Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2021.11.11.066

A Model for Self-Authentication Based on Decentralized Identifier  

Kim, Ho-Yoon (Dept. of Computers & Media Engineering, Tongmyong University)
Han, Kun-Hee (Division of Computer Engineering, Baekseok University)
Shin, Seung-Soo (Dept. of Software Convergence Security, Tongmyong University)
Publication Information
Journal of Convergence for Information Technology / v.11, no.11, 2021 , pp. 66-74 More about this Journal
Abstract
With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.
Keywords
Blockchain; Public Key Infrastructure; Decentralized Identifier; Authentication; Identity card;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. Fang, C. Yan & C. Yan. (2009). Centralized Identity Authentication Research Based on Management Application Platform. First International Conference on Information Science and Engineering, 2292-2295.
2 D. Choi, S. Jin & H. Yoon. (2007). Trust Management for User-Centric Identity Management on the Internet. IEEE International Symposium on Consumer Electronics, 1-4.
3 W. Li & C. J. Mitchell. (2020). User Access Privacy in OAuth 2.0 and OpenID Connect. IEEE EuroS&PW. DOI : 10.1109/eurospw51379.2020.00095   DOI
4 Y. Kortesniemi, D. Lagutin, T. Elo & N. Fotiou (2019). Improving the Privacy of IoT with Decentralised Identifiers (DIDs). Journal of Computer Networks and Communications, 1-10. DOI : 10.1155/2019/8706760   DOI
5 What is self-sovereign identity. (2018). Sovrin. (Online). https://sovrin.org/faq/what-is-self-sovereign-identity
6 Sovrin Protocol and Token White Paper. (2018). Sovrin. (Online). https://sovrin.org/wp-content/uploads/Sovrin-Protocol-and-Token-White-Paper.pdf
7 W. Y. Hwang & H. K. Kim. (2020). A Study on Implementation of BlockChain Voting System using Hyperledger Fabric. Korea Information Electron Communication Technology, 13(4), 298-305.
8 C. Brunner, U. Gallersdorfer, F. Knirsch, D. Engel & F. Matthes. (2020). DID and VC: Untangling Decentralized Identifiers and Verifiable Credntials for the Web of Trust. International Conference on Blockchain Technology and Applications (ICBTA 2020), 61-66. DOI : 10.1145/3446983.3446992   DOI
9 M. H. Rhie, K. H. Kim, D. Y. Hwang & K. H. Kim. (2021). Vulnerability Analysis of DID Document's Updating Process in the Decentralized Identifier Systems. 2021 International Conference on Information Networking (ICOIN), 517-520. DOI : 10.1109/icoin50884.2021.9334011   DOI
10 M. Chisholm. (2018). California Consumer Privacy Act of 2018 vs. GDPR. (Online). https://www.firstsanfranciscopartners.com/blog/california-consumer-privacy-act-of-2018-vs-gdpr
11 GDPR. (2018). General Data Protection Regulation. (Online). https://gdpr.eu/tag/gdpr/
12 L. Determann. (2018). Analysis: The California Consumer Privacy Act of 2018. (Online). https://iapp.org/news/a/analysis-the-california-consumer-privacy-act-of-2018/
13 J. K. Lee. (2020). Hyperledger Fabric Configuration and Channel Development Case Study for Google Cloud-based Distributed Ledger Processing. Korean Association Of Computers And Accounting, 18(1), 19-39.
14 Decentralized identity Foundation. (2019). DIF. (Online). https://identity.foundation
15 W3C DID WG. (2019). W3C. (Online). https://www.w3.org/2019/did-wg
16 S. R. Cho, Y. S. Cho & S. H. Kim. (2016). Introduction to FIDO 2.0 Universal Certification Technology. Korea Institute Of Information Security And Cryptology, 26(2), 14-19.
17 L. Determann. (2018). California Privacy Law : Practical Guide and Commentary U.U. Federal and California Law. International Association of Privacy Professionals (IAPP). (Online). https://iapp.org/media/pdf/publications/IAPP-California-Privacy-Law-2018-SAMPLE.pdf