International Workshop on Emerging Digital Identities
  • Date
    Jul 31, 2024
  • Location
  • Duration
    08:45 — 12:15
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Daniela Pöhn
  • → Nils Gruschka
  • → Amir Sharif

Accepted Papers

An Identity Key Management System with Deterministic Key Hierarchy for SSI-native Internet of Things
Alice Colombatto (LINKS Foundation, Italy), Luca Giorgino (LINKS Foundation, Italy), Andrea Vesco (LINKS Foundation, Italy)
Full Paper
The key to secure implementation of the Self-Sovereign Identity (SSI) model in IoT nodes is the Key Management System (KMS). A KMS for a large number of identity key pairs, bound to an appropriate combination of the IoT node hardware and firmware, and possibly running in a Trusted Execution Environment to ensure a high level of trust in the isolation, access control, and validity of key material and cryptographic operations. This paper presents the design of a novel KMS for SSI native IoT nodes, which adapts the principles of the deterministic key hierarchy used by cryptocurrency wallets to provide trusted key pair generation and usage to any SSI framework.

The implementation of the identity path and identity key derivation algorithm on a constrained IoT node demonstrates the feasibility of the design.
Workshop EDId
Service Provider Accreditation: Enabling and Enforcing Privacy-by-Design in Credential-based Authentication Systems
Stefan More (Graz University of Technology and Secure Information Technology Center Austria (A-SIT), Austria), Jakob Heher (Graz University of Technology and Secure Information Technology Center Austria (A-SIT), Austria), Edona Fasllija (Graz University of Technology and Secure Information Technology Center Austria (A-SIT), Austria), Maximilian Mathie (Graz University of Technology, Austria)
Full Paper
In credential-based authentication systems (wallets), users transmit personally identifiable and potentially sensitive data to Service Providers (SPs). Here, users must often trust that they are communicating with a legitimate SP and that the SP has a lawful reason for requesting the information that it does. In the event of data misuse, identifying and holding the SP accountable can be difficult.

In this paper, we first enumerate the privacy requirements of electronic wallet systems. For this, we explore applicable legal frameworks and user expectations. Based on this, we argue that forcing each user to evaluate each SP individually is not a tractable solution. Instead, we outline technical measures in the form of an SP accreditation system. We delegate trust decisions to an authorized Accreditation Body (AB), which equips each SP with a machine-readable set of data permissions. These permissions are checked and enforced by the user's wallet software, preventing over-sharing sensitive data. The accreditation body we propose is publicly auditable. By enabling the detection of misconduct, our accreditation system increases user trust and thereby fosters the proliferation of the system.
Workshop EDId
Long-Lived Verifiable Credentials: Ensuring Durability Beyond the Issuer’s Lifetime
Ricardo Bochnia (HTW Dresden, Germany), Jürgen Anke (HTW Dresden, Germany)
Full Paper
The use of Self-Sovereign Identity (SSI) and Verifiable Credentials (VCs) to digitize physical credentials is gaining momentum. In particular, credentials such as diplomas may need to remain valid for decades, sometimes outliving their issuers. For instance, a university diploma remains valid even if the issuing university merges or dissolves. We are therefore exploring the challenges that Long-Lived Verifiable Credentials (LLVCs) face in maintaining their value and verifiability over the long term. Although verifiers do not directly contact issuers when verifying a VC, they may still rely on an existing issuer, e.g., to verify the credential's revocation state maintained by the issuer. If the issuer dissolves, the SSI trust triangle is broken, and the VC may lose its value, requiring approaches to preserve the longevity of LLVCs. To address these and other challenges of long-lived credentials, we analyze the management and requirements of physical education credentials as a prime example of long-lived physical credentials (LLPCs), leveraging them as a model for designing LLVCs. Our findings suggest a combination of approaches to effectively design LLVCs to address the unique challenges of long-lived credentials. Beyond technical approaches, such as the potential use of ledgers, our research also highlights the need for sustainable governance structures that extend beyond the life of the issuer to ensure that LLVCs achieve durability comparable to their physical counterparts.
Workshop EDId
Towards Post-Quantum Verifiable Credentials
Tim Wood (Digital Catapult, United Kingdom), Keerthi Thomas (Digital Catapult, United Kingdom), Matthew Dean (Digital Catapult, United Kingdom), Swaminathan Kannan (Digital Catapult, United Kingdom), Robert Learney (Digital Catapult, United Kingdom)
Full Paper
Verifiable Credentials (VCs) allow users to assert claims about themselves in a cryptographically-verifiable way. In last the few years, several different VC schemes have emerged, offering varying levels of privacy through different cryptographic techniques. Current VC implementations aim for security against attacks that use classical computers, but the cryptography in use is vulnerable to attacks if the full power of quantum computing is ever realised. Addressing this threat is important as VCs are gaining traction for applications with safety and security implications (e.g. the mobile Driver's License (mDL)). This work examines the cryptographic underpinnings of VCs to discuss quantum-safety, and makes recommendations regarding the next steps in the transition to post-quantum cryptography.
Workshop EDId
Towards Functions for Verifiable Credentials in a 2-Holder Model
Markus Batz (Stadt Köln, Germany), Sebastian Zickau (Stadt Köln, Germany)
Full Paper
The trust model commonly used to describe digital identity ecosystems covers the roles issuer, holder and verifier which in general interact through the activities issue/hold, present/verify and revoke. The use case "German health certificate" discussed here reveals that processes may incorporate more than just one holder and require credential exchange between them. After issuance to one holder other holders occur which also may or even must present the credential in the further course. Therefore, a holder must be able to execute functions on credentials in its wallet such that some other holder also holds this credential and is able to present it successfully. To formally describe such functions and the necessary data structures in credentials, the "1-holder"-trust triangle is extended to a "2-holder"-model with two holders. Based on this extended model possible and relevant functions and their semantics in terms of verification results are defined. A concept to extend SD-JWT data structures to support this semantics is presented and its applicability is shown.
Workshop EDId
DistIN: Analysis and Validation of a Concept and Protocol for Distributed Identity Information Networks
Michael Hofmeier (University of the Bundeswehr Munich, Germany), Daniela Pöhn (University of the Bundeswehr Munich, Germany), Wolfgang Hommel (University of the Bundeswehr Munich, Germany)
Full Paper
Identity management enables users to access services around the globe. The user information is managed in some sort of identity management system. With the proposed shift to self-sovereign identities, self-sovereign control is shifted to the individual user. However, this also includes responsibilities, for example, in case of incidents. This is the case although they typically do not have the capability to do so. In order to provide users with more control and less responsibilities, we unite identity management systems with public key infrastructures. This consolidation allows more flexible and customized trust relationships to be created and validated. This paper explains, analyzes, and validates our novel design for a Distributed Identity Information Network (DistIN) that allows a high degree of decentralization while aiming for high security, privacy, usability, scalability, and sovereignty. The primary advantage of the system lies in its flexibility and ease of use, which also enables smaller organizations or even private individuals to participate in the network with a service. This work compiles categorized requirements from the literature and analyzes the verification and authentication data flows. On this basis, the security analysis and validation are following. This work is an essential step to reach the goal of the final web-based DistIN protocol and application.
Workshop EDId

Detail EDId 02/05

Topics of interest include, but are not limited to 03/05

  • Interoperability and user experience related to digital identities
  • Analysis of protocols and architectures in the area of digital identities, such as OAuth, OpenID Connect, and zero trust
  • Status of standardization and its adoption, such as OAuth 2.1, GNAP, OpenID4VC, and W3C VC/DID
  • Authentication methods, such as passwordless (including FIDO2 passkeys) and biometric authentication
  • Novel technologies and use cases for digital identities, such as self-sovereign identities and IoT
  • Mobile aspects of digital identity and smartphone identity wallets
  • Compliance with regulations, such as the eIDAS regulation
  • Analysis of security, such as social engineering and identity fraud
  • Cryptography for digital identity, such as selective disclosure signatures and zero-knowledge proofs
  • Behavioral and risk-based authentication mechanisms
  • Identification, onboarding, and Know Your Customer (KYC) procedures
  • Session management for seamless and continuous authentication
  • Trust frameworks for identity management solutions
  • Privacy-enhancing technologies for identity management

Workshop Chairs 04/05

Workshop Chairs

Workshop Chairs Logo
Daniela Pöhn
Universität der Bundeswehr München, Germany
Workshop Chairs Logo
Nils Gruschka
University of Oslo, Norway
Workshop Chairs Logo
Amir Sharif
Fondazione Bruno Kessler, Italy

Program Commitee

Hamed Arshad | Cegal, Norway
Diana Gratiela Berbecaru | Politecnico di Torino, Italy
Tamas Bisztray | University of Oslo, Norway
Francesco Buccafurri | Università degli Studi Mediterranea di Reggio Calabria, Italy
Andre Büttner | University of Oslo, Norway
Roberto Carbone | Fondazione Bruno Kessler, Italy
Lothar Fritsch | OsloMet, Norway
Michael Grabatin | Universität der Bundeswehr München, Germany
Wolfgang Hommel | Universität der Bundeswehr München, Germany
Meiko Jensen | Karlstad University, Sweden
Sandra Kostic | Fraunhofer AISEC, Germany
Sara Lazzaro | Università degli Studi Mediterranea di Reggio Calabria, Italy
Cecilia Pasquini | Fondazione Bruno Kessler, Italy
Silvio Ranise | Fondazione Bruno Kessler and University of Trento, Italy
Guido Schmitz | Lancaster University Leipzig, United Kingdom
Giada Sciarretta | Fondazione Bruno Kessler, Italy

Submission 05/05

Important Dates

Submission Deadline hard deadline May 08, 2024
Author Notification May 29, 2024
Proceedings Version hard deadline Jun 18, 2024
Conference Jul 30 — Aug 02, 2024
Register here!
Join us at ARES 2024 in Vienna, Austria