Browse > Article
http://dx.doi.org/10.14400/JDC.2021.19.8.205

Secure De-identification and Data Sovereignty Management of Decentralized SSI using Restructured ZKP  

Cho, Kang-Woo (Dept. of Information Security, Pukyong National University)
Jeon, Mi-Hyeon (Dept. of Information Security, Pukyong National University)
Shin, Sang Uk (Dept. of IT Convergence and Application Eng., Pukyong National University)
Publication Information
Journal of Digital Convergence / v.19, no.8, 2021 , pp. 205-217 More about this Journal
Abstract
Decentralized SSI(Self Sovereign Identity) has become an alternative to a new digital identity solution, but an efficient de-identification technique has not been proposed due to the unique algorithmic characteristics of data transactions. In this study, to ensure the decentralized operation of SSI, we propose a de-identification technique that does not remove identifiers by restructuring the verification results of ZKP (Zero Knowledge Proof) into a form that can be provided to the outside by the verifier. In addition, it is possible to provide restructured de-identification data without the consent of data subject by proposing the concept of differential sovereignty management for each entity participating in verification. As a result, the proposed model satisfies the domestic personal information protection law in a decnetralized SSI, in addition provides secure and efficient de-identification processing and sovereignty management.
Keywords
Decentralization; Self-Sovereign Identity; Credential; De-Identification; Zero-Knowledge Proof;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Bruner, U. Gallersdorfer, F. Knirsch & D. Engel, F. Matthes, (2020) DID and VC : Untangling Decentralized Identifiers and Verifiable Credentials for the Web of Trust. en-trust, 01-06. DOI : 10.1145/3446983.3446992
2 Ministry of Science and ICT. (2021). Digital Signature Act (Online). https://law.go.kr/LSW/eng/engLsSc.do?menuId=2§ion=lawNm&query=%EC%A0%84%EC%9E%90%EC%84%9C%EB%AA%85%EB%B2%95&x=0&y=0#liBgcolor0
3 A Muhle, A Gruner, T. Gayvoronskaya & C. Meinel. (2020) A survey on essential components of a self-sovereign identity, Elsevier Computer Science Review. 30, 80-85. DOI : 10.1016/j.cosrev.2018.10.002   DOI
4 Y. Liu, D. He, M. S. Obaidat, N. Kumar, M. K. Khan & K. K. R. Choo. (2020). Blockchain-based identity management systems : A review. Journal of Network and Computer Applications. 166(102731). 01-11. DOI : 10.1016/j.jnca.2020.102731   DOI
5 D. Reed, M. Sporny & M. Sabadello, (2020) Decentralized Identifiers (DIDs) v1.0. W3C Working Draft (Online). https://www.w3.org/TR/did-core/
6 M. Sporny, G. Noble, D. Longley, D. C. Burnett & B. Zundel. (2019). Verifiable Credential Data Model 1.0. W3C Editor's Draft (Online). https://www.w3.org/TR/vc-data-model/
7 S. Goldwasser, S. Micali & C. Rackoff. (1989). The Knowledge Complexity of Interactive Proof Systems, SIAM Journal on computing 18(1). 186-208. DOI : 10.1137/0218012   DOI
8 A. Gabizon. (2017). Explaining SNARKs.. ELECTRONIC COIN CO. (Online), https://electriccoin.co/?s=explaining%20SNARKs%20Part%20&is_v=1
9 P. J. Windley. (2016) How Sovrin Works. The Sovrin Foundation. (Online). https://sovrin.org/wp-content/uploads/2018/03/How-Sovrin-Works.pdf.
10 R. Belchior, B. Putz, G. Pernul, M. Correia, A. Vasconcelos & S. Guerreiro. (2020). SSIBAC: Self-Sovereign Identity Based Access Control. IEEE. 01-09. DOI : 10.5283/epub.44043
11 A. Tobin & D. Reed. (2016). The inevitable rise of self-sovereign identity. The Sovrin Foundation.
12 M. Blum, P. Feldman & S. Micali. (2019). Non-interactive zero-knowledge and its applications. Providing Sound Foundations for Cryptography: On the work of Shafi Goldwasser and Silvio Micali. 329-349. DOI : 10.1145/3335741.3335757
13 G. Kondova & J. Erbguth. (2020). Self-sovereign identity on public blockchains and the GDPR. 35th Annual ACM Symposium on Applied Computing. 342-345. DOI : 10.1145/3341105.3374066   DOI
14 P. Windley & D. Reed. (2018). SOVRINTM : A Protocol and Token for Self-Sovereign Identity and Decentralized Trust. The Sovrin Foundation.
15 J. Roos. (2018). Identity Management on the Blockchain, Seminar Innovation Internet Technologies and Services Departments of Informatics. Munich : Technical University of Munich.
16 Personal Information Protection Committee, (2020). Enforcement Decree of the Personal Information Protection Act (Online). https://law.go.kr/LSW/eng/engLsSc.do?menuId=2§ion=lawNm&query=%EA%B0%9C%EC%9D%B8%EC%A0%95%EB%B3%B4%EB%B3%B4%ED%98%B8%EB%B2%95&x=0&y=0#liBgcolor0
17 Q. Stokkink & J. Pouwelse. (2018). Deployment of a Blockchain-Based Self-Sovereign Identity. 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, 1336-1342. DOI : 10.1109/Cybermatics_2018.2018.00230   DOI
18 H. S. Lee & J. H. Song. (2016). A Research on De-identification Technique for Personal Identifiable Information. Seongnam : Software Policy Research Institute(SPRi).
19 Council of the European Union. (2016) Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation).
20 S. Wachter. (2018). Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR. Computer Law & Security Review. 103(1), 5-8. DOI : 10.1016/j.clsr.2018.02.002   DOI
21 J. B. Lee. (2018). A study on the Implications of Japanese Personal Information Protection Legislation and Improvement of Korean Legislation in the GDPR Era. KANGWON LAW REVIEW 55. Chuncheon : Institute of Comparative Legal Studies. DOI : 10.18215/kwlr.2018.55..95
22 C. Lundvist, R. Heck, J. Torstensson, Z. Mitton & M. Sena. (2017). Uport: A platform for self-sovereign identity draft version. Delft : Blockchain Lab, 21 Feb, 2017.
23 C. Fei, J. Lohkamp, E. Rusu, K. Szawan & K. Wangner, (2018). Jolocom: Self-sovereign and decentralised identity by design. White paper.
24 J. S. Kim. (2020). Research on the Use of Pseudonym Data - Focusing on Technical Processing Methods and Corporate Utilization Directions -. Journal of The Korea Institute of Information Security & Cryptography, 30(2), 253-262. DOI : 10.13089/JKIISC.2020.30.2.253   DOI