Vol-2599/paper5
Jump to navigation
Jump to search
Paper
Paper | |
---|---|
edit | |
description | |
id | Vol-2599/paper5 |
wikidataid | →Q117337714 |
title | |
pdfUrl | https://ceur-ws.org/Vol-2599/paper5.pdf |
dblpUrl | https://dblp.org/rec/conf/semweb/HamerTNT19 |
volume | Vol-2599→Vol-2599 |
session | → |
Private Digital Identity on Blockchain
Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu College of Engineering and Computer Science, The Australian National University, Canberra ACT 0200, Australia tomhamer@live.com, kerry.taylor@anu.edu.au, keesiong.ng@anu.edu.au alwen.tiu@anu.edu.au Abstract. For many identification systems, including those in govern- ment, finance and healthcare, it is critical that at most one identity exists for each human individual within a given system. Many existing approaches identify individuals through an exchange of verifiable docu- ments attesting to basic identification information. However, the same basic information is collected for identification in almost every system, meaning that persons are linkable across different identity systems and are not in control of how their identity is used. We propose Unique Self- Sovereign Identity, (USI), combining Cancelable Biometrics [6] and W3C Verifiable Claims [8] to achieve privacy preserving and non-linkable iden- tification, with guarantees against double enrolment with any system. Because our protocol is based on biometrics, it permits individuals to enrol without official identification documents. Our protocol can be used in a wide range of situations, offering data security for large organisa- tions, access to basic services for over one billion people who lack official identifying documents, and personal identity control for all individuals. Keywords: Verifiable Claims · Blockchain · Cancelable Biometrics · Homomorphic Signature 1 Introduction 1.1 Motivation One fundamental aspect of many human identification systems is that for each individual, no more than one identity exists [1]. This is often due to an unfair advantage that can be gained by a malicious individual having two identities, for example, they may be able to fraudulently access additional credit at a bank [2]. However, preventing malicious double enrolment is difficult. Many exist- ing approaches uniquely identify individuals through an exchange of verifiable documents and basic identification information [3]. However, these traditional identification methods have a number of fundamental drawbacks: 1. Through organisations storing basic identity attributes such as name, birthdate and address, individuals can be linked across multiple independent uses of their identity, without consent. 2. When organisations requiring identity verification store a large amount of information about each individual for identification purposes, it makes the Copyright c 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). �2 Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu system vulnerable to attacks, as it is easy for a hacker who obtains access to the internal records to learn many details about each individual. Worse still, basic attributes such as address cannot easily be cancelled or changed and so a fresh identity is very hard to establish. 3. Over 1 billion individuals worldwide lack a form of officially recognised identity such as a passport [4], which makes it very difficult to enrol with service providers–such as banks, which need to uniquely identify individuals. We propose a decentralised, privacy-preserving identity system which can identify individuals through a bijective mapping from individuals to identifiers used in a specific organisational context. It is designed to give individuals con- trol over their own identity and shared information but to give organisations a guarantee of uniqueness. To our knowledge, such a privacy preserving biometric identification system does not exist in the literature. 1.2 Related Work Biometrics are a useful tool in identification of individuals because biometric signatures, such as fingerprints, are unique to each human [5]. Further, they do not depend on an individual needing to hold official identity documents. Cance- lable biometrics have been created as a method to protect biometric signatures; rather than storing the full biometric in identification databases, biometrics are non-invertibly transformed to obfuscate the original biometric signature [6], and only the obfuscated version is stored. However, one problem with current can- celable biometric protocols is that the individual must trust the organisation receiving their biometric signature to correctly transform and securely manage the biometric signatures. Homomorphic signatures allow a verifier to prove that a calculation has been done correctly without having to access the underlying data [7]. We propose utilising homomorphic signatures as a proof mechanism to allow the individ- ual to obfuscate their own biometric signature on their personal device through applying a specific non-invertable transformation that is requested by the organ- isation wanting to identify the individual. The authors are unaware of previous research proposing the use of homomorphic signatures to prove the validity of cancelable biometrics. For the first time, we propose that the combination of these techniques enables self-sovereign identity. The W3C, an international standards organization, has introduced Distributed Identifiers (DIDs) and Verifiable Claims. DIDs are linked to DID documents, which store mechanisms used to authenticate the DID, service endpoints, and other claims [8]. Using DIDs, the W3C aims to create a standard for individuals and organizations to control their own identity. W3C Verifiable Claims are a mechanism to express credentials on the Web in way that is cryptographically secure, privacy respecting, and machine-verifiable [9]. The Sovrin foundation has used DID and Verifiable claims to create a Blockchain based Identity System [10], which enables distributed management of public keys and revocation of verifi- able claims. Similarly, we propose to facilitate transfer of obfuscated biometrics using Blockchain-based verifiable claims. � Private Digital Identity on Blockchain 3 Self-sovereign identity can be defined as “the concept of individuals or or- ganizations having sole ownership of their digital and analogue identities, and control over how their personal data is shared and used” [11]. A number of or- ganisations including The Sovrin Foundation [10], Civic Ledger [13] and uPort [14] have recently launched of self-sovereign identity protocols. The Sovrin Foun- dation has been involved in the development of ID2020 which aims to create an open and human-centric approach to identity [12]. They suggest benefits includ- ing no physical papers and the convenience of biometric authentication. Other attempts, such as Civic ledger’s solution, depend on the individual holding of- ficial identity documents such as passports to enrol with their system, which is problematic for displaced persons and others. No self-sovereign identity schemes are currently available which offer non- linkability of individually-controlled identities. Where existing protocols offer the capacity to use biometric signatures, they do not allow individuals to non- invertably transform their biometric signature before it is sent, and therefore do not protect the privacy of personal biometrics. We propose the concept of Unique Self-Sovereign Identity, or USI. USI means that an individual can have at most one identity in a particular context, but iden- tities cannot be linked between contexts without permission from the individual. Therefore, individuals can be uniquely identified but still have control over their personal identifying data. 2 Solution Sketch 2.1 Our USI protocol We define three key roles: Individual: a human who wants to be identified by a Service Provider. Service Provider: an organisation requiring its individual users to complete identity verification for access to services. The service provider commits to re- quiring a specific variety of biometric for all of its users. Trusted Organisation: an organisation within the trust network of both a service provider and an individual. Service providers trust these organisations to ensure that the biometric signatures are accurate and individuals trust these organisations to destroy their biometric signature immediately after use. Trusted organisations maintain public keys for each variety of biometric signature they sign, meaning that service providers are able to verify that the biometric signa- ture is of the variety they require. In our protocol, each individual is identified for each service provider by a cancelable (non-invertibly transformed) version of their biometric signature. To achieve this non-invertibility, we use a Partial Discrete Fourier Transform for non-linkable biometrics [6]. We extend existing cancelable biometric schemes so that the service provider never has access to the complete biometric signa- ture of each individual. To enable this, we use fully homomorphic signatures [7] to prove the validity and correctness of a biometric signature which is already �4 Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu Fig. 1: Our USI Protocol showing the interactions between an Individual repre- sented by a User Device, a Trusted Organisation, and several Service Providers non-invertibly transformed by the individual before it is sent. Finally, the solu- tion uses a Blockchain W3C standard Verifiable claims system [10], where our homomorphic signature acts as the proof mechanism, meaning that individual biometric signatures can be revoked when needed, and requiring that the pub- lic key of the Trusted Organisation is publicly available. Our protocol does not address authentication, that can employ conventional means such as username and password. Our protocol is as follows (see figure 1). 1. The individual enrols for an identity with a trusted organisation C of their choice (see Algorithm 1). C collects finger print and vein scans, ensuring that the biometrics are collected accurately and are truly the biometrics of the individual. The assurance process will be determined by C’s own policy, but will probably include human supervision. The individual stores the biometrics together with a corresponding signature which is provided by C. C must not store the biometrics–and is trusted not to by the individual. C has its pub- lic key available on the Blockchain Verifiable Claims system. C adds required randomly generated public parameters for homomorphic signature verification to the ledger, and adds the signature for the biometric to a public revocation register, attesting to the validity of the biometric. 2. The individual wants to enrol with a service provider Bi and Bi requires proof that they have not enrolled previously with Bi . To check, Bi requests an P-DFT transform [6] with the trusted organisation’s specific parameters, from the individual. These parameters are derived using the public key of Bi and are therefore not used by any other organisation requiring identity verification. � Private Digital Identity on Blockchain 5 The individual computes the result of the transformation and sends it to Bi , with a fully homomorphic signature under that P-DFT, along with the name of trusted organisation C for lookup in the Blockchain Verifiable Claims Public Key register. Verifying that the calculation was done correctly does not require the individual to send the initial signature from C or the individual’s raw biometric. 3. Service provider Bi looks up trusted organisation C’s public key on-chain and verifies the homomorphic signature against the transformed biometrics sent by the individual, the public parameters, and the public key of C (see Algorithm 2). If it holds as valid, and the proof of non-revocation holds, then Bi checks all current biometric vectors in its database for any vectors within a thresholded similarity of the provided biometric. If it finds no matches, then Bi has verified that the individual has not previously enrolled. Algorithm 1 Trusted Organisation Creates Verifiable Claim for Individual to Store 1: procedure VCgen(pk,device) 2: bV ec ← retrieve(device) //retrieve processed biometric vector for individual from trusted organisation’s external device 3: l ← length of bVec 4: V ← randomly generate l public parameters 5: x ← Signsk (bVec)//trusted organisation homomorphically signs the biometric vector using its secret key 6: writeToChain(V) //write the public parameters V onto the Blockchain 7: claim ← generate a verifiable claim from trusted organisation’s metadata [9] 8: claim.proof ← generate a proof property from signature x 9: addToNonRevocationRegister(claim) //add the claim to a public non- revocation register 10: cleanup() //critically, trusted organisation must delete bVec, the user’s raw biometric vector 11: return claim 2.2 Features of our USI System Self-sovereignty: The identity holder has complete control over storage and use of their identity. This is provided through the use of verifiable claims, and the homomorphic proof mechanism, which allows individuals to reliably store their own biometric signature [9],[7]. Privacy and Non-linkability: The verifier, who receives a non-invertibly trans- formed version of the biometric is unable to reverse the transformation and discover the individual’s actual biometric signature. Provided that the transfor- mations have different parameters, cross matching of biometrics is impossible. These privacy and non-linkability features are provided by definition through cancelable biometrics [5]. Further work is required on the non-linkability of the proof mechanism as it is in some cases possible for proofs to be linked via the �6 Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu Algorithm 2 Service Provider Enrols Individual 1: procedure AddNewUser(pi , biometricVariety, similarityThreshold ) //pi is unique to each service provider 2: claimP res ← request verifiable claim for P-DFT biometric transform from user with parameters pi 3: sig ← claimP res.proof.proof V alue // extract the transformed biometric from the claim presentation [9] 4: transbV ec ← claimP res.credentialSubject.transf ormedBiometric // extract the proof from the verifiable claim presentation [9] 5: V, pk ← retrieve(biometricVariety) //get public parameters V and trusted or- ganisation’s public key for the biometric typepk from Blockchain 6: if not validpk (V, sig, transbV ec) or isRevoked(claimPres) then 7: //if the homomorphic signature does not hold, or the claim has been revoked 8: return false 9: for transformedBiometric in database do 10: if transbV ec.isSimilar, similarityThreshold(transf ormedBiometric) then 11: return false //if a similar biometric exists already then reject. 12: addNewUserToDb(transbVec) //save transformed biometric 13: return true //success public parameters. This issue may be rectified either through Gorbunov’s multi- data signing scheme [7] or by having the trusted organisation issue a number of public parameters to each individual, and each one could be used to establish an unlinkable identity. Unique Identification: An individual can create as many signed biometrics or identities as they like and enrol with any trusted organisation. The trans- formation will always map them back to the same identifier, with an error rate that is dependant on the quality of the matching algorithm and the number of individuals in the system. This is irrespective of the trusted organisation and is a result of biometric classification algorithms. The error rate arises from the im- precise nature of biometric feature extraction. Note that each Service Provider must require the same variety of biometric from all of their clients, or unique identification is impossible. [5]. Decentralisation: The trusted organisations do not have to communicate or be in consensus for the Unique Identification property to hold. This is enabled through Blockchain technology, which allows public keys and parameters to be stored without a central authority [10]. Biometrically Derived: Biometrics are used, meaning that the system does not depend on individuals holding previous identity documents in order to enrol. 3 Conclusion We describe a USI identity system which is capable of addressing number of sig- nificant current challenges in identity management. A key area for further work is improving the performance of biometric identification. The error rate could � Private Digital Identity on Blockchain 7 prove to be an obstacle due to the compounding of errors in biometric identifi- cation systems [15]. The need to trust the trusted organisation’s management of biometric data is a potential drawback of our protocol that could be addressed by legal or social mechanisms. Personal enrolment with the trusted organisation potentially exposes information about identity that could be exploited. However, we believe that this system could be feasible for distributed and privacy preserv- ing identification at large scale. Future work includes a reference implementation and security analysis. References 1. UNHCR.: UNHCR Resettlement Handbook. UNHCR - the UN Refugee Agency, Geneva (2011) 2. Saunders, K., Zucker, B.: Counteracting Identity Fraud in the Information Age: The Identity Theft and Assumption Deterrence Act. In: International Review of Law, Computers & Technology 1999, 2, pp 183–192. Routledge (1999). 3. Moyano, J. P., Ross, O.: KYC Optimization Using Distributed Ledger Technology. Business & Information Systems Engineering, 59(6), pp 411-423. (2017). 4. Kour, G. & Saabne, R.: Global Identification Challenge by the Numbers. http://id4d.worldbank.org/global-dataset/visualization. Accessed 30 July 2019. 5. Punithavathi, P., Subbiah, G., 2017. Can Cancelable Biometrics Preserve Privacy? Biometric Technology Today, 2017(7), pp 8–11. 6. Yang, W. et al.: A fingerprint and finger-vein based cancelable multi-biometric sys- tem. Pattern Recognition, Volume 78, pp 242–251. (2018) 7. Gorbunov, S., Vaikuntanathan, V., Wichs, D: Leveled Fully Homomorphic Signa- tures from Standard Lattices. In: STOC’15 Proceedings of the forty-seventh annual ACM symposium on Theory of Computing, pp 469–477. ACM, New York, NY, USA (2015) 8. Reed, D. et al.: 2019. DID Spec. https://w3c-ccg.github.io/did-spec/. Accessed 30 July 2019. 9. Sporny, M. et al.: Verifiable Credentials Data Model, https://www.w3.org/TR/vc- data-model/. Accessed 30 July 2019. 10. Sovrin.: Sovrin Protocol and Token White Paper. https://sovrin.org/wp- content/uploads/Sovrin-Protocol-and-Token-White-Paper.pdf Accessed 30 July 2019. 11. Metadium.: Introduction to Self-Sovereign Identity and Its 10 Guiding Prin- ciples. https://medium.com/metadium/introduction-to-self-sovereign-identity-and- its-10-guiding-principles-97c1ba603872. Accessed 30 July 2019. 12. Leong, C.: ID2020: Digital Identity. https://www.accenture.com/us-en/insight- blockchain-id2020. Accessed 30 July 2019. 13. Civic Technologies.: Civic Whitepaper. https://tokensale.civic.com/CivicTokenSaleWhitePaper.pdf. Accessed 30 July 2019. 14. Dunphy, P., Petitcolas, F.: A First Look at Identity Management Schemes on the Blockchain. https://arxiv.org/pdf/1801.03294.pdf. Accessed 30 July 2019. 15. Pato, J. N., Millett, L. I.: Biometric Recognition: Challenges and Opportunities. Washington, DC: The National Academies Press. (2010) �