Revocable and Offline-Verifiable Self-Sovereign Identities

Andreas Abraham, Stefan More, Christof Rabensteiner, Felix Hörandner

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Identity management systems enable users (i.e., provers) to authenticate and provide attributes to verifiers by using certified credentials obtained from an authority. To accept such a credential, verifiers require information on whether the presented credentials are still valid or if they have been revoked. Up-to-date revocation information can be obtained from a revocation database; however, this requires that the verifier or prover is online. The problem becomes more interesting in the offline case when the prover (e.g., citizen) and verifier (e.g., police officer) do not have an Internet connection to query the revocation status of the presented credential (e.g., digital driver's license). In this paper, we extend the Self-Sovereign Identity (SSI) model to support both revocation as well as offline-verification. Our concept introduces attestations of validity for a point in time, which are issued by the SSI network for credentials that have not been revoked, i.e., added by authorized entities to a revocation list. The concept aims to be generic so that it can be used for various use cases, e.g., by giving users the control over the frequency of re-attestation. To show our concept's feasibility and practicality, we developed and evaluated an implementation that includes an efficient and privacy-preserving showing of credentials using noninteractive zero-knowledge proofs, all while being offline.

Originalspracheenglisch
TitelProceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
Redakteure/-innenGuojun Wang, Ryan Ko, Md Zakirul Alam Bhuiyan, Yi Pan
Seiten1020-1027
Seitenumfang8
ISBN (elektronisch)9780738143804
DOIs
PublikationsstatusVeröffentlicht - Dez. 2020
Veranstaltung19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications: TrustCom 2020 - Guangdong Hotel, Hybrider Event, Guangzhou, China
Dauer: 29 Dez. 20201 Jan. 2021
http://ieee-trustcom.org/TrustCom2020/

Publikationsreihe

NameProceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020

Konferenz

Konferenz19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
KurztitelIEEE TrustCom 2020
Land/GebietChina
OrtHybrider Event, Guangzhou
Zeitraum29/12/201/01/21
Internetadresse

ASJC Scopus subject areas

  • Software
  • Informationssysteme und -management
  • Sicherheit, Risiko, Zuverlässigkeit und Qualität
  • Computernetzwerke und -kommunikation

Dieses zitieren