identity mangement on the blockchain
play

Identity Mangement on the Blockchain Julian Roos Technical - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Identity Mangement on the Blockchain Julian Roos Technical University Munich Munich, 06. July 2018 Agenda Introduction Explain


  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Identity Mangement on the Blockchain Julian Roos Technical University Munich Munich, 06. July 2018

  2. Agenda • Introduction • Explain important concepts • Explain identity management systems • Conclusion Julian Roos 2

  3. Agenda  Introduction • Explain important concepts • Explain identity management systems • Conclusion Julian Roos 3

  4. Overview of Identity Management What is identity management? • System for identifying, authenticating and authorizing individuals • Link identities to user rights (and restrictions) Who manages identities today? • Governments • Facebook and other social networks • Websites themselves through username-password systems Problem: Identity is not controlled by the individual Julian Roos 4

  5. Self-Sovereign Identity Characteristics of self-sovereign identities: • Identity belongs to the person herself • Person has full control over her identity What information is stored? − Who has access to the information? − Full control to change attributes − • Identity is portable • No trust in a central authority is required • Data has to be stored securly • Integrity of the data has to be guaranteed Julian Roos 5

  6. What Role Does Blockchain Play in this? • System is available more often, does not go down if a server goes down • Enables self-sovereign identities because It is decentralized  no central authority − Integrity of data is guaranteed − • In most cases: Identity attributes are NOT stored on the blockchain! Everybody can read the data on the blockchain − Space constraints − • Identity stored on an external filesystem • Link to that stored on the blockchain Julian Roos 6

  7. Agenda • Introduction • Explain important concepts  Explain identity management systems • Conclusion Julian Roos 7

  8. uPort • Is built on the Ethereum blockchain • Currently only exists as a mobile app • Claims to enable self-sovereign identity • Utilizes Ethereum‘s smart contracts  Smart contracts are code (on the blockchain) that can move data when invoked • Smart contracts are invoked to create the identity Julian Roos 8

  9. How is an Identity Created? Example: uPort 1. Create asymmetric key pair Public Key Private Key Only stored on the user’s mobile device Julian Roos 9

  10. How is an Identity Created? Example: uPort 2. Create instantiation of the controller smart contract with link to the public key Controller Public Key instantiation Private Key Julian Roos 10

  11. How is an Identity Created? Example: uPort 3. Create proxy smart contract with a reference to that instantiation of the controller Controller Proxy Public Key instantiation Private Key Julian Roos 11

  12. How is an Identity Created? Example: uPort 4. Address of the proxy is the uPortID. Controller Proxy Public Key instantiation Private Key Address is the uPortID Julian Roos 12

  13. How are Identity Attributes Managed? Example: uPort • Registry maps uPortIDs to identity attributes Proxy Registry read / write Address is the uPortID Julian Roos 13

  14. How are Identity Attributes Managed? Example: uPort • Registry references a distributed database Proxy Registry Distributed read / write references Database Address is the uPortID Stored on Ethereum’s blockchain Julian Roos 14

  15. How are Identity Attributes Managed? Example: uPort • Attributes stored in the distributed database Proxy Registry Distributed read / write references Database Address is the uPortID Attributes are stored here Stored on Ethereum’s blockchain Julian Roos 15

  16. How are Identities Verified? Example: uPort • They are not verified • Only attributes can be “verified” • For this a decentralized public key infrastructure (PKI) is needed PKI Stores public keys of uPortIDs and allows to share signed data Julian Roos 16

  17. How are Attributes Verified? Example: uPort • Attributes are signed by other uPortIDs with their private key Signs attribute and gives it to A through uPortID PKI reads PKI Attribute B Verifies attribute uPortID A Stores public keys of uPortIDs and allows to share signed data Julian Roos 17

  18. How are Attributes Verified? Example: uPort • Another identity can now get the already signed attribute uPortID Wants verification PKI Attribute C Give signed attribute uPortID A Stores public keys of uPortIDs and allows to share signed data Julian Roos 18

  19. How are Attributes Verified? Example: uPort • The other identity can now verify that the signature comes from another uPortID • It is now up to C to decide whether it trusts B and therefore A’s attribute Get public uPortID Wants verification PKI Attribute key of B C Verifies signature of B uPortID A Stores public keys of uPortIDs and allows to share signed data Julian Roos 19

  20. uPort Trustee System • Private key is only stored on the user‘s phone • What happens in the case of him losing his phone? • Trustee system: • If the user loses his private key, trustees can vote to change the private key of his uPortID • Malicious trustees can also take control over a uPortID, even if the owner did not lose his private key  trustees have to be trusted Julian Roos 20

  21. Namecoin • First fork of Bitcoin‘s blockchain • Aims at improving decentralization, security and privacy • Does not enable self-sovereign identity • Identities are names with respective JSON values stored on Namecoin‘s blockchain • Stored data can include name, email, url to a photo, fignerprints of cryptographic keys,c crypto addresses and other things • Identities have to be renewed every 35,999 blocks Julian Roos 21

  22. How is an Identity Created? Example: Namecoin • A Namecoin address (that possess namecoins) can create a name that is associated with that address • Write id/YourName in the namecoin software Namecoin Namecoin Attribute: creates address identity Namecoin address Stored on Namecoin’s blockchain Julian Roos 22

  23. How are Identity Attributes Managed? Example: Namecoin • The owner of the identity i.e. the owner of the namecoin address can add further information • Storage space for all attributes is limited to 520 bytes Namecoin Namecoin Namecoin Add attributes address identity address key Email fingerprint Stored on Namecoin’s blockchain Julian Roos 23

  24. How are Identites Verified? • Identites are not verified • Their attributes are also not verified • Namecoins main use case is to verify addresses or cryptographic keys from someone • One needs to know the others namecoinID for that Julian Roos 24

  25. NamecoinID Example $ namecoind name_show "id/khal" { "email": "khal@dot-bit.org", "bitcoin": "1J3EKMfboca3SESWGrQKESsG1MA9yK6vN4", "namecoin": "N2pGWAh65TWpWmEFrFssRQkQubbczJSKi9" } Julian Roos 25

  26. Jolocom • started in 2014 • Berlin startup • Developing an open source decentralized identity management system • Uses hierarchical deterministic keys (HD keys) • HD keys are generated from a seed • Child keys can be derived from the parent key (connection not visible without the seed) • Parent key can monitor and control each child key • Jolocom uses HD keys to enable the use of sub identites (to control who gets to know what) Julian Roos 26

  27. Example of Sub Identites Jolocom Identity Medical Driver Degrees records license Julian Roos 27

  28. Conclusion • A lot of proposals exist • Different approaches with different advantages / disadvantages • Offeres advantages over current identity management (e.g. through the possibility of sub identities or easier online verification) • Self-sovereign identities can be the identities of the future • Self-sovereign identities rely on verified attributes to be useful  some need for authorties to verify the attributes Julian Roos 28

  29. Questions? Julian Roos 29

  30. Sovrin • Is a global open source decentralized identity network • Governed by the non-profit Sovrin Foundation • Source code comes from Evernym • Users can create portable, self-sovereign digital identites • Uses verified credentials • Runs on a permissioned blockchain  Nodes need to be authorized • Authorized nodes are run by trusted identities so-called stewards • Current stewards are companies (IBM) and research facilites (T-Labs) • Currently no government or bank is a steward Julian Roos 30

  31. ShoCard • Mainly developed for banks and traveling with airlines • Combination of ShoCardID with already trusted credentials (e.g. passport) • Uses ist own server to store relevant information • Can use multiple blockchains at the same time Julian Roos 31

  32. Blockstack • Aims at enableing decentralized internet • Replaces core infrastructure like DNS, PKIs and storage backends • Offers identity management • Identities can exisit for people, companies, websites and more • Identities can contain public and private information • Information can be validated by peers as well as authorities Julian Roos 32

Recommend


More recommend