Skip to main content
SpringerLink
Log in

Casper: a blockchain-based system for efficient and secure customer credential verification

  • Original Article
  • Published:
Journal of Banking and Financial Technology Aims and scope Submit manuscript

Abstract

Customer credential verification is an ongoing activity at financial institutions. Know Your Customer is one such periodic verification activity. Often, organizations store the collected customer credentials on centralized storage platforms (e.g., cloud storage and central servers) which could result in major privacy breaches. In addition, when a customer has accounts at multiple institutions, this process is repeated at each of the institutions, resulting in wasted resources and inconvenience to the customer. In this paper, we describe Casper, a blockchain and self-sovereign identity-based digital identity platform, to address these issues. Unlike traditional identity systems, here the actual identity credentials of customers are stored on their own mobile wallet applications. The system only stores the proofs of the credentials on its blockchain-based decentralized storage system. Casper employs Zero-Knowledge Proof mechanisms to verify the identity information from the credential proofs. As a proof of concept, we have employed Casper in a banking environment. Preliminary evaluation studies show the system to be scalable and being capable of yielding high transaction throughput.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21

Similar content being viewed by others

References

  1. Norvill R, Steichen M, Shbair WM, State R (2019) Blockchain for the simplification and automation of KYC result sharing. In: 2019 IEEE international conference on blockchain and cryptocurrency (ICBC), IEEE, pp 9–10

  2. Norvill R, Cassanges C, Shbair W, Hilger J, Cullen A, State R (2020) A security and privacy focused KYC data sharing platform. In: Proceedings of the 2nd ACM international symposium on blockchain and secure critical infrastructure, pp 151–160

  3. Takemiya M, Vanieiev B (2018) Sora identity: secure, digital identity on the blockchain. In: 2018 IEEE 42nd annual computer software and applications conference (COMPSAC), vol 2, IEEE, pp 582–587

  4. Naik N, Jenkins P (2020) Uport open-source identity management system: an assessment of self-sovereign identity and user-centric data platform built on blockchain. In: 2020 IEEE international symposium on systems engineering (ISSE), IEEE, pp 1–7

  5. Kapsoulis N, Psychas A, Palaiokrassas G, Marinakis A, Litke A, Varvarigou T (2020) Know your customer (KYC) implementation with smart contracts on a privacy-oriented decentralized architecture. Future Internet 12(2):41

    Article  Google Scholar 

  6. Tobin A, Reed D (2016) The inevitable rise of self-sovereign identity. The Sovrin Foundation, Utah, p 29

    Google Scholar 

  7. Liang X, Shetty S, Zhao J, Bowden D, Li D, Liu J (2017) Towards decentralized accountability and self-sovereignty in healthcare systems. In: International conference on information and communications security, Springer, pp 387–398

  8. Yu Y, Au MH, Ateniese G, Huang X, Susilo W, Dai Y, Min G (2016) Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Trans Inf Forensics Secur 12(4):767–778

    Article  Google Scholar 

  9. Gulati H, Huang C-T (2019) Self-sovereign dynamic digital identities based on blockchain technology, In: 2019 SoutheastCon, IEEE, pp 1–6

  10. Bandara E, Liang X, Foytik P, Shetty S, Ranasinghe N, De Zoysa K (2021) Rahasak-scalable blockchain architecture for enterprise applications. J Syst Archit 116:102061

    Article  Google Scholar 

  11. Mühle A, Grüner A, Gayvoronskaya T, Meinel C (2018) A survey on essential components of a self-sovereign identity. Comput Sci Rev 30:80–86

    Article  Google Scholar 

  12. Baars D (2016) Towards self-sovereign identity using blockchain technology. Master’s thesis, University of Twente

  13. Feige U, Fiat A, Shamir A (1988) Zero-knowledge proofs of identity. J Cryptol 1(2):77–94

    Article  MathSciNet  Google Scholar 

  14. Goldreich O (2002) Zero-knowledge twenty years after its invention. IACR Cryptol EPrint Arch 2002:186

    MATH  Google Scholar 

  15. Eyal I, Gencer AE, Sirer EG, Van Renesse R (2016) Bitcoin-ng: a scalable blockchain protocol. In: NSDI, pp 45–59

  16. Androulaki E, Barger A, Bortnikov V, Cachin C, Christidis K, De Caro A, Enyeart D, Ferris C, Laventman G, Manevich Y, et al (2018) Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the thirteenth EuroSys conference, ACM, p 30

  17. Kwon J (2014) Tendermint: consensus without mining, Draft v. 0.6, fall 1 11

  18. Niaz MS, Saake G (2015) Merkle hash tree based techniques for data integrity of outsourced data. In: GvD, pp 66–71

  19. Buterin V (2014) A next-generation smart contract and decentralized application platform. White paper 3(37)

  20. Castro M, Liskov B et al (1999) Practical byzantine fault tolerance. OSDI 99:173–186

    Google Scholar 

  21. Zamani M, Movahedi M, Raykova M (2018) Rapidchain: a fast blockchain protocol via full sharding. IACR Cryptol ePrint Arch 2018:460

    Google Scholar 

  22. McConaghy T, Marques R, Müller A, De Jonghe D, McConaghy T, McMullen G, Henderson R, Bellemare S, Granzotto A (2016) Bigchaindb: a scalable blockchain database. White paper, BigChainDB

  23. Sahoo MS, Baruah PK (2018) Hbasechaindb–a scalable blockchain framework on hadoop ecosystem. In: Asian Conference on Supercomputing Frontiers. Springer, Cham, pp 18–29

  24. Popejoy S (2016) The pact smart contract language, June-2017. http://kadena.io/docs/Kadena-PactWhitepaper.pdf

  25. Eykholt E, Meredith LG, Denman J (2017) Rchain architecture documentation. Retrieve. Jan 19, p 2019

  26. Bandara E, NG WK, DE Zoysa K, Fernando N, Tharaka S, Maurakirinathan P, Jayasuriya N (2018) Mystiko-blockchain meets big data. In: 2018 IEEE international conference on Big Data (Big Data), IEEE, pp 3024–3032

  27. Hughes J (1989) Why functional programming matters. Comput J 32(2):98–107

    Article  Google Scholar 

  28. Hewitt C. Actor model of computation: scalable robust information systems. arXiv preprint. arXiv:1008.1459

  29. Gupta M (2012) Akka essentials. Packt Publishing Ltd, Birmingham

    Google Scholar 

  30. Bandara E, Ng WK, Ranasinghe N, De Zoysa K (2019) Aplos: smart contracts made smart. In: International Conference on Blockchain and Trustworthy Systems. Springer, Singapore, pp 431–445

  31. Bandara E, Liang X, Foytik P, Shetty S, Ranasinghe N, De Zoysa K, Ng WK (2020) SaaS-microservices-based scalable smart contract architecture. In: SSCC, pp 228–243

  32. Khawas C, Shah P (2018) Application of firebase in android app development—a study. Int J Comput Appl 179(46):49–53

    Google Scholar 

  33. Jonsson J, Kaliski B (2003) Public-key cryptography standards (pkcs)# 1: Rsa cryptography specifications version 2.1. In: Technical report, RFC 3447, February

  34. Thönes J (2015) Microservices. IEEE Softw 32(1):116

    Article  Google Scholar 

  35. Merkel D (2014) Docker: lightweight linux containers for consistent development and deployment. Linux J 2014(239):2

    Google Scholar 

  36. Burns B, Grant B, Oppenheimer D, Brewer E, Wilkes J (2016) Borg, omega, and kubernetes. Queue 14(1):70–93

    Article  Google Scholar 

  37. Destounis A, Paschos GS, Koutsopoulos I (2016) Streaming big data meets backpressure in distributed network computation. In: IEEE INFOCOM 2016-the 35th annual IEEE international conference on computer communications, IEEE, pp 1–9

  38. Davis AL (2019) Akka streams. Reactive streams in Java. Springer, Berlin, pp 57–70

    Google Scholar 

  39. Odersky M, Altherr P, Cremet V, Emir B, Maneth S, Micheloud S, Mihaylov N, Schinz M, Stenman E, Zenger M (2004) An overview of the scala programming language. In: Technical report

  40. Hoare CAR (1978) Communicating sequential processes. Commun ACM 21(8):666–677

    Article  Google Scholar 

  41. Li L, Chou W (2011) Design and describe rest API without violating rest: a petri net based approach. In: 2011 IEEE international conference on web services, IEEE, pp 508–515

  42. Schmager F, Cameron N, Noble J (2010) Gohotdraw: evaluating the go programming language with design patterns. Evaluation and usability of programming languages and tools. ACM, New York, p 10

    Google Scholar 

  43. Jones MB (2011) The emerging json-based identity protocol suite. In: W3C workshop on identity in the browser, pp 1–3

  44. Kreps J, Narkhede N, Rao J, et al (2011) Kafka: a distributed messaging system for log processing. In: Proceedings of the NetDB, pp 1–7

  45. Hunt P, Konar M, Junqueira FP, Reed B (2010) Zookeeper: wait-free coordination for internet-scale systems. In: USENIX annual technical conference, vol 8, Boston, MA, USA

  46. Bandara E, Tosh D, Foytik P, Shetty S, Ranasinghe N, De Zoysa K (2021) Tikiri—towards a lightweight blockchain for IoT. Future Gener Comput Syst 119:154–165

    Article  Google Scholar 

  47. Lakshman A, Malik P (2010) Cassandra: a decentralized structured storage system. ACM SIGOPS Oper Syst Rev 44(2):35–40

    Article  Google Scholar 

  48. Liu Y, Sun G, Schuckers S (2019) Enabling secure and privacy preserving identity management via smart contract. In: 2019 IEEE conference on communications and network security (CNS), IEEE, pp 1–8

  49. Sharma M, Lim J (2019) A survey of methods guaranteeing user privacy based on blockchain in internet-of-things. In: Proceedings of the 2019 2nd international conference on data science and information technology, pp 147–153

  50. https://github.com/hyperledger/indy-sdk

  51. Aggarwal S, Kumar N (2021) Hyperledger. Adv Comput 121:323–343

    Article  Google Scholar 

  52. Hammudoglu J, Sparreboom J, Rauhamaa J, Faber J, Guerchi L, Samiotis I, Rao S, Pouwelse JA. Portable trust: biometric-based authentication and blockchain storage for self-sovereign identity systems. arXiv preprint. arXiv:1706.03744

  53. Othman A, Callahan J (2018) The horcrux protocol: a method for decentralized biometric-based self-sovereign identity. In: 2018 International joint conference on neural networks (IJCNN), IEEE, pp 1–7

  54. Jolocom (2019) Jolocom, a decentralized, open source solution for digital identity and access management, white paper, Jolocom. https://github.com/jolocom/jolocom-lib/wiki/Jolocom-Whitepaper

  55. Lee J, Hwang J, Choi J, Oh H, Kim J (2019) Sims: self sovereign identity management system with preserving privacy in blockchain. IACR Cryptol ePrint Arch 2019:1241

    Google Scholar 

  56. Aublin P-L, Mokhtar SB, Quéma V (2013) Rbft: redundant byzantine fault tolerance. In: 2013 IEEE 33rd international conference on distributed computing systems, IEEE, pp 297–306

Download references

Acknowledgements

This work was supported in part by the DoD Center of Excellence in AI and Machine Learning (CoE-AIML) under Contract Number W911NF-20-2-0277 with the U.S. Army Research Laboratory.

Author information

Authors and Affiliations

  1. Old Dominion University, Norfolk, VA, USA

    Eranga Bandara, Sachin Shetty, Ravi Mukkamala & Peter Foytik

  2. University of North Carolina at Greensboro, Greensboro, NC, USA

    Xueping Liang

  3. University of Colombo School of Computing, Colombo, Sri Lanka

    Nalin Ranasinghe & Kasun De Zoysa

Authors
  1. Eranga Bandara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sachin Shetty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ravi Mukkamala
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xueping Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peter Foytik
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Nalin Ranasinghe
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Kasun De Zoysa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eranga Bandara.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bandara, E., Shetty, S., Mukkamala, R. et al. Casper: a blockchain-based system for efficient and secure customer credential verification. J BANK FINANC TECHNOL 6, 43–62 (2022). https://doi.org/10.1007/s42786-021-00036-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s42786-021-00036-3

Keywords

Search

Navigation