  89. Credential Comparison Matrix. https://github.com/vcstuff/credential-profile-comparison
  90. A User-Centric Identity Management Framework Based on the W3C Verifiable Credentials and the FIDO Universal Authentication Framework. In 2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC). IEEE, Las Vegas, NV, USA, 1–8. https://doi.org/10.1109/CCNC46108.2020.9045440
  91. Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices Using OAuth-based Delegation. In Proceedings 2019 Workshop on Decentralized IoT Systems and Security. Internet Society, San Diego, CA, 6. https://doi.org/10.14722/diss.2019.23005
  92. A-PoA: Anonymous Proof of Authorization for Decentralized Identity Management. In 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE, Sydney, Australia, 1–9. https://doi.org/10.1109/ICBC51069.2021.9461082
  93. Mohamed Layouni and Hans Vangheluwe. 2007. Anonymous K-Show Credentials. In Public Key Infrastructure, Javier Lopez, Pierangela Samarati, and Josep L. Ferrer (Eds.). Vol. 4582. Springer Berlin Heidelberg, Berlin, Heidelberg, 181–192. https://doi.org/10.1007/978-3-540-73408-6_13
  94. Privacy-Preserving Identity Management System.
  95. Trust Models for Blockchain-Based Self-Sovereign Identity Management: A Survey and Research Directions. In Advances in Blockchain Technology for Cyber Physical Systems, Yassine Maleh, Lo’ai Tawalbeh, Saad Motahhir, and Abdelhakim Senhaji Hafid (Eds.). Springer International Publishing, Cham, 277–302. https://doi.org/10.1007/978-3-030-93646-4_13
  96. Toward Distributed Key Management for Offline Authentication. In Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists. ACM, Port Elizabeth South Africa, 10–19. https://doi.org/10.1145/3278681.3278683
  97. Michael Lodder and Daniel Hardman. 2023. Sovrin DID Method Specification. https://sovrin-foundation.github.io/sovrin/spec/did-method-spec-template.html
  98. OpenID for Verifiable Credential Issuance. https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html
  99. Dave Longley and Manu Sporny. 2023a. Bitstring Status List v1.0. https://www.w3.org/TR/vc-bitstring-status-list/
  100. Dave Longley and Manu Sporny. 2023b. Verifiable Credential Data Integrity 1.0. https://w3c.github.io/vc-data-integrity/
  101. The Did:Key Method v0.7. https://w3c-ccg.github.io/did-method-key/
  102. Tobias Looker and Paul Bastian. 2023. JWT and CWT Status List. Internet Draft draft-looker-oauth-jwt-cwt-status-list-01. Internet Engineering Task Force.
  103. JWT VC Presentation Profile. https://identity.foundation/jwt-vc-presentation-profile/
  104. The BBS Signature Scheme. https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html
  105. Decentralized Identity and Trust Management Framework for Internet of Things. In 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE, Toronto, ON, Canada, 1–9. https://doi.org/10.1109/ICBC48266.2020.9169411
  106. David Paul Maher. 1996. Crypto Backup and Key Escrow. Commun. ACM 39, 3 (March 1996), 48–53. https://doi.org/10.1145/227234.227241
  107. CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, 1348–1366. https://doi.org/10.1109/SP40001.2021.00038
  108. A Survey on Essential Components of a Self-Sovereign Identity. Computer Science Review 30 (November 2018), 80–86. https://doi.org/10.1016/j.cosrev.2018.10.002
  109. Blockchain-Based Verifiable Credential Sharing with Selective Disclosure. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, Guangzhou, China, 959–966. https://doi.org/10.1109/TrustCom50675.2020.00128
  110. CredTrust: Credential Based Issuer Management for Trust in Self-Sovereign Identity. In 2022 IEEE International Conference on Blockchain (Blockchain). IEEE, Espoo, Finland, 334–339. https://doi.org/10.1109/Blockchain55522.2022.00053
  111. Nitin Naik and Paul Jenkins. 2020. uPort Open-Source Identity Management System: An Assessment of Self-Sovereign Identity and User-Centric Data Platform Built on Blockchain. In 2020 IEEE International Symposium on Systems Engineering (ISSE). IEEE, Vienna, Austria, 1–7. https://doi.org/10.1109/ISSE49799.2020.9272223
  112. Toru Nakanishi and Takeshi Kanatani. 2018. An Efficient Blacklistable Anonymous Credential System with Reputation Using Pairing-Based Accumulator. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, New York, NY, USA, 1140–1148. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00158
  113. NGI. 2022. eSSIF-Lab. https://essif-lab.eu/
  114. Anca Nitulescu. 2020. Zk-SNARKs: A Gentle Introduction.
  115. Jianlin Niu and Zhiyu Ren. 2021. A Self-Sovereign Identity Management Scheme Using Smart Contracts. MATEC Web of Conferences 336 (2021), 08005. https://doi.org/10.1051/matecconf/202133608005
  116. KYoT: Self-sovereign IoT Identification with a Physically Unclonable Function. In 2020 IEEE 45th Conference on Local Computer Networks (LCN). IEEE, Sydney, NSW, Australia, 485–490. https://doi.org/10.1109/LCN48667.2020.9314816
  117. Commonwealth of Australia. 2023. Australia’s Digital ID Bill. https://www.digitalidentity.gov.au/digital-id-bill
  118. Singtel Optus. 2022. Optus Notifies Customers of Cyberattack Compromising Customer Information.
  119. Asem Othman and John Callahan. 2018. The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity. In 2018 International Joint Conference on Neural Networks (IJCNN). IEEE, Rio de Janeiro, Brazil, 1–7. https://doi.org/10.1109/IJCNN.2018.8489316
  120. Christian Paquin and Greg Zaverucha. 2023. U-Prove Cryptographic Specification V1.1. https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/U-Prove20Cryptographic20Specification20V1.1.pdf
  121. José Parra Moyano and Omri Ross. 2017. KYC Optimization Using Distributed Ledger Technology. Business & Information Systems Engineering 59, 6 (Dec. 2017), 411–423. https://doi.org/10.1007/s12599-017-0504-2
  122. David Pointcheval and Olivier Sanders. 2017. Reassessing Security of Randomizable Signatures.
  123. Self-Sovereign Identity Systems. In Privacy and Identity Management. Data for Better Living: AI and Privacy: 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19–23, 2019, Revised Selected Papers, Michael Friedewald, Melek Önen, Eva Lievens, Stephan Krenn, and Samuel Fricker (Eds.). Springer International Publishing, Cham, 447–461. https://doi.org/10.1007/978-3-030-42504-3_28
  124. reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, New York, NY, 946–957. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00134
  125. The GNU Name System. https://lsd.gnunet.org/lsd0001/
  126. Frederico Schardong and Ricardo Custódio. 2022. Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy. Sensors 22, 15 (January 2022), 5641. https://doi.org/10.3390/s22155641
  127. Designing a Framework for Digital KYC Processes Built on Blockchain-Based Self-Sovereign Identity. Information & Management 59, 7 (Nov. 2022), 103553. https://doi.org/10.1016/j.im.2021.103553
  128. Microsoft Security. 2023. Microsoft Entra Verified ID — Microsoft Security. https://www.microsoft.com/en-ca/security/business/identity-access/microsoft-entra-verified-id
  129. Federated Identity Management. Computer 38, 12 (December 2005), 120–122. https://doi.org/10.1109/MC.2005.408
  130. Practical Key Recovery Model for Self-Sovereign Identity Based Digital Wallets. In 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). IEEE, Fukuoka, Japan, 320–325. https://doi.org/10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00066
  131. A Survey of Self-Sovereign Identity Ecosystem. Security and Communication Networks 2021 (July 2021), e8873429. https://doi.org/10.1155/2021/8873429
  132. Verifiable Credentials Data Model v1.1. https://www.w3.org/TR/vc-data-model/
  133. Decentralized Identifiers (DIDs) v1.0. https://www.w3.org/TR/did-core/
  134. A Truly Self-Sovereign Identity System. In 2021 IEEE 46th Conference on Local Computer Networks (LCN). IEEE, Edmonton, AB, Canada, 1–8. https://doi.org/10.1109/LCN52139.2021.9525011
  135. Quinten Stokkink and Johan Pouwelse. 2018. Deployment of a Blockchain-Based Self-Sovereign Identity. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, Halifax, NS, 1336–1342. https://doi.org/10.1109/Cybermatics_2018.2018.00230
  136. P. Syverson. 1994. A Taxonomy of Replay Attacks [Cryptographic Protocols]. In Proceedings The Computer Security Foundations Workshop VII. IEEE, Franconia, NH, 187–191. https://doi.org/10.1109/CSFW.1994.315935
  137. Makoto Takemiya and Bohdan Vanieiev. 2018. Sora Identity: Secure, Digital Identity on the Blockchain. In 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC). IEEE, Tokyo, Japan, 582–587. https://doi.org/10.1109/COMPSAC.2018.10299
  138. Parity Technologies. 2023. Blockchain Infrastructure for the Decentralised Web — Parity Technologies. https://www.parity.io/
  139. Oliver Terbu and Daniel Fett. 2023. SD-JWT-based Verifiable Credentials (SD-JWT VC). Internet Draft draft-terbu-oauth-sd-jwt-vc-00. Internet Engineering Task Force.
  140. OpenID Connect for Verifiable Presentations. https://openid.net/specs/openid-4-verifiable-presentations-1_0.html
  141. Stefano Tessaro and Chenzhi Zhu. 2023. Revisiting BBS Signatures.
  142. Ivonne Thomas and Christoph Meinel. 2009. Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims. In 2009 IEEE International Conference on Services Computing. IEEE, Bangalore, India, 243–250. https://doi.org/10.1109/SCC.2009.66
  143. Andrew Tobin. 2018. Sovrin: What Goes on the Ledger? , 12 pages. https://sovrin.org/wp-content/uploads/2017/04/What-Goes-On-The-Ledger.pdf
  144. PEREA: Towards Practical TTP-free Revocation in Anonymous Authentication. In Proceedings of the 15th ACM Conference on Computer and Communications Security. ACM, Alexandria Virginia USA, 333–344. https://doi.org/10.1145/1455770.1455813
  145. V. Valos. 2023. Bound BBS Signatures. https://basileioskal.github.io/bbs-bound-signatures/draft-bound-bbs-signatures.html
  146. Digital Credentials in Higher Education Institutions: A Literature Review. In Innovation Through Information Systems (Lecture Notes in Information Systems and Organisation), Frederik Ahlemann, Reinhard Schütte, and Stefan Stieglitz (Eds.). Springer International Publishing, Cham, 125–140. https://doi.org/10.1007/978-3-030-86800-0_9
  147. Lucy Yang and Kaliya Young. 2023. Where Can the W3C VCs Meet the ISO 18013–5 mDL? https://medium.com/@identitywoman-in-business/where-can-the-w3c-vcs-meet-the-iso-18013-5-mdl-b2d450bb19f8
  148. Kristina Yasuda. 2023. Kristina Yasuda — LinkedIn. https://www.linkedin.com/feed/update/urn:li:activity:7089289609011990528/
  149. Self-Issued OpenID Provider V2. https://openid.net/specs/openid-connect-self-issued-v2-1_0.html
  150. K Yasuda and T Lodderstedt. 2023. OpenID4VC High Assurance Interoperability Profile with SD-JWT VC. https://vcstuff.github.io/oid4vc-haip-sd-jwt-vc/draft-oid4vc-haip-sd-jwt-vc.html
  151. Kaliya Young. 2021. Verifiable Credentials Flavors Explained. https://www.lfph.io/wp-content/uploads/2021/02/Verifiable-Credentials-Flavors-Explained.pdf
  152. Kaliya Young. 2023. Misinformation Stops Here: W3C VC 2.0 Supports JSON. https://identitywoman.net/misinformation-stops-here-w3c-vc-2-0-supports-json/
  153. EL PASSO: Efficient and Lightweight Privacy-preserving Single Sign On. Proceedings on Privacy Enhancing Technologies 2021, 2 (April 2021), 70–87. https://doi.org/10.2478/popets-2021-0018
  154. Xiaoyang Zhu and Youakim Badr. 2018. Identity Management Systems for the Internet of Things: A Survey Towards Blockchain Solutions. Sensors 18, 12 (December 2018), 4215. https://doi.org/10.3390/s18124215
  155. Improving Unlinkability of Attribute-based Authentication through Game Theory. ACM Transactions on Privacy and Security 25, 2 (March 2022), 12:1–12:36. https://doi.org/10.1145/3501260
  156. Yixin Zou and Florian Schaub. 2018. Concern But No Action: Consumers’ Reactions to the Equifax Data Breach. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (CHI EA ’18). Association for Computing Machinery, New York, NY, USA, 1–6. https://doi.org/10.1145/3170427.3188510
  157. Brent Zundel. 2021. Why the Verifiable Credentials Community Should Converge on BBS+. https://www.evernym.com/blog/bbs-verifiable-credentials/.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now