Abstract
Self-Sovereign Identity (SSI) is a digital identity that is managed in a decentralized manner utilising an underlying blockchain. It allows identity owners to manage and store their digital identities without relying on centralised third-party providers. Providing full control of an identity to its owner seeks to enhance the security and privacy of the individual. The utilisation of the decentralised trust model provided by an underlying blockchain realises this user-centred control. However, this operational change towards greater control and responsibility placed upon identity owners poses new challenges and security threats to the SSI system. Heretofore, there have been no significant research studies performed to assess potential attacks on the SSI system. The SSI model is an emerging Identity Management model, and requires a meticulous study of its potential attack surfaces. Therefore, this paper proposes an attack tree based risk analysis method for investigating potential attacks on the SSI system and their associated risks in facilitating their mitigations. This proposed attack tree based risk analysis method presents a systematic and generalised model to generate attack trees that can be used to perform risk analysis. In this investigation, three potential attacks on the SSI system are focused: faking identity, identity theft and distributed denial of service attacks. For each attack, the attack tree based risk analysis is performed; and subsequently, their mitigations are proposed.
Original language | English |
---|---|
Title of host publication | 2021 IEEE Symposium Series on Computational Intelligence (SSCI) |
Publisher | IEEE |
ISBN (Electronic) | 978-1-7281-9048-8 |
ISBN (Print) | 978-1-7281-9049-5 |
DOIs | |
Publication status | Published - 24 Jan 2022 |
Event | 2021 IEEE Symposium Series on Computational Intelligence (SSCI) - Orlando, FL, USA, Orlando, United States Duration: 5 Dec 2021 → 7 Dec 2021 |
Conference
Conference | 2021 IEEE Symposium Series on Computational Intelligence (SSCI) |
---|---|
Abbreviated title | SSCI |
Country/Territory | United States |
City | Orlando |
Period | 5/12/21 → 7/12/21 |
Keywords
- Attack Tree
- Risk Analysis Method
- Digital Identity
- Self-Sovereign Identity
- Identity Management System
- SSI
- Decentralized IDentifier
- Verifiable Credential
- Distributed Ledger Technology
- Blockchain
- Faking Identity
- Identity Theft
- Distributed Denial of Service