Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges

By Seetharaman Jeganathan [email protected] www.linkedin.com/in/seetharaman-jeganathan-56418b45/ Self-Sovereign Digital Identity (SSI) is a modern business and technology phenomenon. This article looks at some of the and opportunities it offers as well as the challenges it presents.

Abstract a peer-to-peer (P2P) network. The backbone of the P2P network described in the original bitcoin publication is a “Distributed elf-Sovereign Digital Identity (SSI) is a modern business Ledger Technology (DLT)” network commonly referred as and technology phenomenon focusing on enabling indi- Blockchain network. Blockchain is presently viewed as the next viduals (personas) to own, control, and safeguard their generation of the Internet and is also referred to as a Decen- Sdigital identity in the online/cyber space. Verifying and vali- tralized Web or the Web3. It is a decentralized database that dating an individual’s online identity is more important now, handles a growing number of digital transactions which are more than ever, in order to conduct business online securely, cryptographically secured for data confidentiality and integrity. and to comply with the legal and regulatory requirements of It removes the need for a third party, or middleman, to validate any industry. Due to widespread digital adoption and transfor- the transactions in the network. Instead, these transactions are mation, technology has been a significant part of many people validated by the P2P network participants and stored in the in their daily life. While it simplifies personal and business ledger network as individual blocks. [2][3] work, trust however, is still a big question and it costs millions during data breaches. Regardless of many advancements in The rules that govern the validation process are formed based the information technology and security areas, individuals on the consensus methods of blockchain network and provides are still victimized by identity theft and data breaches. Identity economic incentives (aka. Game Theory) to the participants for theft and data breaches have consequences for several years of the efforts spent on the work (Proof of Work - PoW consensus a users’ life. According to a Google and Harris Poll study, an model) to process the submitted transactions in the network. average person in the US has a minimum of 27 online accounts In order to get a transaction approved, it must be validated and that require passwords. Almost 66% of the survey participants consensus must be arrived among all or majority of the partic- said they reuse their password for their online-banking, email ipants to successfully commit the transaction in the network. account, and social media sites, which makes them directly For example, in Bitcoin network, these participants are called vulnerable to multiple security threats related to passwords. as “miners” who put in work and play by the rules defined by [1] In this paper, the author is contemplating a user-centric the network governing entity and get rewarded for successfully approach for enhancing security of users’ digital identity and mining (validating) the bitcoin (blocks/transactions). [2][3] minimize the risks from identity theft and other frauds. Blockchain Networks – Architecture Blockchain Networks With the introduction so far, we can summarize that the Block- chain network building blocks consist of a layered architecture Blockchain Networks – Introduction as given in the diagram below (Figure 1) Blockchain came to light after Bitcoin specifications were first published. Bitcoin inspired a foundational transformation in the electronic payments processing system by introducing a cryptocurrency model. It changed the method of transactions from a third-party trust model to a user-centric trust model on

10 – ISSA Journal | May 2021 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan

Block Header Block number • Block number • List of transactions • Previous block header’s (tx0, tx1, … txn) hash value • Other data specific to the • Hash of the current block network (Merkle Tree Hash Value) • Timestamp • Size of the block • Nonce value – This is used to solve the hash puzzle for networks that uses mining to attain consen- sus. (Ex. Bitcoin) Table 1 – Block Header and Data Contents [5][6] Figure 1 - Blockchain Layered Architecture (Inspired by Florian Glatz) [3] Figure 3 below summarizes how the blockchain works starting Blockchain networks are broadly categorized as private, public from initiating the transaction and up until it is committed in and permissioned models. A private blockchain network is the network. owned by a company or a group, who controls the nodes and data in the network. A public blockchain network is permis- sionless, open for public users for reading and updating data in the network. Bitcoin and Litecoin are popular examples of this model. In a permissioned blockchain network, a group or consortium acts as a privileged body and authorizes users to perform allowed operations on their data and nodes. R3 Corda for banks and Energy Web Foundation (EWF) are popular networks of this model. [4] Figure 2 below is a sample block chain distributed network architecture. There is no central authority which controls the nodes in the network but the gover- nance rules are established for ensuring a proper functioning of the network. It is possible to add nodes in the network at any Figure 3 – How Blockchain Works (Inspired by Anastasiia Lastovetska) [7] point of time and it makes the whole network very scalable and Blockchain Networks – Security dynamic. It consists of nodes which are tasked to confirm the transactions i.e., establishing consensus and there are mining Each block data is encrypted by cryptographic methods specific nodes which are responsible for adding the consented blocks to the blockchain networks. Usually these include Symmetric (transactions) into the network. and Asymmetric cryptography in addition to the digital signa- tures and hashing algorithms. Each block is hashed and a digest ID is created for the block and attached with it. Any chang- es with the block will invalidate the hash already generated, this ensures immutability of the block. The Merkle tree hash represented below in Figure 4 is an important component of the block; it is a data structure where each data in the block is hashed and combined to derive a singular root hash and appended in the block.

Figure 2 – Blockchain Distributed Ledger Network [5][6] Blockchain network users can submit their transactions via the required tools and technologies (applications, digital wallet, APIs etc.) These transactions are sent to one or more confirm- ing nodes and wait in the queue for processing by the mining nodes. Every blockchain network defines its specifications for the blocks in their network but at a high-level, a block contains a block header and block data as represented in the table below Figure 4 – Merkle Tree Hash Algorithm [5][6] (Table 1).

May 2021 | ISSA Journal – 11 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan

Blocks are linked together to form the blockchain, where each Category Security Threats block has the hashed value of the previous block’s header. Thus, Settlement of Blockchain “51% Attack” which enables an if any previously published block changes, then its hash value attacker to gain control of the will change, and this will in turn, affect all the subsequent network and inject falsified blocks. This characteristic of the blockchain provides a tamper transactions. resistant environment and make it easily possible to detect the Table 2 – Blockchain Networks – High-level security threats [6][7][8] changes. In Figure 5 below, a blockchain is shown explicitly as Blockchain Networks – Consensus models a chain of blocks for understanding. Consensus models are critical elements of a blockchain network; they determine how users can publish the next block in the network. In permissionless blockchain networks such as bitcoin, there are multiple publishing nodes (users) who are working to validate the transaction and publish the block in the network. This is with the aim of getting a reward in the form of crypto currency for the effort that they put in to validate the transaction. It is essential to understand that there is no trusted third party in permissionless blockchain networks to provide consent, hence it is done by the peer publishing users based on the rules established to validate the work. This process gets Figure 5 – Blockchain – Chain of blocks [5][6] challenging in permissionless networks as users are competing against each other and can claim the work of others. Therefore, Most of the popular blockchain networks leverages asymmetric it is also essential to have conflict resolution rules to choose or public key cryptography model for data security (encryp- the winner. However, in a permissioned network this process tion and decryption), digital-signature based authentication, is more streamlined since there is a governing party that over- integrity and non-repudiation for validating and committing sees these users and makes the judgement call. [6][7][8] Table transactions in the network. [5][6] Even though blockchain 3 below provides a snapshot of possible consensus models that transactions are tamper resistant, it is important to understand can be chosen by the blockchain networks. that blockchain networks and supporting tools and technol- ogies aren’t themselves inherently resistant to cybersecurity Consensus Model Domain Description threats and risks. Hence, a holistic cybersecurity model or Proof of Work Permissionless Users are challenged with program is a must to protect the blockchain network from (PoW) computationally difficult malicious sources and attacks. Table 2 below summarizes some problems (puzzles) to solve the transactions of the potential security risks but not limited to, impacting the submitted in the network. blockchain networks. Users compete against each other and put in work Category Security Threats and resources to solve the Network based attacks DDOS type attacks on the block- puzzles for the rewards. chain networks. Bitcoin is a popular Human errors (Intentional vs. Intentionally violating user code of network of this model. Mistakes) conduct in the network. Proof of Stake (PoS) Permissionless This model provides Human errors (Ex. Misconfiguration more leverage to users of the networks) who have invested and obtained significant stakes Threats related to Cryp- All known threats related to in the network, because tography (Symmetric and running a cryptography environ- of this they are offered Asymmetric) environment ment including keys management with less computationally and secure distribution to users. intensive puzzles to solve Quantum resistant algorithms and and gain returns on their key sizes. investments. Identity verification - Ensuring Ethereum is a popular one-to-one relationship of network of this model. transactions to users is a challenge since users can possess multiple PKI key pairs.

Application Security Threats Applications such as Digital Wallets, Smart Contract software develop- ment can introduce vulnerabilities in the environment.

12 – ISSA Journal | May 2021 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan

Consensus Model Domain Description refer the sources (NIST and others) cited in this paper to learn more about the blockchain technology. Proof of Authority Permissioned This model is based on (PoA) / Proof of authorized identities Self-Sovereign Identity – Introduction Identity (PoI) (publishing nodes) approv- ing the transactions based It would be easier to step back and understand how the digital on their authority. Ex. identities have evolved from the early stages to till date to high- Government agencies, legal entities approving financial light the problem areas of how the current models aren’t plac- transactions in the network. ing users at the center, rather giving the control to the identity We will be relating this providers and service providers. In the diagram below (Figure model in the proposed SSI 6), four stages of evolution are depicted for our discussion. In solution in this paper. centralized, federated and user centric models, users were tied Proof of Elapsed Permissioned This model allocates a up to a central administrative party and bound to the terms and Time (PoET) random wait time for conditions defined by the providers to leverage their services. the publishing nodes and These models were reflecting the interests of the identity/service ensuring not all the nodes are active at any point of providers to support their businesses for profit. They didn’t time allowing the chances adequately reflect the interests of users; hence if the users’ data for all the nodes to equally are compromised then, the consequences are far more destruc- participate and publish the tive for the users than for these organizations. [9][10] blocks in the network. Hyperledger is a popular However, SSI envisioned a paradigm shift by defining it network of this model as , Self-Sovereign Digital Identity (SSI) which is owned Table 3 – Types of consensus models for a blockchain network [6][7][8] and controlled by its owner (end user) without relying on a third-party to administer the identity. In the SSI model, users Blockchain merits a paper by itself to discuss the core concepts are at the core of the identity management process and given such as types of block chains (public, private, consortium and full rights on how to use their identity for their needs. Without hybrid), cryptoeconomics, tokens, applications, consensus their consent, users’ digital identity and the claims (various models and smart contracts in-depth. [6][7][8] Since it is not attributes of the identity) aren’t shared with any external enti- the focus of this paper, the author encourages the readers to ties for conducting businesses & transactions online, thereby protecting users from identity theft and fraud. [9][10]

Issued by a centralized identity/ Issued by an identity provider Individual personal identity Decentralized Identity Manage- service provider. and shared to multiple service providers issued claims to relying ment - Users be the rulers of Examples & Observations : providers. parties. their own identity. Individual organizations issuing Examples & Observations : Examples & Observations : Examples & Observations : identities to their employees, Corporate identities shared to Facebook, Google, LinkedIn etc. Sovrin, uPort, etc. contractors, partners etc. multiple service providers (Ex. OpenID specifications enabled Decentralized model for issuing Online service providers providing Concur, ADP, Health Insurance individuals to depend on person- and managing digital identities identity for their users/customers. providers etc.) al identity providers to create for users. Users own and control (Ex. E-Commerce service providers Enabled Single Sign-On access their identities and share with their identity without relying on like Amazon, PayPal, eBay, etc. ) from Identity provider to the relying parties for creating any centralized 3rd party. Certificate authorities issuing Service providers. trust. Protect users from identity theft identity for individuals in the form Each individual service This model led to identity data and financial fraud. of digital certificates. providers became authority of being shared for profit, and Privacy oriented approach for users’ identity in this model didn’t fully reflect the interests creating user autonomy. and identities are proliferated of the users. for SSO.

Figure 6 – The evolution of digital identity [9][10]

May 2021 | ISSA Journal – 13 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan

SSI Guiding Principles Ten Principles of Self-Sovereign Identity SSI guiding principles are derived from several notable works by Christopher Allen done in the past two decades by various interested parties such Access Users can access their own data in their identity as W3C. It is noteworthy to touch upon couple of such works, a) profile at any point of time. Users aren’t hidden by any gatekeepers, however proper mechanism The “Laws of Identity” published by Kim Cameron back in 2005 to enforce the identification and authentication and b) Christopher Allen’s guiding principles of SSI. [10][11] of the users before granting access to prevent The tables (Table 4 and Table 5) below highlight the principles unauthorized access. from the cited references. Transparency SSI information ecosystem and security mechanisms are transparent. Complies with the The Laws of Identity by Kim Cameron cryptography fundamentals that the Keys are User Control and Consent Users’ identity claims (attributes) the secret, but not the algorithms and systems are shared only after their consent processing them. and users can control at any point on Persistence Identities to last forever as per the needs by what to share about their identity the users. However, if users want to enforce with the service providers. their rights to be forgotten then identities are Minimal Disclosure for a Discourages the “just in case” updated as per the requirements. Constrained Use needed type information gathering Portability It is highly preferrable that not any single and move to “least identifying third party is in control of the ecosystem. It is information” for specific contexts. portable and work in the best interest of user Justifiable Parties Discourages sharing of information to across boundaries. 3rd parties. Information collected by Interoperability Make the identity ecosystem independent of a relying party shouldn’t be shared specific systems, tools and technologies. with others in a chaining model. Consent Users must agree to use their identity either Directed Identity Support for “omni-directional” and directly or on behalf of them by an agent to “unidirectional” identities both public support their day-to-day needs. and private entities. Encourages identities for specific contexts with Minimalization Minimize the disclosure of user identity data. restricted claim attributes. For example, when checking for minimum age requirements, it is not required to expose users’ Pluralism of Operators and This law mandates the identity age but provide a binary answer whether the Technologies ecosystem has a correlation mech- user meets the minimum age requirements. anism to realize several possible identifiers of a person specific to Protection Protect the rights of users when conflicts arise contexts. A single monolithic system with the identity ecosystem needs. is not scalable for various real-life Table 5 – Ten Principles of Self-Sovereign Identity [10] scenarios hence encourages for identifiers for specific contexts in a SSI Building Blocks polymorphic method. SSI is viewed as a modern digital identity management process Human Integration Enforce protection mechanisms for which deviates from the centralized models to a newer decen- user identities when leveraged and used in the information systems tralized model. SSI is a combination of people, process and processing and computation. technology elements with several building blocks to run an Recommending a very high level operational ecosystem. At a high-level below are the core build- of reliability in the communication ing blocks of SSI: [12] between systems and its users. Consistent Experience All users must experience consistent • Verifiable credentials – digital equivalents of the physi- Across Contexts behavior and protection across cal ids (Ex. Driver License) that we carry to identify and multiple contexts (Personal vs. prove who we are in the day-to-day life. Professional) when interacting with their context specific personas. • The Trust Triangle – Trust triangle which involves three major actors’ issuers, holders, and verifiers. Table 4 – The Laws of Identity by Kim Cameron [8] • Digital Wallets – Digital equivalent of physical wallet Ten Principles of Self-Sovereign Identity where verifiable credentials are stored. Examples smart- by Christopher Allen phones, tablets, laptops etc. Existence Enforces SSIs issued to users based on their independent existence. SSI is nothing but a • Digital Agents – digital applications that run on the digital form a physical person where user is the digital wallets and enable users to access and exchange center of their identity and the interested party. their credentials securely with other agents. Manage Control It strongly emphasizes that users control their connections to the SSI infrastructure and enforces own identities and not bound to the identity/ access control policies specific to the ecosystem. service provider terms and conditions and lead to privacy compromises. • Decentralized identifiers (DIDs) – This is one of the backbones of SSI. Originally published by W3C, glob- ally unique and cryptographically verifiable of the

14 – ISSA Journal | May 2021 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan

ownership. Figure 7 shows the proposed DID specifi- Self-Sovereign Identity Ecosystem – Conceptual cation format, Architecture In this section, we are attempting to propose a conceptual/ logical architecture model of SSI ecosystem leveraging block- chain networks (Figure 9). In mid-2017, NIST published a series of Digital Identity Guidelines (SP 800-63-3, 800-63A, 800-63 B, and 800-63-C) which will serve as the basis for this Figure 7 – Decentralized Identifier (DID) Format ( W3C) [13] model architecture along with the author’s professional expe- rience in the Identity and Access Management (IAM) security • Decentralized Registries – Blockchain based decentral- implementations. ized ledger for registering DIDs. These are distributed, cryptographically secured and high available block- chain networks. • Governance frameworks – Last but not least, basis for business, legal and technical rules that govern the effi- ciency of SSI ecosystem. When combining these building blocks, they form a layered architecture model as depicted in the diagram below (Figure 8). This model was originally envisioned and strategized by the Trust over IP foundation project from the Linux foundation as a part of its open-source projects. It consists of four layers and governance frameworks surrounding each layer, working Figure 9 –SSI Ecosystem – Conceptual Architecture Model [15][16] coherently to enable the digital trust SSI ecosystem. SSI – Enrollment and Identity Proofing Module • Layer 1 - forms the decentralized registry (block- chain ledge networks) as the basis for building the SSI The enrollment process is the gateway of the ecosystem, where infrastructure. SSI applicants (end users) apply for their digital form of Self-Sov- • Layer 2 - forms the P2P network communications and ereign Identity with the ID provider. The SSI initiative is a huge protocols for the SSI components such as Digital Wallet undertaking. Hence it can be driven by the governments for and Agent to communication each other and with the their citizens at the national or local levels. Private agencies in SSI Registry layer. a country can support this by working along with the govern- • Layer 3 - forms the logical trust triangle between the ment agencies for vetting the state issued proofs submitted by SSI issuers, holders and verifiers. This layer addresses applicants for vetting their identity. The enrollment/registration the core business requirements by placing the users process begins with collecting users’ Personally Identifiable (holders) in the center of the framework. Information (PII) such as first name, last name, date of birth, address, etc., and both non-sensitive and sensitive information • Layer 4 - forms the digital applications (public vs. to obtain digital identity with a specific level of assurance based private) by service providers become part of the digital on the outcome of the vetting process. identity trust model by integrating their applications to leverage the SSI model for all identity-based transac- Identity Assurance (IA) levels are used to define the trust estab- tions and enhance security. lished while creating the digital identity based on the evidence submitted for proofing and vetting by the applicant/owner. For example, as per NIST SP 800-63, three levels of assurance are recommended, IA1, IA2 and IA3. Where IA1 is the least and IA3 is the most vetted digital identity of a person. IA3 mandates that some form of biometrics information about the person is collected and embedded in the identity store, this can be used later for solving advanced identification, authentication and validation requirements for sensitive online transactions. At the end of this process, the users identity data is collected, vetted and a digital form of identity (SSI) is generated with a defined assurance level and further committed into the back end decen- tralized blockchain network(s) by the ID provider. [15] [16] It is important to understand that SSI provider isn’t a central- ized authority for users’ SS identity but they are interested Figure 8 – Layered SSI Architecture Model (Inspired from the work of Trust parties (stewards) in forming the ecosystem (people, process Over IP Foundation) [14] and technology) and governance around the end-to-end life-

May 2021 | ISSA Journal – 15 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan cycle for SS digital identity management. These stewards must From this module, end users have a self-service capability operate based on the merits of national interests, business to view, update, and remove their profile attributes in the advancements and securing the end users from identity theft SSI Ecosystem. User’s access to the SSI ecosystem must be and fraud by complying with the data privacy laws of the land. authenticated using strong authentication mechanisms, most Web 3 Layer & Cryptography Services preferably avoiding passwords in this critical infrastructure. As per NIST guidelines, introducing Authentication Assurance Web3 or Decentralized Web is the front-end layer for access- Levels (AAL1, AAL2 and AAL3) strengthens the access to the ing and administering blockchain networks and transaction environments. Multi-factor authentication further strengthens blocks. This layer comprises of various decentralized applica- the security of this ecosystem and improves user experience, tions (DApps) that run on the backend P2P network and serve auditing & accountability of individuals gaining access to the as a UI frontend for the end users and administrators in the environment. All the changes submitted by the users on their form of web and mobile based interfaces. Digital Wallets are identity profile must be verified through the reusable proofing an important app category in this layer and run on the Digital mechanisms to either increase or reduce their Identity Assur- Agent (laptops, mobile devices, tablets etc.). These apps commu- ance Level and Authentication Assurance Level that was granted nicate with the backend layer via API based connections to the while initially creating the SS digital identity. The more privacy Smart Contracts (APIs) which are the business logic code to information the digital identity profile carries, the more the IAL execute transactions in the P2P blockchain network. Digital and AAL level weight is assigned for the users. It is important to wallets enable end users to govern their SSI on the backend ensure that users can control & authorize the instances sharing network, to administer the properties and control the security their identity profile data with the service providers and other settings for information exchange in the form of claims with requestors. For example, users may be willing to share first the requestors. Users must get an authorization request in the name, last name, date of birth, email address but not willing or wallet app before the information is shared with the requestors needing to share their address, financial data, national id (SSN, and users must have the ability to approve or reject the informa- SIN etc.) with all the service providers. This is a fundamental tion requested based on the need; this is a key guiding principle change, in enabling users to own and govern their data than for developing SSI system by granting the control of the identity giving control to the online service providers [16][17]. to its owners. [15] Earlier in the paper, we reviewed the evolution of digital iden- Digital wallets also carry the cryptographic keys (Private Keys / tities and their drawbacks. It is essential to bring in the users Symmetric Keys) for supporting native encryption/decryption in the identity federation process and enable them to make a of data transferred between the network and end users. The SSI decision on whether their identity data (sensitive vs. non-sensi- ID Provider must have a robust cryptography service platform tive) is actually required (need-to-know) to complete an online to support the requirements and ensure that security best prac- transaction. In Figure 10 a proposed identity federation logical tices around key generation (such as key length, algorithms) view is presented involving the digital identity cloud (aka. SSI and lifecycle management are followed for effectiveness. It is Ecosystem) where users leverage their digital identity offered by recommended to have the keys with a short time validity (maxi- an SSI provider in the decentralized network to access various mum of 2 years) and rotate the key pairs (public and private electronic online services (not limited to) such as ecommerce keys) when required to respond to any security threats. All websites, electronic healthcare services by providers, various sensitive data must be encrypted with unique keys pertaining government online services and banking services. to individual users, when registering the user’s identity data in the backend blockchain network. Public keys are stored in the key management server of the SSI ecosystem and the private /symmetric keys are stored in the digital wallet application running on the digital agents held by the SSI holder. Digital wallet application (Web and Mobile based) communications "Enjoying the Journal? Got ideas for how to improve it? with the server and API layer must also be secured with SSL/ Let us know by taking the official ISSA Journal Survey: TLS certificates for secure data transmission. [15] https://bit.ly/3powHrB Digital Identity Trust & Federation We want the Journal to reflect what you want and be a Digital Identity Trust & Federation module offers modern valuable part of your ISSA membership and security Identity and Access Management (IAM) capabilities in the career." SSI ecosystem. IAM uses a combination of people, processes, and technology components to address functional & security requirements related to digital identity such as Identity Provi- sioning, Administration and Governance (IAG) and IAAA controls Identification, Authentication, Authorization and Accountability. Within IAM space, Customer (Consumer) Identity and Access Management is a focus area for customers/ consumers of a business entity.

16 – ISSA Journal | May 2021 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan

Figure 10 – SSI Ecosystem – Digital Identity Trust & Federation Module [17][18][19] The flow of how an end user can complete an online shopping Language (SAML) are the open standards which support the experience in the traditional model vs. new model is laid out federated identity, whereas Web Services specifications such in the table below for the readers understanding. [18][19][20] as WS-Security, WS-Trust and WS-Federation are closed stan- dards to support federated identity use cases. OpenID standard eCommerce Website Transaction – Traditional vs. is maintained by the non-profit OpenID foundation around the Modern approach world. OpenID protocol supports generating a set of key-value Traditional Approach New Approach (Using SSI pair identity attributes referred as claims for the individual Ecosystem) users. SSI Ecosystem will act like a claims’ provider of user Users’ login to ecommerce Users’ login to ecommerce details in the form of key-value pairs to the service providers. website (ex. www.shopping. website (ex. www.shopping. com) using User ID / Password com) using their Digital SSI ID. Facebook and Google are some other well-known ID providers registered on their website Users aren’t registered at the but not the SSI provider. OAuth is a standard for achieving bound to their terms & service provider website and not secure authorization, in the example flow we have reviewed conditions bound to their service terms & above the user authorization is supported by this standard. conditions. OAuth version 2.0 is maintained by the Internet Engineering Password based authentica- Passwordless authentication is Task Force (IETF) OAuth working group. SAML standard tion is widely used by service mandatory in this new approach. providers. enables sending identity information to the service providers in the XML format after successful user authentication. SAML Users need to enter their Users need to authorize the payment card information on payment directly to the payer 2.0 is an OASIS standard which supports assertions (security their website for payment. bank. This way payment card tokes) based federated identity deployments. [18][19][20] information is shared on a need- to-know basis which reduces the Security tokens are the key components of the federated identi- risk of data breach. ty solution deployments. These tokens are passed from the Iden- Users aren’t involved in the Users are directly involved to tity Providers (IdPs) to the Service Providers (SPs) to determine authorization process during authorize and share the payment access decisions for users in the application. Access controls can the transaction flow. card data from their Digital SSI ID be designed either with the roles or attributes of user profile in profile to the payer bank. the form of Role Based Access Control (RBAC) or Attributes Users can’t control what infor- Users can control what to share Based Access Control (ABAC). JSON Web Tokens (JWT) is a mation is shared and stored at and what not to share in this flow. security token type commonly used for representing claims the service provider. which support security features of digital signature JSON web Table 6 – Digital Identity Cloud – Federation Transaction Flow [17][18][19] signature (JWS). JWTs can also be encrypted using JSON Web It is essential to review the technology standards to back the Encryption (JWE) methods to share the claim attributes in an technology behind the federation process introduced in the encrypted form to the service providers. This is a mandatory Digital Identity Trust & Federation module. OpenID, OAuth, requirement in the SSI Ecosystem to share the sensitive user JSON Web Token (JWT) and Simple Assertion Markup attributes to service providers in a secure format. [18][19][20]

May 2021 | ISSA Journal – 17 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan

Self-Sovereign Identity – Opportunities & nia’s ID=card initiative and Italy’s SPID for public administra- Challenges tive services are some of the notable initiatives by governments for their citizens. [23] Opportunities Challenges SSI solutions create several opportunities, including advanced With a large array of opportunities; SSI also has significant digital transformation and potential cost saving opportunities challenges for wide spread implementation and adoption. SSI across several industry sectors. Let’s briefly review a few of the needs three main factors working together which are Regula- opportunities here in this paper. tion, Technology, and Trust frameworks. Friction can occur Data Breaches – According to ForgeRock Consumer Identity in any of these or all of the three factors and pose challenges Breach Report, more than 7.8 billion records were exposed in in the initiative. SSI focuses on individual privacy, so the legal the years 2018, 2019, and 2020. Healthcare was the most targeted regulations and compliance requirements around user privacy industry where PII information was the most sought-after type must define the guidelines for implementing a sustainable SSI of data. Following healthcare other industries such as banking, solution as a replacement for the current centralized solutions finance, insurance, education, government, and retails sectors that are widely practiced. This initiative shouldn’t be seen as a were impacted with high profile data breaches costing over $1.8 threat to the individual’s privacy but rather as an enabler for trillion in the U.S. This trend is projected to increase where the asserting the privacy by giving the control to the users directly. consumers are victimized YoY. SSI is built with focus on reduc- Technology challenges are immense in this initiative; several ing information hacking. By giving control of their information technology challenges can pose a threat for this implementation to users directly, it is highly possible to reduce the information for example, cryptography and key management. With a vast hacking. SSI minimizes the PII data with the service provider number of users, the transactions must be scalable, interoper- hence the attack motivation and attack vectors are reduced to able and highly secure. Security threats for this infrastructure minimize the data breaches. SSI bolsters data privacy by guar- are multi-fold because for hackers it is a treasure hunt to hack anteeing the right to be forgotten, the right of consent, the right users personal information hence security must be a core of of pseudonymization and the minimization of PII. [21][22] this infrastructure and not as an afterthought. Technology Healthcare services & Interoperability – The healthcare challenges in running the blockchain decentralized network, industry can greatly benefit from the SSI implementation. defining effective smart contracts and consensus rules must be Healthcare providers can minimize the PII data that they store addressed effectively to successfully run the SSI ecosystem [23]. in their IT systems about their patients. They can relate their Finally, gaining trust from users’ is a key for this initiative. patients’ medical records with their pseudonymous SSI digital Users’ questions around data privacy, security, and usability identifier and also get consent from the patients directly for of this new model must be addressed for both technical and accessing the records. Healthcare interoperability focuses on non-technical users. If users don’t believe in this initiative, then securely accessing and exchanging information across different the turnout will be very low and lead to the failure of the initia- information systems, devices, and applications among provider tive. Developing user friendly applications and SSI-friendly organizations to improve health care and provide timely care services are key for the success of this initiative. for the patients. The Healthcare Information and Management Conclusion Systems Society (HIMSS) defines four levels of interoperability standards in which the Level 4 standard “Organizational” focus Self-Sovereign digital identity is an alternate thinking of secur- on enabling shared consent, trust and integrating end-user ing end user’s information in the highly vulnerable cyberspace. processes and workflows in the interoperability transactions. A It is in the early form/nascent stages of development and sustainable SSI ecosystem can support this standard and enable supported by several leading organizations around the world. It the interoperability to become more secure by giving control of is a firm belief that users must gain direct control of their infor- users’ medical records sharing decisions to the patients’ or their mation and not be bound by the terms and conditions of the authorized decision makers. [22][23] service providers, in order to guarantee the privacy and secu- Government services & Financial sectors – Knowing the rity of their data. With SSI adopting this as one of core guiding customers is an essential factor for offering government principles, it boldly attempts to solve the problems around services to the beneficiaries of any country. This is applicable identity theft and fraud and reduce the risks of data breaches. for financial organizations such as banks, insurance, lenders etc. With the successful adoption it benefits every industry sector, SSI solutions support these sectors directly by ensuring authen- reduces costs around digital identity and access management ticity of the users and therefore help in preventing fraud. The and improves end user satisfaction thus it is a need of the hour Education sector can greatly benefit by SSI ecosystem involving in the cyber security space. smart contracts and blockchain network to issue, manage, veri- fy, and validate digital diplomas which will replace the manual paper process and improve the efficiency of the process. There are several countries who has already ventured in to issuing national ID to their citizens, India’s Aadhaar initiative, Esto-

18 – ISSA Journal | May 2021 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan

About the Author soft.com/en-us/previous-versions/dotnet/articles/ ms996456(v=msdn.10)?redirectedfrom=MSDN The author Seetharaman Jeganathan has 18 years of experience in IT, Security Consulting, and Project Management. He is an 12. Reed, D., & Preukschat, A. (n.d.). Retrieved from https://www. ISC2 Certified Information Systems and Security Professional manning.com/books/self-sovereign-identity (CISSP), ISACA Certified Information Security Manager (CISM) 13. [13] A Primer for Decentralized Identifiers. (2020, December and Cloud Security Alliance Certified Cloud Security Knowledge 29). Retrieved January 18, 2021, from https://w3c-ccg.github. (CCSK v4). He focuses on information systems Risk Assessments, io/did-primer/ Identity and Access Management (IAM), Privileged Account 14. [14]Introducing the Trust Over IP Foundation. (2020, May Management (PAM), Application Security, DevSecOps, Security 5). Retrieved January 18, 2021, from https://trustoverip. Engineering and Cloud Security consulting to his clients. org/wp-content/uploads/sites/98/2020/05/toip_introduc- References tion_050520.pdf 1. Aten, J. (2019, November 19). Google Says 66% of Americans 15. Y. Liu, Q. Lu, H. -Y. Paik, X. Xu, S. Chen and L. Zhu, “Design Still Do This 1 Thing That Puts Their Personal Information at a Pattern as a Service for Blockchain-Based Self-Sovereign Iden- Huge Risk. Here’s How Google Wants to Help. Retrieved Janu- tity,” in IEEE Software, vol. 37, no. 5, pp. 30-36, Sept.-Oct. 2020, ary 17, 2021, from https://theharrispoll.com/google-says-66- doi: 10.1109/MS.2020.2992783. of-americans-still-do-this-1-thing-that-puts-their-personal- 16. Grassi, P., Fenton, J., Lefkovitz, N., Danker, J., Choong, Y., information-at-a-huge-risk-heres-how-google-wants-to-help/ Greene, K., & Theofanos, M. (2017, June). Digital Identity 2. Nakamoto, S. (2008, October 31). Bitcoin: A Peer-to-Peer Elec- Guidelines Enrollment and Identity Proofing Require- tronic Cash System. Retrieved August 29, 2020, from https:// ments. Retrieved from https://pages.nist.gov/800-63-3/ bitcoin.org/bitcoin.pdf sp800-63a.html 3. Moshiri, S. (2019). Token economy how blockchains and smart 17. Grassi, P., Fenton, J., Newton, E., Perlner, R., Regenscheid, A., contracts revolutionize the economy. Berlin: Blockchain HUB. Burr, W., . . . Theofanos, M. (2017, June). Digital Identity Guide- lines Authentication and Lifecycle Management. Retrieved 4. Voshmgir, S., & Kalinov, V. (2017, September 30). Blockchain A from https://pages.nist.gov/800-63-3/sp800-63b.html Beginners Guide. Retrieved December 30, 2020, from https:// s3.eu-west-2.amazonaws.com/blockchainhub.media/Block- 18. Grassi, P., Richer, J., Squire, S., Fenton, J., Nadeau, E., Lefkovitz, chain+Technology+Handbook.pdf N., . . . Theofanos, M. (2017, June). Digital Identity Guidelines Federation and Assertions. Retrieved February 27, 2021, from 5. D. Yaga, P. Mell, N. Roby, and K. Scarfone, “Blockchain tech- https://pages.nist.gov/800-63-3/sp800-63c.html nology overview”, Draft NISTIR 8202, National Institute of Standards and Technology, 2018 [Online]. Available: https:// 19. Schwartz, M., & Machulak, M. (2018). Securing the Perimeter: csrc.nist.gov/CSRC/media/Publications/nistir/8202/draft/ Deploying Identity and Access Management with Free Open documents/nistir8202-draft.pdf Source Software. Berkeley, CA: Apress. 6. Wilczyński, A., & Widłak, A. (2019). Blockchain networks - 20. Pimenta, F., Teixeira, C., & Pinto, J. (n.d.). Globalid: Feder- security aspects and consensus models. Journal of Telecommu- ated identity provider associated with national citizen’s card. nications and Information Technology, (2), 46-52. doi:http:// Retrieved February 28, 2021, from https://www.infona.pl/ dx.doi.org.proxy.cecybrary.com/10.26636/jtit.2019.132019 resource/bwmeta1.element.ieee-art-000005556694 7. Lastovetska, A. (2018, January 03). Blockchain 21. ForgeRock consumer identity Breach Report: U.s. BREACH- architecture explained: How it works & how ES cost over $1.8 Trillion; more THAN 7.8 billion records to build. Retrieved from https://mlsdev.com/ exposed over last two years. (2020, June 03). Retrieved from blog/156-how-to-build-your-own-blockchain-architecture https://www.forgerock.com/about-us/press-releases/forg- erock-consumer-identity-breach-report-us-breaches-cost- 8. Park, J. H., & Park, J. H. (2017). Blockchain security in cloud over-18-trillion computing: Use cases, challenges, and solutions. Symmetry, 9(8), 164. doi:http://dx.doi.org.proxy.cecybrary.com/10.3390/ 22. Epalm. (2021, February 24). Interoperability in health- sym9080164 care. Retrieved from https://www.himss.org/resources/ interoperability-healthcare 9. Allen, C. (2016, April 25). The Path to Self-Sovereign Iden- tity. Retrieved January 12, 2021, from http://www.lifewith- 23. López, M. A. (n.d.). The Future of Identity: Self-Sovereignity, alacrity.com/previous/2016/04/the-path-to-self-sovere- Digital Wallets, and Blockchain. Retrieved from https://publi- reign-identity.html cations.iadb.org/publications/english/document/Self-Sover- eign-Identity-The-Future-of-Identity-Self-Sovereignity-Digi- 10. Tobin, A., & Reed, D. (2017, March 28). The Inevitable tal-Wallets-and-Blockchain.pdf Rise of Self-Sovereign Identity. Retrieved from https:// sovrin.org/wp-content/uploads/2018/03/The-Inevita- ble-Rise-of-Self-Sovereign-Identity.pdf 11. Cameron, K. (2005, May). The Laws of Identity. Retrieved January 14, 2021, from https://docs.micro-

May 2021 | ISSA Journal – 19