Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges By Seetharaman Jeganathan [email protected] www.linkedin.com/in/seetharaman-jeganathan-56418b45/ Self-Sovereign Digital Identity (SSI) is a modern business and technology phenomenon. This article looks at some of the and opportunities it offers as well as the challenges it presents. Abstract a peer-to-peer (P2P) network. The backbone of the P2P network described in the original bitcoin publication is a “Distributed elf-Sovereign Digital Identity (SSI) is a modern business Ledger Technology (DLT)” network commonly referred as and technology phenomenon focusing on enabling indi- Blockchain network. Blockchain is presently viewed as the next viduals (personas) to own, control, and safeguard their generation of the Internet and is also referred to as a Decen- Sdigital identity in the online/cyber space. Verifying and vali- tralized Web or the Web3. It is a decentralized database that dating an individual’s online identity is more important now, handles a growing number of digital transactions which are more than ever, in order to conduct business online securely, cryptographically secured for data confidentiality and integrity. and to comply with the legal and regulatory requirements of It removes the need for a third party, or middleman, to validate any industry. Due to widespread digital adoption and transfor- the transactions in the network. Instead, these transactions are mation, technology has been a significant part of many people validated by the P2P network participants and stored in the in their daily life. While it simplifies personal and business ledger network as individual blocks. [2][3] work, trust however, is still a big question and it costs millions during data breaches. Regardless of many advancements in The rules that govern the validation process are formed based the information technology and security areas, individuals on the consensus methods of blockchain network and provides are still victimized by identity theft and data breaches. Identity economic incentives (aka. Game Theory) to the participants for theft and data breaches have consequences for several years of the efforts spent on the work (Proof of Work - PoW consensus a users’ life. According to a Google and Harris Poll study, an model) to process the submitted transactions in the network. average person in the US has a minimum of 27 online accounts In order to get a transaction approved, it must be validated and that require passwords. Almost 66% of the survey participants consensus must be arrived among all or majority of the partic- said they reuse their password for their online-banking, email ipants to successfully commit the transaction in the network. account, and social media sites, which makes them directly For example, in Bitcoin network, these participants are called vulnerable to multiple security threats related to passwords. as “miners” who put in work and play by the rules defined by [1] In this paper, the author is contemplating a user-centric the network governing entity and get rewarded for successfully approach for enhancing security of users’ digital identity and mining (validating) the bitcoin (blocks/transactions). [2][3] minimize the risks from identity theft and other frauds. Blockchain Networks – Architecture Blockchain Networks With the introduction so far, we can summarize that the Block- chain network building blocks consist of a layered architecture Blockchain Networks – Introduction as given in the diagram below (Figure 1) Blockchain came to light after Bitcoin specifications were first published. Bitcoin inspired a foundational transformation in the electronic payments processing system by introducing a cryptocurrency model. It changed the method of transactions from a third-party trust model to a user-centric trust model on 10 – ISSA Journal | May 2021 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan Block Header Block number • Block number • List of transactions • Previous block header’s (tx0, tx1, … txn) hash value • Other data specific to the • Hash of the current block network (Merkle Tree Hash Value) • Timestamp • Size of the block • Nonce value – This is used to solve the hash puzzle for networks that uses mining to attain consen- sus. (Ex. Bitcoin) Table 1 – Block Header and Data Contents [5][6] Figure 1 - Blockchain Layered Architecture (Inspired by Florian Glatz) [3] Figure 3 below summarizes how the blockchain works starting Blockchain networks are broadly categorized as private, public from initiating the transaction and up until it is committed in and permissioned models. A private blockchain network is the network. owned by a company or a group, who controls the nodes and data in the network. A public blockchain network is permis- sionless, open for public users for reading and updating data in the network. Bitcoin and Litecoin are popular examples of this model. In a permissioned blockchain network, a group or consortium acts as a privileged body and authorizes users to perform allowed operations on their data and nodes. R3 Corda for banks and Energy Web Foundation (EWF) are popular networks of this model. [4] Figure 2 below is a sample block chain distributed network architecture. There is no central authority which controls the nodes in the network but the gover- nance rules are established for ensuring a proper functioning of the network. It is possible to add nodes in the network at any Figure 3 – How Blockchain Works (Inspired by Anastasiia Lastovetska) [7] point of time and it makes the whole network very scalable and Blockchain Networks – Security dynamic. It consists of nodes which are tasked to confirm the transactions i.e., establishing consensus and there are mining Each block data is encrypted by cryptographic methods specific nodes which are responsible for adding the consented blocks to the blockchain networks. Usually these include Symmetric (transactions) into the network. and Asymmetric cryptography in addition to the digital signa- tures and hashing algorithms. Each block is hashed and a digest ID is created for the block and attached with it. Any chang- es with the block will invalidate the hash already generated, this ensures immutability of the block. The Merkle tree hash represented below in Figure 4 is an important component of the block; it is a data structure where each data in the block is hashed and combined to derive a singular root hash and appended in the block. Figure 2 – Blockchain Distributed Ledger Network [5][6] Blockchain network users can submit their transactions via the required tools and technologies (applications, digital wallet, APIs etc.) These transactions are sent to one or more confirm- ing nodes and wait in the queue for processing by the mining nodes. Every blockchain network defines its specifications for the blocks in their network but at a high-level, a block contains a block header and block data as represented in the table below Figure 4 – Merkle Tree Hash Algorithm [5][6] (Table 1). May 2021 | ISSA Journal – 11 Self-Sovereign Digital Identity Leveraging Blockchain Networks – Opportunities and Challenges| Seetharaman Jeganathan Blocks are linked together to form the blockchain, where each Category Security Threats block has the hashed value of the previous block’s header. Thus, Settlement of Blockchain “51% Attack” which enables an if any previously published block changes, then its hash value attacker to gain control of the will change, and this will in turn, affect all the subsequent network and inject falsified blocks. This characteristic of the blockchain provides a tamper transactions. resistant environment and make it easily possible to detect the Table 2 – Blockchain Networks – High-level security threats [6][7][8] changes. In Figure 5 below, a blockchain is shown explicitly as Blockchain Networks – Consensus models a chain of blocks for understanding. Consensus models are critical elements of a blockchain network; they determine how users can publish the next block in the network. In permissionless blockchain networks such as bitcoin, there are multiple publishing nodes (users) who are working to validate the transaction and publish the block in the network. This is with the aim of getting a reward in the form of crypto currency for the effort that they put in to validate the transaction. It is essential to understand that there is no trusted third party in permissionless blockchain networks to provide consent, hence it is done by the peer publishing users based on the rules established to validate the work. This process gets Figure 5 – Blockchain – Chain of blocks [5][6] challenging in permissionless networks as users are competing against each other and can claim the work of others. Therefore, Most of the popular blockchain networks leverages asymmetric it is also essential to have conflict resolution rules to choose or public key cryptography model for data security (encryp- the winner. However, in a permissioned network this process tion and decryption), digital-signature based authentication, is more streamlined since there is a governing party that over- integrity and non-repudiation for validating and committing sees these users and makes the judgement call. [6][7][8] Table transactions in the network. [5][6] Even though blockchain 3 below provides a snapshot of possible consensus models that transactions are tamper resistant, it is important to understand