A Security Analysis of Blockchain-Based Did Services

A Security Analysis of Blockchain-Based Did Services

Decentralized identifiers (DID) has shown great potential for sharing user identities across different domains and services without compromising user privacy. DID is designed to enable the minimum disclosure of the proof from a user’s credentials on a need-to-know basis with a contextuali...

Full description

Bibliographic Details
Main Authors: Bong Gon Kim, Young-Seob Cho, Seok-Hyun Kim, Hyoungshick Kim, Simon S. Woo
Format: Article
Language:English
Published: IEEE 2021-01-01
Series:IEEE Access
Subjects:
DID
decentralized key management system (DKMS)
universal resolver
blockchain
data exfiltration
blockchain redaction
Online Access:https://ieeexplore.ieee.org/document/9336711/
Description
Summary:Decentralized identifiers (DID) has shown great potential for sharing user identities across different domains and services without compromising user privacy. DID is designed to enable the minimum disclosure of the proof from a user’s credentials on a need-to-know basis with a contextualized delegation. At first glance, DID appears to be well-suited for this purpose. However, the overall security of DID has not been thoroughly examined. In this paper, we systemically explore key components of DID systems and analyze their possible vulnerabilities when deployed. First, we analyze the data flow between DID system components and analyze possible security threats. Next, we carefully identify potential security threats over seven different DID functional domains, ranging from user wallet to universal resolver. Lastly, we discuss the possible countermeasures against the security threats we identified.
ISSN:2169-3536

Similar Items