SSI-AWARE: Self-Sovereign Identity Authenticated backup With Auditing by Remote Entities

Philipp Jakubeit*, Albert Dercksen, Andreas Peter

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

The self-sovereign identity (SSI) model entails the full responsibility and sovereignty of a user regarding his identity data. This identity data can contain private data which is solely known to the user. The user himself is therefore required to manage the whole lifecycle of his private data, including the backup and restore. We show that prior work on how to backup and restore the user’s identity data does not meet the requirements of the SSI setting, and we present the first solution which does meet the requirements. Authenticated backup with auditing by remote entities (AWARE) combines SSI sustaining aspects and extends them to create a truly self-sovereign backup-and-restore protocol. In AWARE, trusted, physically met humans, called custodians, hold a secure device. Custodians with a secure device offer an offline backup possibility and a secure channel. The backup and restore are audited by commits on a publicly accessible distributed ledger. These commits are answered by auditing services which are required during restore. Only some auditing services hold relevant data for a restore. The self sovereignty of the user lies in the exclusive information which auditing services hold relevant data. AWARE is the first backup-and-restore mechanism that fully complies with the SSI model. We perform an in-depth security-risk analysis of AWARE, showing a risk rating which is comparable to the best risk rating o related non-SSI-compliant backup-and-restore mechanisms. We instantiate the AWARE protocol with cryptographic primitives providing a high security level of 256-bit. We show its implementation feasibility by providing a simulation of AWARE, and conclude with an estimated performance analysis on a microcontoller architecture based on our simulation and implementation results in the literature.
Original languageEnglish
Title of host publicationInformation Security Theory and Practice
Subtitle of host publication13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings
EditorsMaryline Laurent, Thanassis Giannetsos
PublisherSpringer International Publishing AG
Pages202-219
ISBN (Electronic)978-3-030-41702-4
ISBN (Print)978-3-030-41701-7
DOIs
Publication statusPublished - 2 Mar 2020
Event13th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2019 - Conservatoire National des Arts et Métiers, Paris, France
Duration: 11 Dec 201912 Dec 2019
Conference number: 13
http://www.wistp.org/

Publication series

NameLecture notes in computer science
Volume12024

Conference

Conference13th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2019
Abbreviated titleWISTP 2019
CountryFrance
CityParis
Period11/12/1912/12/19
Internet address

Keywords

  • Cybersecurity

Fingerprint Dive into the research topics of 'SSI-AWARE: Self-Sovereign Identity Authenticated backup With Auditing by Remote Entities'. Together they form a unique fingerprint.

Cite this