EDId
International Workshop on Emerging Digital Identities
-
Jul 31, 2024
-
SR07
-
08:45 — 12:15
Workshop Chairs
- → Daniela Pöhn
- → Nils Gruschka
- → Amir Sharif
Accepted Papers
An Identity Key Management System with Deterministic Key Hierarchy for SSI-native Internet of Things
Alice Colombatto
(LINKS Foundation, Italy), Luca Giorgino
(LINKS Foundation, Italy), Andrea Vesco
(LINKS Foundation, Italy)
Full Paper
The key to secure implementation of the Self-Sovereign Identity (SSI) model in IoT nodes is the Key Management System (KMS). A KMS for a large number of identity key pairs, bound to an appropriate combination of the IoT node hardware and firmware, and possibly running in a Trusted Execution Environment to ensure a high level of trust in the isolation, access control, and validity of key material and cryptographic operations. This paper presents the design of a novel KMS for SSI native IoT nodes, which adapts the principles of the deterministic key hierarchy used by cryptocurrency wallets to provide trusted key pair generation and usage to any SSI framework.
The implementation of the identity path and identity key derivation algorithm on a constrained IoT node demonstrates the feasibility of the design.
Workshop EDId
Workshop EDId
The implementation of the identity path and identity key derivation algorithm on a constrained IoT node demonstrates the feasibility of the design.
Service Provider Accreditation: Enabling and Enforcing Privacy-by-Design in Credential-based Authentication Systems
Stefan More
(Graz University of Technology and Secure Information Technology Center Austria (A-SIT), Austria), Jakob Heher
(Graz University of Technology and Secure Information Technology Center Austria (A-SIT), Austria), Edona Fasllija
(Graz University of Technology and Secure Information Technology Center Austria (A-SIT), Austria), Maximilian Mathie
(Graz University of Technology, Austria)
Full Paper
In credential-based authentication systems (wallets), users transmit personally identifiable and potentially sensitive data to Service Providers (SPs). Here, users must often trust that they are communicating with a legitimate SP and that the SP has a lawful reason for requesting the information that it does. In the event of data misuse, identifying and holding the SP accountable can be difficult.
In this paper, we first enumerate the privacy requirements of electronic wallet systems. For this, we explore applicable legal frameworks and user expectations. Based on this, we argue that forcing each user to evaluate each SP individually is not a tractable solution. Instead, we outline technical measures in the form of an SP accreditation system. We delegate trust decisions to an authorized Accreditation Body (AB), which equips each SP with a machine-readable set of data permissions. These permissions are checked and enforced by the user's wallet software, preventing over-sharing sensitive data. The accreditation body we propose is publicly auditable. By enabling the detection of misconduct, our accreditation system increases user trust and thereby fosters the proliferation of the system.
Workshop EDId
Workshop EDId
In this paper, we first enumerate the privacy requirements of electronic wallet systems. For this, we explore applicable legal frameworks and user expectations. Based on this, we argue that forcing each user to evaluate each SP individually is not a tractable solution. Instead, we outline technical measures in the form of an SP accreditation system. We delegate trust decisions to an authorized Accreditation Body (AB), which equips each SP with a machine-readable set of data permissions. These permissions are checked and enforced by the user's wallet software, preventing over-sharing sensitive data. The accreditation body we propose is publicly auditable. By enabling the detection of misconduct, our accreditation system increases user trust and thereby fosters the proliferation of the system.
Long-Lived Verifiable Credentials: Ensuring Durability Beyond the Issuer’s Lifetime
Ricardo Bochnia
(HTW Dresden, Germany), Jürgen Anke
(HTW Dresden, Germany)
Full Paper
The use of Self-Sovereign Identity (SSI) and Verifiable Credentials (VCs) to digitize physical credentials is gaining momentum. In particular, credentials such as diplomas may need to remain valid for decades, sometimes outliving their issuers. For instance, a university diploma remains valid even if the issuing university merges or dissolves. We are therefore exploring the challenges that Long-Lived Verifiable Credentials (LLVCs) face in maintaining their value and verifiability over the long term. Although verifiers do not directly contact issuers when verifying a VC, they may still rely on an existing issuer, e.g., to verify the credential's revocation state maintained by the issuer. If the issuer dissolves, the SSI trust triangle is broken, and the VC may lose its value, requiring approaches to preserve the longevity of LLVCs. To address these and other challenges of long-lived credentials, we analyze the management and requirements of physical education credentials as a prime example of long-lived physical credentials (LLPCs), leveraging them as a model for designing LLVCs. Our findings suggest a combination of approaches to effectively design LLVCs to address the unique challenges of long-lived credentials. Beyond technical approaches, such as the potential use of ledgers, our research also highlights the need for sustainable governance structures that extend beyond the life of the issuer to ensure that LLVCs achieve durability comparable to their physical counterparts.
Workshop EDId
Workshop EDId
Towards Post-Quantum Verifiable Credentials
Tim Wood
(Digital Catapult, United Kingdom), Keerthi Thomas
(Digital Catapult, United Kingdom), Matthew Dean
(Digital Catapult, United Kingdom), Swaminathan Kannan
(Digital Catapult, United Kingdom), Robert Learney
(Digital Catapult, United Kingdom)
Full Paper
Verifiable Credentials (VCs) allow users to assert claims about themselves in a cryptographically-verifiable way. In last the few years, several different VC schemes have emerged, offering varying levels of privacy through different cryptographic techniques. Current VC implementations aim for security against attacks that use classical computers, but the cryptography in use is vulnerable to attacks if the full power of quantum computing is ever realised. Addressing this threat is important as VCs are gaining traction for applications with safety and security implications (e.g. the mobile Driver's License (mDL)). This work examines the cryptographic underpinnings of VCs to discuss quantum-safety, and makes recommendations regarding the next steps in the transition to post-quantum cryptography.
Workshop EDId
Workshop EDId
Towards Functions for Verifiable Credentials in a 2-Holder Model
Markus Batz
(Stadt Köln, Germany), Sebastian Zickau
(Stadt Köln, Germany)
Full Paper
The trust model commonly used to describe digital identity ecosystems covers the roles issuer, holder and verifier which in general interact through the activities issue/hold, present/verify and revoke. The use case "German health certificate" discussed here reveals that processes may incorporate more than just one holder and require credential exchange between them. After issuance to one holder other holders occur which also may or even must present the credential in the further course. Therefore, a holder must be able to execute functions on credentials in its wallet such that some other holder also holds this credential and is able to present it successfully. To formally describe such functions and the necessary data structures in credentials, the "1-holder"-trust triangle is extended to a "2-holder"-model with two holders. Based on this extended model possible and relevant functions and their semantics in terms of verification results are defined. A concept to extend SD-JWT data structures to support this semantics is presented and its applicability is shown.
Workshop EDId
Workshop EDId
DistIN: Analysis and Validation of a Concept and Protocol for Distributed Identity Information Networks
Michael Hofmeier
(University of the Bundeswehr Munich, Germany), Daniela Pöhn
(University of the Bundeswehr Munich, Germany), Wolfgang Hommel
(University of the Bundeswehr Munich, Germany)
Full Paper
Identity management enables users to access services around the globe. The user information is managed in some sort of identity management system. With the proposed shift to self-sovereign identities, self-sovereign control is shifted to the individual user. However, this also includes responsibilities, for example, in case of incidents. This is the case although they typically do not have the capability to do so. In order to provide users with more control and less responsibilities, we unite identity management systems with public key infrastructures. This consolidation allows more flexible and customized trust relationships to be created and validated. This paper explains, analyzes, and validates our novel design for a Distributed Identity Information Network (DistIN) that allows a high degree of decentralization while aiming for high security, privacy, usability, scalability, and sovereignty. The primary advantage of the system lies in its flexibility and ease of use, which also enables smaller organizations or even private individuals to participate in the network with a service. This work compiles categorized requirements from the literature and analyzes the verification and authentication data flows. On this basis, the security analysis and validation are following. This work is an essential step to reach the goal of the final web-based DistIN protocol and application.
Workshop EDId
Workshop EDId
Detail EDId 02/05
International Workshop on Emerging Digital Identities to be held in the conjunction with the 19th International Conference on Availability, Reliability and Security
The identity environment has evolved into a complex ecosystem demanding seamless interoperability, stronger security measures, and user-centric experiences in an increasingly interconnected digital world. Addressing these difficulties necessitates collaboration among scholars and practitioners from diverse disciplines, establishing an interdisciplinary approach critical for shaping the future of identity management. EDId navigates a wide variety of security, privacy, and legal compliance issues, addressing technical issues like security and interoperability as well as legal and regulatory considerations like data protection and privacy.
Best Paper Award
All accepted and presented papers compete for the best paper awards, which will be announced at the workshop closing ceremony. The authors of the awarded papers will receive a certificate.
All accepted and presented papers compete for the best paper awards, which will be announced at the workshop closing ceremony. The authors of the awarded papers will receive a certificate.
Keynote: Vision and Challenges of the EUDI Wallet
The new eIDAS regulation will introduce the EUDI Wallet as a digital companion for users across the EU to access services in digital as well as physical space in a privacy preserving, secure, interoperable, and user friendly manner. This vision is ambitious and requires functions way beyond what typical wallets do today. It also requires an infrastructure for trust management to protect users from malicious issuers, wallet providers or relying parties. Also, the security and privacy requirements are much higher than what has been implemented in the past, resistance against high attack potential in conjunction with unlinkability and unobservability of transactions, just to name a few. This key note will describe the vision of the EUDI Wallet and highlight some of the challenges, with a focus on those challenges requiring scientific research.
About the Speaker
Dr.-Ing. Torsten Lodderstedt is a Digital Identity Architect with more than 15 years experience in developing and running large scale consumer identity services. He currently works for the German Federal Agency for Disruptive Innovation (SPRIND) as project lead & lead architect of Germany’s EU Digital Identity Wallet project and also serves as technical advisor at the OpenWallet Foundation. Before that, he led the consumer identity team at Deutsche Telekom and was CTO & CPO of yes.com, an open banking scheme. Earlier in his career, he helped organizations in public, banking, and railway communication domains to implement highly-scalable and secure services.
Torsten is an open standards enthusiast and has contributed to a wide range of broadly adopted identity standards like OAuth and OpenID Connect as well as standards for remote electronic signing (CSC) and Open Banking. His current focus is on Decentralized Identity and Verifiable Credentials. For example, he is co-author of OpenID for Verifiable Credentials and supports the European Union’s work on the eIDAS Architecture and Reference Framework.
Torsten holds a Diploma and a PhD in computer science from Dresden University of Technology and Albert Ludwig University of Freiburg, respectively.
The new eIDAS regulation will introduce the EUDI Wallet as a digital companion for users across the EU to access services in digital as well as physical space in a privacy preserving, secure, interoperable, and user friendly manner. This vision is ambitious and requires functions way beyond what typical wallets do today. It also requires an infrastructure for trust management to protect users from malicious issuers, wallet providers or relying parties. Also, the security and privacy requirements are much higher than what has been implemented in the past, resistance against high attack potential in conjunction with unlinkability and unobservability of transactions, just to name a few. This key note will describe the vision of the EUDI Wallet and highlight some of the challenges, with a focus on those challenges requiring scientific research.
About the Speaker
Dr.-Ing. Torsten Lodderstedt is a Digital Identity Architect with more than 15 years experience in developing and running large scale consumer identity services. He currently works for the German Federal Agency for Disruptive Innovation (SPRIND) as project lead & lead architect of Germany’s EU Digital Identity Wallet project and also serves as technical advisor at the OpenWallet Foundation. Before that, he led the consumer identity team at Deutsche Telekom and was CTO & CPO of yes.com, an open banking scheme. Earlier in his career, he helped organizations in public, banking, and railway communication domains to implement highly-scalable and secure services.
Torsten is an open standards enthusiast and has contributed to a wide range of broadly adopted identity standards like OAuth and OpenID Connect as well as standards for remote electronic signing (CSC) and Open Banking. His current focus is on Decentralized Identity and Verifiable Credentials. For example, he is co-author of OpenID for Verifiable Credentials and supports the European Union’s work on the eIDAS Architecture and Reference Framework.
Torsten holds a Diploma and a PhD in computer science from Dresden University of Technology and Albert Ludwig University of Freiburg, respectively.
Topics of interest include, but are not limited to 03/05
- Interoperability and user experience related to digital identities
- Analysis of protocols and architectures in the area of digital identities, such as OAuth, OpenID Connect, and zero trust
- Status of standardization and its adoption, such as OAuth 2.1, GNAP, OpenID4VC, and W3C VC/DID
- Authentication methods, such as passwordless (including FIDO2 passkeys) and biometric authentication
- Novel technologies and use cases for digital identities, such as self-sovereign identities and IoT
- Mobile aspects of digital identity and smartphone identity wallets
- Compliance with regulations, such as the eIDAS regulation
- Analysis of security, such as social engineering and identity fraud
- Cryptography for digital identity, such as selective disclosure signatures and zero-knowledge proofs
- Behavioral and risk-based authentication mechanisms
- Identification, onboarding, and Know Your Customer (KYC) procedures
- Session management for seamless and continuous authentication
- Trust frameworks for identity management solutions
- Privacy-enhancing technologies for identity management
Workshop Chairs 04/05
Workshop Chairs
Program Commitee
Hamed Arshad
|
Cegal, Norway
Diana Gratiela Berbecaru
|
Politecnico di Torino, Italy
Tamas Bisztray
|
University of Oslo, Norway
Francesco Buccafurri
|
Università degli Studi Mediterranea di Reggio Calabria, Italy
Andre Büttner
|
University of Oslo, Norway
Roberto Carbone
|
Fondazione Bruno Kessler, Italy
Lothar Fritsch
|
OsloMet, Norway
Michael Grabatin
|
Universität der Bundeswehr München, Germany
Wolfgang Hommel
|
Universität der Bundeswehr München, Germany
Meiko Jensen
|
Karlstad University, Sweden
Sandra Kostic
|
Fraunhofer AISEC, Germany
Sara Lazzaro
|
Università degli Studi Mediterranea di Reggio Calabria, Italy
Cecilia Pasquini
|
Fondazione Bruno Kessler, Italy
Silvio Ranise
|
Fondazione Bruno Kessler and University of Trento, Italy
Guido Schmitz
|
Lancaster University Leipzig, United Kingdom
Giada Sciarretta
|
Fondazione Bruno Kessler, Italy
Submission 05/05
Submission Guidelines
The submission guidelines valid for the workshop are the same as for the ARES conference.
Important Dates
Submission Deadline
hard deadline
May 08, 2024
Author Notification
May 29, 2024
Proceedings Version
hard deadline
Jun 18, 2024
Conference
Jul 30
—
Aug 02, 2024