Christoph H.-J. Braun
ABSTRACT
We evaluate a bundle of specifications from the Self-Sovereign Identity (SSI) paradigm to construct an authentication protocol for the Web. We demonstrate how relevant standards such as W3C Verifiable Credentials (VC), W3C Decentralised Identifiers (DIDs), and components of the Hyperledger Aries Framework are to be assembled methodologically into a protocol. We make those assumptions from standard trust models explicit that underlie the derived protocol, and verify security and privacy properties, notably secrecy, authentication, and unlinkability. This enables us to formally justify the additional precision that we urge these specifications to consider, to ensure that implementors of SSI-based systems do not neglect security-critical controls.
Supplemental Material
- Abadi, M., Blanchet, B., Fournet, C.: The applied pi calculus: Mobile values, new names, and secure communication. J. ACM 65(1), 1:1--1:41 (2018). https://doi.org/10.1145/3127586Google Scholar
Digital Library
- Allen, C.: The path to self-sovereign identity (2016), http://www.lifewithalacrity. com/2016/04/the-path-to-self-soverereign-identity.htmlGoogle Scholar
- American National Standards Institute: Public key cryptography for the financial services industry: the Elliptic Curve Digital Signature Algorithm (ECDSA). X9.62, ANSI (2005)Google Scholar
- Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF). pp. 107--121 (2010). https://doi.org/10.1109/CSF.2010.15Google ScholarDigital Library
- Biselli, A.: Konzeptionell kaputt und ein riesiger Rückschritt (2021), https:// netzpolitik.org/?p=338612Google Scholar
- Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW). pp. 82--96 (2001)Google Scholar
- Blanchet, B., Cheval, V., Cortier, V.: ProVerif with lemmas, induction, fast subsumption, and much more. In: Proceedings of the 43rd IEEE Symposium on Security and Privacy (S&P). pp. 205--222 (2022). https://doi.org/10.1109/SP46214.2022.9833653Google ScholarCross Ref
- Boysen, A.: Decentralized, self-sovereign, consortium: The future of digital identity in Canada. Frontiers Blockchain 4, 624258 (2021)Google ScholarCross Ref
- Braun, C.H.J., Papanchev, V., Käfer, T.: SISSI: an architecture for semantic interoperable self-sovereign identity-based access control on the Web. In: Proceedings of the 32nd Web Conference (WWW). p. 3011--3021. ACM (2023). https://doi.org/10.1145/3543507.3583409Google ScholarDigital Library
- Camenisch, J., Dubovitskaya, M., Haralambiev, K., Kohlweiss, M.: Composable and modular anonymous credentials: Definitions and practical constructions. In: Proceedings of the 21st International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT). pp. 262--288. Springer (2015). https://doi.org/10.1007/978--3--662--48800--3_11Google ScholarDigital Library
- Chen, J., Paxson, V., Jiang, J.: Composition kills: A case study of email sender authentication. In: Proceedings of the 29th USENIX Security Symposium (USENIX Security 20). pp. 2183--2199 (2020)Google Scholar
- Cheval, V., Kremer, S., Rakotonirina, I.: DEEPSEC: deciding equivalence properties in security protocols theory and practice. In: Proceedings of the 39th IEEE Symposium on Security and Privacy (S&P). pp. 529--546 (2018). https://doi.org/10.1109/SP.2018.00033Google ScholarCross Ref
- Cremers, C., Mauw, S.: Operational Semantics and Verification of Security Protocols. Information Security and Cryptography, Springer (2012). https://doi.org/10.1007/978--3--540--78636--8Google ScholarCross Ref
- de Cristo, F.S., Shbair, W.M., Trestioreanu, L., State, R., Malhotra, A.: Self-Sovereign Identity for the financial sector: A case study of PayString service. In: Proceedings of the 3rd International Conference on Blockchain. pp. 213--220. IEEE (2021). https://doi.org/10.1109/Blockchain53845.2021.00036Google ScholarCross Ref
- Cucko, S., Turkanovic, M.: Decentralized and Self-Sovereign Identity: Systematic mapping study. IEEE Access 9, 139009--139027 (2021). https://doi.org/10.1109/ACCESS.2021.3117588Google ScholarCross Ref
- Curren, S., Looker, T., Terbu, O.: DIDComm messaging. Editor's draft, DIF: Decentralized Identity Foundation (2021), https://identity.foundation/didcommmessaging/ spec/Google Scholar
- Darnell, S.S., Sevilla, J.: 3 stages of a pan-African identity framework for establishing Self-Sovereign Identity with blockchain. Frontiers Blockchain 4, 631640 (2021)Google ScholarCross Ref
- Dingle, P., Hammann, S., Hardman, D., Winczewski, C., Smith, S.: Alice attempts to abuse a verifiable credential. In: White Papers from the 9th Workshop on Rebooting the Web of Trust (RWOT) (2019), https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/finaldocuments/ alice-attempts-abuse-verifiable-credential.pdfGoogle Scholar
- Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198--208 (1983). https://doi.org/10.1109/TIT.1983.1056650Google ScholarDigital Library
- Esposito, C., Horne, R., Robaldo, L., Buelens, B., Goesaert, E.: Assessing the solid protocol in relation to security and privacy obligations. Inf. 14(7), 411 (2023). https://doi.org/10.3390/INFO14070411Google ScholarCross Ref
- Freytsis, M., Barclay, I., Radha, S.K., Czajka, A., Siwo, G.H., Taylor, I.J., Bucher, S.L.: Development of a mobile, Self-Sovereign Identity approach for facility birth registration in Kenya. Frontiers Blockchain 4, 631341 (2021). https://doi.org/10.3389/fbloc.2021.631341Google ScholarCross Ref
- Glastra, T., Aristy, G.: Aries RFC 0453: Issue credential protocol 2.0. RFC, Hyperledger Aries Community (2021), https://github.com/hyperledger/ariesrfcs/tree/main/features/0453-issue-credential-v2Google Scholar
- Hogan, A.: Canonical forms for isomorphic and equivalent RDF graphs: Algorithms for leaning and labelling blank nodes. ACM Trans. Web 11(4), 22:1--22:62 (2017). https://doi.org/10.1145/3068333Google ScholarDigital Library
- Horne, R., Mauw, S.: Discovering ePassport vulnerabilities using bisimilarity. Logical Methods in Computer Science 17 (2021). https://doi.org/10.23638/LMCS-17(2:24)2021Google ScholarCross Ref
- Horne, R., Mauw, S., Yurkov, S.: Unlinkability of an improved key agreement protocol for EMV 2nd gen payments. In: Proceedings of the 35th IEEE Computer Security Foundations Symposium (CSF). pp. 364--379 (2022). https://doi.org/10.1109/CSF54842.2022.9919666Google ScholarCross Ref
- Houtan, B., Hafid, A.S., Makrakis, D.: A survey on blockchain-based Self-Sovereign patient identity in healthcare. IEEE Access 8, 90478--90494 (2020). https://doi.org/10.1109/ACCESS.2020.2994090Google ScholarCross Ref
- Khateev, N., Curran, S.: Aries RFC 0454: Present proof protocol 2.0. RFC, Hyperledger Aries Community (2021), https://github.com/hyperledger/aries-rfcs/blob/ main/features/0454-present-proof-v2/README.mdGoogle Scholar
- Kudra, A.: Self-sovereign identity (SSI) in Deutschland. Datenschutz und Datensicherheit 46(1), 22--26 (2022)Google Scholar
- Lodder, M., Hardman, D.: Sovrin DID method specification. Editor's draft (2023), https://sovrin-foundation.github.io/sovrin/spec/did-method-spectemplate. htmlGoogle Scholar
- Longley, D., Kellogg, G., Yamamoto, D.: RDF dataset canonicalization a standard RDF dataset canonicalization algorithm. Candidate recommendation draft, W3C (2023), https://www.w3.org/TR/rdf-canon/Google Scholar
- Longley, D., Sporny, M.: RDF dataset canonicalization. Final community group report, W3C (2022), https://www.w3.org/community/reports/credentials/CGFINAL-rdf-dataset-canonicalization-20221009/Google Scholar
- Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. Softw. Concepts Tools 17(3), 93--102 (1996). https://doi.org/10.1007/3--540-61042--1_43Google ScholarCross Ref
- Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW). pp. 31--44 (1997). https://doi.org/10.1109/CSFW.1997.596782Google ScholarCross Ref
- Mahula, S., Tan, E., Crompvoets, J.: With blockchain or not? opportunities and challenges of Self-Sovereign Identity implementation in public administration: lessons from the Belgian case. In: Proceedings of the 22nd Annual International Conference on Digital Government Research (DG.O). pp. 495--504. ACM (2021). https://doi.org/10.1145/3463677.3463705Google ScholarDigital Library
- National Security Agency: Common Criteria for information technology security evaluation (CCMB-2017-04-002) (2017), https://www.commoncriteriaportal.org/ files/ccfiles/CCPART2V3.1R5.pdfGoogle Scholar
- Prorock, M., Steele, O., Terbu, O.: did:web method specification. Editor's draft (2023), https://w3c-ccg.github.io/did-method-web/Google Scholar
- Sambra, A.: Verifiable credentials use cases. Working group note, W3C (2019), https://www.w3.org/TR/vc-use-cases/Google Scholar
- Sambra, A.: Verifiable credentials implementation guidelines 1.0. Editor's draft, W3C (2023), https://w3c.github.io/vc-imp-guide/Google Scholar
- Sporny, M., Guy, A., Sabadello, M., Reed, D.: Decentralized Identifiers (DIDs). W3C recommendation, W3C (2022), https://www.w3.org/TR/did-core/Google Scholar
- Sporny, M., Longley, D., Prorock, M.: Verifiable credential data integrity 1.0: Securing the integrity of verifiable credential data. Candidate recommendation snapshot, W3C (2023), https://www.w3.org/TR/2023/CR-vc-data-integrity-20231121/Google Scholar
- Sporny, M., Noble, G., Longley, D., Burnett, D.C., Zundel, B., Hartog, K.D.: Verifiable credentials data model v1.1. W3C recommendation, W3C (2022), https://www.w3.org/TR/vc-data-model/Google Scholar
- Sporny, M., Zagidulin, D., Longley, D., Steele, O.: The did:key method v0.7. Unofficial draft (2022), https://w3c-ccg.github.io/did-method-key/Google Scholar
- Steele, O., Sporny, M.: DID specification registries. Note, W3C DID Working Group (2023), https://www.w3.org/TR/did-spec-registries/#did-methodsGoogle Scholar
- Veramo core team: ETHR DID method specification. Editor's draft (2022), https://github.com/decentralized-identity/ethr-did-resolver/blob/master/doc/did-method-spec.mdGoogle Scholar
- West, R., Bluhm, D., Hailstone, M., Curren, S., Curran, S., Aristy, G.: Aries RFC 0023: DID exchange protocol 1.0. RFC, Hyperledger Aries Community (2021), https://github.com/hyperledger/aries-rfcs/tree/main/features/0023-didexchange/README.mdGoogle Scholar
Index Terms
- SSI, from Specifications to Protocol? Formally Verify Security!
Recommendations
SoC Protocol Implementation Verification Using Instruction-Level Abstraction Specifications
In modern systems-on-chips, several hardware protocols are used for communication and interaction among different modules. These protocols are complex and need to be implemented correctly for correct operation of the system-on-chip. Therefore, protocol ...
Verifying security properties of internet protocol stacks: The split verification approach
We propose a novel method to construct user-space internet protocol stacks whose security properties can be formally explored and verified. The proposed method allows construction of protocol stacks using a C++ subset. We define a formal state-...
From Protocol Specifications to Flaws and Attack Scenarios: An Automatic and Formal Algorithm
WET-ICE '97: Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative EnterprisesAbstract: Presents a new approach to the verification of authentication protocols. This approach is formal, fully automatic and does not necessitate any specification of any protocol property or invariant. It takes the protocol specification as the ...
Comments