SSI-AWARE: Self-sovereign Identity Authenticated Backup with Auditing by Remote Entities - Information Security Theory and Practice
Conference Papers Year : 2020

SSI-AWARE: Self-sovereign Identity Authenticated Backup with Auditing by Remote Entities

Albert Dercksen
  • Function : Author
  • PersonId : 1093948
Andreas Peter
  • Function : Author
  • PersonId : 1093949

Abstract

The self-sovereign identity (SSI) model entails the full responsibility and sovereignty of a user regarding his identity data. This identity data can contain private data which is solely known to the user. The user himself is therefore required to manage the whole lifecycle of his private data, including the backup and restore. We show that prior work on how to backup and restore the user’s identity data does not meet the requirements of the SSI setting, and we present the first solution which does meet the requirements. Authenticated backup with auditing by remote entities (AWARE) combines SSI sustaining aspects and extends them to create a truly self-sovereign backup-and-restore protocol. In AWARE, trusted, physically met humans, called custodians, hold a secure device. Custodians with a secure device offer an offline backup possibility and a secure channel. The backup and restore are audited by commits on a publicly accessible distributed ledger. These commits are answered by auditing services which are required during restore. Only some auditing services hold relevant data for a restore. The self sovereignty of the user lies in the exclusive information which auditing services hold relevant data. AWARE  is the first backup-and-restore mechanism that fully complies with the SSI model. We perform an in-depth security-risk analysis of AWARE, showing a risk rating which is comparable to the best risk rating o related non-SSI-compliant backup-and-restore mechanisms. We instantiate the AWARE protocol with cryptographic primitives providing a high security level of 256-bit. We show its implementation feasibility by providing a simulation of AWARE, and conclude with an estimated performance analysis on a microcontoller architecture based on our simulation and implementation results in the literature.
Fichier principal
Vignette du fichier
492809_1_En_13_Chapter.pdf (312.33 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03173901 , version 1 (18-03-2021)

Licence

Identifiers

Cite

Philipp Jakubeit, Albert Dercksen, Andreas Peter. SSI-AWARE: Self-sovereign Identity Authenticated Backup with Auditing by Remote Entities. 13th IFIP International Conference on Information Security Theory and Practice (WISTP), Dec 2019, Paris, France. pp.202-219, ⟨10.1007/978-3-030-41702-4_13⟩. ⟨hal-03173901⟩
128 View
46 Download

Altmetric

Share

More