Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

Secure De-identification and Data Sovereignty Management of Decentralized SSI using Restructured ZKP

재구성된 영지식 증명을 활용한 탈중앙형 자기 주권 신원의 안전한 비식별화 및 데이터 주권 관리

  • Cho, Kang-Woo (Dept. of Information Security, Pukyong National University) ;
  • Jeon, Mi-Hyeon (Dept. of Information Security, Pukyong National University) ;
  • Shin, Sang Uk (Dept. of IT Convergence and Application Eng., Pukyong National University)
  • 조강우 (부경대학교 정보보호학과) ;
  • 전미현 (부경대학교 정보보호학과) ;
  • 신상욱 (부경대학교 IT융합응용공학과)
  • Received : 2021.05.10
  • Accepted : 2021.08.20
  • Published : 2021.08.28
Download PDF
⟨ Previous Next ⟩

Abstract

Decentralized SSI(Self Sovereign Identity) has become an alternative to a new digital identity solution, but an efficient de-identification technique has not been proposed due to the unique algorithmic characteristics of data transactions. In this study, to ensure the decentralized operation of SSI, we propose a de-identification technique that does not remove identifiers by restructuring the verification results of ZKP (Zero Knowledge Proof) into a form that can be provided to the outside by the verifier. In addition, it is possible to provide restructured de-identification data without the consent of data subject by proposing the concept of differential sovereignty management for each entity participating in verification. As a result, the proposed model satisfies the domestic personal information protection law in a decnetralized SSI, in addition provides secure and efficient de-identification processing and sovereignty management.

탈중앙형 SSI(Self Sovereign Identity)가 새로운 디지털 신원 식별 기술의 대안으로 등장하였으나 이는 데이터 거래의 고유 알고리즘 특성으로 인해 효율적인 비식별화 기법이 제안되지 않았다. 본 논문에서는 SSI의 탈중앙형 동작을 보장하기 위해 ZKP(Zero Knowledge Proof)의 검증 결과를 검증인 측에서 외부에 제공 가능한 형태로 재구성함으로써 식별자를 제거하지 않는 비식별 기술을 제안한다. 또한, 이는 검증 참여 각 개체에 대한 차등 주권 관리 개념을 제안하는 것으로 재구성된 비식별 데이터를 정보주체의 동의 없이 제공할 수 있다. 결과적으로 제안 모델은 탈중앙형 SSI 환경에서 국내 개인정보보호법을 만족하고, 안전하며 효율적인 비식별 처리 및 주권 관리를 제공한다.

Keywords

Acknowledgement

This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education (No. 2019R1I1A3A01060652), and a part of the project titled 'Future fisheries food research center', funded by the Ministry of Oceans and Fisheries, Korea.

References

  1. C. Bruner, U. Gallersdorfer, F. Knirsch & D. Engel, F. Matthes, (2020) DID and VC : Untangling Decentralized Identifiers and Verifiable Credentials for the Web of Trust. en-trust, 01-06. DOI : 10.1145/3446983.3446992
  2. Ministry of Science and ICT. (2021). Digital Signature Act (Online). https://law.go.kr/LSW/eng/engLsSc.do?menuId=2§ion=lawNm&query=%EC%A0%84%EC%9E%90%EC%84%9C%EB%AA%85%EB%B2%95&x=0&y=0#liBgcolor0
  3. A Muhle, A Gruner, T. Gayvoronskaya & C. Meinel. (2020) A survey on essential components of a self-sovereign identity, Elsevier Computer Science Review. 30, 80-85. DOI : 10.1016/j.cosrev.2018.10.002
  4. Y. Liu, D. He, M. S. Obaidat, N. Kumar, M. K. Khan & K. K. R. Choo. (2020). Blockchain-based identity management systems : A review. Journal of Network and Computer Applications. 166(102731). 01-11. DOI : 10.1016/j.jnca.2020.102731
  5. A. Tobin & D. Reed. (2016). The inevitable rise of self-sovereign identity. The Sovrin Foundation.
  6. Q. Stokkink & J. Pouwelse. (2018). Deployment of a Blockchain-Based Self-Sovereign Identity. 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, 1336-1342. DOI : 10.1109/Cybermatics_2018.2018.00230
  7. J. S. Kim. (2020). Research on the Use of Pseudonym Data - Focusing on Technical Processing Methods and Corporate Utilization Directions -. Journal of The Korea Institute of Information Security & Cryptography, 30(2), 253-262. DOI : 10.13089/JKIISC.2020.30.2.253
  8. Personal Information Protection Committee, (2020). Enforcement Decree of the Personal Information Protection Act (Online). https://law.go.kr/LSW/eng/engLsSc.do?menuId=2§ion=lawNm&query=%EA%B0%9C%EC%9D%B8%EC%A0%95%EB%B3%B4%EB%B3%B4%ED%98%B8%EB%B2%95&x=0&y=0#liBgcolor0
  9. H. S. Lee & J. H. Song. (2016). A Research on De-identification Technique for Personal Identifiable Information. Seongnam : Software Policy Research Institute(SPRi).
  10. Council of the European Union. (2016) Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation).
  11. S. Wachter. (2018). Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR. Computer Law & Security Review. 103(1), 5-8. DOI : 10.1016/j.clsr.2018.02.002
  12. G. Kondova & J. Erbguth. (2020). Self-sovereign identity on public blockchains and the GDPR. 35th Annual ACM Symposium on Applied Computing. 342-345. DOI : 10.1145/3341105.3374066
  13. J. B. Lee. (2018). A study on the Implications of Japanese Personal Information Protection Legislation and Improvement of Korean Legislation in the GDPR Era. KANGWON LAW REVIEW 55. Chuncheon : Institute of Comparative Legal Studies. DOI : 10.18215/kwlr.2018.55..95
  14. P. Windley & D. Reed. (2018). SOVRINTM : A Protocol and Token for Self-Sovereign Identity and Decentralized Trust. The Sovrin Foundation.
  15. C. Lundvist, R. Heck, J. Torstensson, Z. Mitton & M. Sena. (2017). Uport: A platform for self-sovereign identity draft version. Delft : Blockchain Lab, 21 Feb, 2017.
  16. C. Fei, J. Lohkamp, E. Rusu, K. Szawan & K. Wangner, (2018). Jolocom: Self-sovereign and decentralised identity by design. White paper.
  17. J. Roos. (2018). Identity Management on the Blockchain, Seminar Innovation Internet Technologies and Services Departments of Informatics. Munich : Technical University of Munich.
  18. D. Reed, M. Sporny & M. Sabadello, (2020) Decentralized Identifiers (DIDs) v1.0. W3C Working Draft (Online). https://www.w3.org/TR/did-core/
  19. M. Sporny, G. Noble, D. Longley, D. C. Burnett & B. Zundel. (2019). Verifiable Credential Data Model 1.0. W3C Editor's Draft (Online). https://www.w3.org/TR/vc-data-model/
  20. S. Goldwasser, S. Micali & C. Rackoff. (1989). The Knowledge Complexity of Interactive Proof Systems, SIAM Journal on computing 18(1). 186-208. DOI : 10.1137/0218012
  21. M. Blum, P. Feldman & S. Micali. (2019). Non-interactive zero-knowledge and its applications. Providing Sound Foundations for Cryptography: On the work of Shafi Goldwasser and Silvio Micali. 329-349. DOI : 10.1145/3335741.3335757
  22. A. Gabizon. (2017). Explaining SNARKs.. ELECTRONIC COIN CO. (Online), https://electriccoin.co/?s=explaining%20SNARKs%20Part%20&is_v=1
  23. P. J. Windley. (2016) How Sovrin Works. The Sovrin Foundation. (Online). https://sovrin.org/wp-content/uploads/2018/03/How-Sovrin-Works.pdf.
  24. R. Belchior, B. Putz, G. Pernul, M. Correia, A. Vasconcelos & S. Guerreiro. (2020). SSIBAC: Self-Sovereign Identity Based Access Control. IEEE. 01-09. DOI : 10.5283/epub.44043