Title: International Conference on Smart Applications, Communications and Networking, SmartNets 2023, Istanbul, Turkey, July 25-27, 2023 Search for Conference Proceedings Publications

Pages: 1-7

Scopus - 1 Citation

FOS: Engineering and technology > Electrical engineering, Electronic engineering, Information engineering

CORDIS: Technological sciences > Engineering > Computer engineering

FOS: Natural sciences > Computer and information sciences

Authenticus ID: P-00Y-X81

DOI: 10.1109/smartnets58706.2023.10215588

Abstract (EN): Traditional identity management (IdM) systems rely on third-party identity providers (IdPs) and are centralised, which can make them vulnerable to data breaches and other security risks. Self-sovereign identity (SSI) is a newer IdM model that allows users to control their own identities by using decentralised technologies like blockchain to store and verify them. However, SSI systems have their own security concerns, such as digital wallet vulnerabilities, blockchain threats and conflicts with general data protection regulation (GDPR). Additionally, the lack of incentives for issuers, verifiers and data owners could limit its acceptance. This paper proposes SPIDVerify, which is a decentralised identity verification framework that utilises an SSI-based architecture to address these issues. The framework uses a mixed method for acquiring a W3C standard verified credentials and to ensure that only a thoroughly verified entity acquires verified credential, and employs secure key cryptographic protocols; Diffie-Hellman (DH) and Extended Triple Diffie-Hellman (X3DH) for forward secrecy secure communication, single-use challenge-response for authentication, and Swarm network for decentralised storage of data. These methods enhance the security of the proposed framework with better resilience against impersonation and credential stealing. To evaluate the proposal, we have outlined the limitations in related works and demonstrated two scenarios to showcase the strength and effectiveness of SPIDVerify in dealing with the threats identified. We have also tested the methods used in SPIDVerify by measuring the time taken to execute certain processes. © 2023 IEEE.

Language: English

Type (Professor's evaluation): Scientific