Abstract
Implementing pseudonymity, key-management, non-repudiation and data minimisation features in isolated procedures is trivial. However, integrating all of them in one consistent architecture has several challenges to tackle. This work proposes data structures to represent Self-Sovereign Identities and to handle those features in a consolidated architecture. Key-management is constructed using secret sharing principles, capable of recovering from a lost or compromised key to a new one without losing track of the original account. Pseudonymity and data minimisation is established using anonymous profiles, showing different views of the same identity. Non-repudiation is contemplated in the profile disclosure process. Profiles are protected against tampering with the use of digital signatures and blockchain cryptographic constructions. All profiles and registries are controlled with a single asymmetric key pair that can be provided by a smart card. Flexible structures are defined that can be used to register claims, attestations, authorisation grants, user consents, or any other activities. All definitions take into consideration the rules of the General Data Protection Regulation (GDPR).
Similar content being viewed by others
Notes
References
Kermi A, Marniche-Kermi S, Laskri MT (2010) 3D-computerized facial reconstructions from 3d-mri of human heads using deformable model approach. In: 2010 International Conference on Machine and Web Intelligence (ICMWI). IEEE, pp 276–282
Silva JM, Pinho E, Monteiro E, Silva JF, Costa C (2018) Controlled searching in reversibly de-identified medical imaging archives. J Biomed Inform 77:81–90
Sweeney L, Abu A, Winn J (2013) Identifying participants in the personal genome project by name (a re-identification experiment). arXiv:https://arxiv.org/abs/1304.7605
Narayanan A, Shmatikov V (2008) Robust de-anonymization of large sparse datasets. In: 2008 IEEE Symposium on Security and Privacy (SP). IEEE, pp 111–125
Han W, Li Z, Ni M, Gu G, Xu W (2018) Shadow attacks based on password reuses: a quantitative empirical analysis. IEEE Trans Dependable Secure Comput 15(2):309–320
Morse E, Theofanos M, Choong Y-Y, Paul C, Zhang A, Wald H (2012) Usability of piv smartcards for logical access, US Department Commerce, NIST, Gaithersburg, MD, USA, Tech. Rep NIST-IR-7867
Liu J, Yu Y, Standaert FX, Guo Z, Gu D, Sun W, Ge Y, Xie X (2015) Small tweaks do not help: differential power analysis of milenage implementations in 3g/4g usim cards. In: European Symposium on Research in Computer Security. Springer, pp 468–480
Mesbah A, Lanet J-L, Mezghiche M (2018) Reverse engineering java card and vulnerability exploitation: a shortcut to rom. International Journal of Information Security, 1–16
Dacosta I, Ahamad M, Traynor P (2012) Trust no one else: Detecting mitm attacks against ssl/tls without third-parties. In: European Symposium on Research in Computer Security. Springer, pp 199–216
Kim T. H-J, Huang L-S, Perrig A, Jackson C, Gligor V (2013) Accountable key infrastructure (aki): a proposal for a public-key validation infrastructure. In: Proceedings of the 22nd international conference on World Wide Web. ACM, pp 679–690
Basin D, Cremers C, Kim TH-J, Perrig A, Sasse R, Szalachowski P (2018) Design, analysis, and implementation of arpki: an attack-resilient public-key infrastructure. IEEE Trans Dependable Secure Comput 15 (3):393–408
Ren Y, Wang S, Zhang X, Qian Z (2010) Fully secure anonymous identity-based encryption under simple assumptions. In: 2010 IEEE International Conference on Multimedia Information Networking and Security (MINES), pp 428–432
Baars D (2016) Towards self-sovereign identity using blockchain technology. Master’s thesis, University of Twente
Abbasi AG, Khan Z (2017) Veidblock: verifiable identity using blockchain and ledger in a software defined network. In: Companion Proceedings of the 10th International Conference on Utility and Cloud Computing. ACM, pp 173–179
Moyano JP, Ross O (2017) Kyc optimization using distributed ledger technology. Business Inform Syst Eng 59(6):411–423
Kontaxis G, Polychronakis M, Markatos EP (2012) Minimizing information disclosure to third parties in social login platforms. Int J Inform Secur 11(5):321–332
Gulyás GG, Imre S (2018) Hiding information against structural re-identification, International Journal of Information Security, 1–15
Casassa-Mont M, Matteucci I, Petrocchi M, Sbodio ML (2015) Towards safer information sharing in the cloud. Int J Inform Secur 14(4):319–334
Lamport L et al (2001) Paxos made simple. ACM Sigact News 32(4):18–25
Ongaro D, Ousterhout JK (2014) In search of an understandable consensus algorithm. In: USENIX Annual Technical Conference, pp 305–319
Temkow B, Bosneag A-M, Li X, Brockmeyer M (2006) Paxondht: Achieving consensus in distributed hash tables. In: 2006 International Symposium on Applications and the Internet. SAINT. IEEE, pp 9–pp
Chandra TD, Griesemer R, Redstone J (2007) Paxos made live: an engineering perspective. In: Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing. ACM, pp 398–407
Lamport L, Shostak R, Pease M (1982) The byzantine generals problem. ACM Trans Program Languages Syst (TOPLAS) 4(3):382–401
Fischer MJ, Lynch NA, Paterson MS (1985) Impossibility of distributed consensus with one faulty process. J ACM (JACM) 32(2):374–382
Douceur JR (2002) The sybil attack. In: International workshop on peer-to-peer systems. Springer, pp 251–260
Shamir A (1979) How to share a secret. Communications of the ACM 22(11):612–613
Maymounkov P, Mazieres D (2002) Kademlia: A peer-to-peer information system based on the xor metric. In: International Workshop on Peer-to-Peer Systems. Springer, pp 53–65
McCoy D, Bauer K, Grunwald D, Kohno T, Sicker D (2008) Shining light in dark places: Understanding the tor network. In: International Symposium on Privacy Enhancing Technologies Symposium. Springer, pp 63–76
Luu L, Velner Y, Teutsch J, Saxena P (2017) Smart pool: practical decentralized pooled mining. IACR Cryptology ePrint Archive 2017:19
Swanson T (2015) Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems, Report, available online
Dwork C, Smith A, Steinke T, Ullman J (2017) Exposed! a survey of attacks on private data. Annual Rev Stat Appl 4:61–84
Bernstein DJ, Duif N, Lange T, Schwabe P, Yang B-Y (2012) High-speed high-security signatures. J Cryptographic Eng 2(2):77–89
Percival C, Josefsson S (2016) The scrypt password-based key derivation function, Tech Rep.
Chong F, Carraro G, Wolter R (2006) Multi-tenant data architecture, MSDN Library, Microsoft Corporation, 14–30
Mislove A, Viswanath B, Gummadi KP, Druschel P (2010) You are who you know: inferring user profiles in online social networks. In: Proceedings of the third ACM international conference on Web search and data mining, pp 251–260
Cai Z, He Z, Guan X, Li Y (2018) Collective data-sanitization for preventing sensitive information inference attacks in social networks. IEEE Trans Dependable Secure Comput 15(4):577–590
Kainda R, Flechais I, Roscoe A (2009) Usability and security of out-of-band channels in secure device pairing protocols. In: Proceedings of the 5th Symposium on Usable Privacy and Security. ACM, p 11
Huang C-T, Zhang Y-H, Lin L-C, Wang W-J, Wang S-J (2017) Mutual authentications to parties with qr-code applications in mobile systems. Int J Inform Secur 16(5):525–540
Damgård I. (1998) Commitment schemes and zero-knowledge protocols. In: School organized by the European Educational Forum. Springer, pp 63–86
Liao K-C, Lee W-H (2010) A novel user authentication scheme based on qr-code. J Netw 5(8):937
Proos J, Zalka C (2003) Shor’s discrete logarithm quantum algorithm for elliptic curves. arXiv:https://arxiv.org/quant-ph/0301141
Amy M, Di Matteo O, Gheorghiu V, Mosca M, Parent A, Schanck J (2016) Estimating the cost of generic quantum pre-image attacks on sha-2 and sha-3. In: International Conference on Selected Areas in Cryptography. Springer, pp 317–337
Bernstein DJ, Hopwood D, Hülsing A., Lange T, Niederhagen R, Papachristodoulou L, Schneider M, Schwabe P, Wilcox-O’Hearn Z (2015) Sphincs: practical stateless hash-based signatures. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, pp 368–397
Back A (2002) Others Hashcash-a denial of service counter-measure
Laurie B, Clayton R (2004) Proof-of-work proves not to work; version 0.2. In: Workshop on Economics and Information Security
Liu D, Camp LJ (2006) Proof of work can work in WEIS
Van De Zande P (2001) The day des died SANS Institute
Abelson H, Anderson RJ, Bellovin SM, Benaloh J, Blaze M, Diffie W, Gilmore J, Neumann PG, Rivest RL, Schiller JI et al (1997) The risks of key recovery, key escrow, and trusted third-party encryption. World Wide Web J 2(3):241–257
Chang Y-J, Zhang W, Chen T (2004) Biometrics-based cryptographic key generation. In: IEEE International Conference on Multimedia and Expo, 2004. ICME’04, vol 3. IEEE, pp 2203–2206
Ruiz-Albacete V, Tome-Gonzalez P, Alonso-Fernandez F, Galbally J, Fierrez J, Ortega-Garcia J (2008) Direct attacks using fake images in iris verification. In: European Workshop on Biometrics and Identity Management. Springer, pp 181–190
Hadid A (2014) Face biometrics under spoofing attacks: Vulnerabilities, countermeasures, open issues, and research directions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pp 113–118
Anjos A, Marcel S (2011) Counter-measures to photo attacks in face recognition: a public database and a baseline. In: 2011 international joint conference on Biometrics (IJCB). IEEE, pp 1–7
Wang D, He D, Wang P, Chu C-H (2015) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput 1:1–1
Maurer U (1996) Modelling a public-key infrastructure. In: European Symposium on Research in Computer Security. Springer, pp 325–350
Ruoti S, Andersen J, Zappala D, Seamons K (2015) Why johnny still, still can’t encrypt:, Evaluating the usability of a modern pgp client. arXiv:https://arxiv.org/1510.08555
Zeng K (2006) Pseudonymous pki for ubiquitous computing. In: European Public Key Infrastructure Workshop. Springer, pp 207–222
Axon L, Goldsmith M (2016) Pb-pki: a privacy-aware blockchain-based pki
Nuñez D., Agudo I (2014) Blindidm: a privacy-preserving approach for identity management as a service. Int J Inform Secur 13(2):199–215
Caronni G (2000) Walking the web of trust, in Enabling Technologies: Infrastructure for Collaborative Enterprises. In: 2000 Proceedings IEEE 9th International Workshops on (WET ICE). IEEE, pp 153–158
Morselli R, Bhattacharjee B, Katz J, Marsh M (2006) Keychains: A decentralized public-key infrastructure, University of Maryland, College Park College Park United States, Tech. Rep.
Stinson DR (1992) An explication of secret sharing schemes. Designs, Codes Cryptography 2(4):357–390
Rivest RL, Shamir A, Tauman Y (2001) How to leak a secret. In: International Conference on the Theory and Application of Cryptology and Information Security. Springer, pp 552–565
Ren J, Harn L (2008) Generalized ring signatures. IEEE Trans Dependable Secure Comput 5(3):155–163
Sánchez-Guerrero R, Mendoza FA, Díaz-Sánchez D, Cabarcos PA, López A. M. (2017) Collaborative ehealth meets security: Privacy-enhancing patient profile management. IEEE J Biomed Health Inform 21(6):1741–1749
Technologies C (2017) Civic white paper. [Online]. Available: https://tokensale.civic.com/CivicTokenSaleWhitePaper.pdf
He Y, Li H, Cheng X, Liu Y, Yang C, Sun L (2018) A blockchain based truthful incentive mechanism for distributed p2p applications. IEEE Access 6:27324–27335
Baird L (2016) The swirlds hashgraph consensus algorithm: Fair, fast, byzantine fault tolerance, Swirlds, Inc, Technical Report SWIRLDS-TR-2016, vol. 1
Acknowledgements
This work is financed by the ERDF - European Regional Development Fund through the Operational Programme for Competitiveness and Internationalization - COMPETE 2020 Programme, and by National Funds through the FCT - Fundação para a Ciência e a Tecnologia (Portuguese Foundation for Science and Technology) within project CMUP-ERI/TIC/0028/2014.
Funding
This study was funded by the ERDF - European Regional Development Fund through the Operational Programme for Competitiveness and Internationalization - COMPETE 2020 Programme, and by National Funds through the FCT - Fundação para a Ciência e a Tecnologia (Portuguese Foundation for Science and Technology) within project CMUP-ERI/TIC/0028/2014 and individual grant ref. BI/UI62/4091/2016.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interests
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Pedrosa, M., Zúquete, A. & Costa, C. RAIAP: renewable authentication on isolated anonymous profiles. Peer-to-Peer Netw. Appl. 13, 1577–1599 (2020). https://doi.org/10.1007/s12083-020-00914-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-00914-5