A Security Analysis of Blockchain-Based Did Services

Bong Gon Kim; Young Seob Cho; Seok Hyun Kim; Hyoungshick Kim; Simon S. Woo

doi:10.1109/ACCESS.2021.3054887

A Security Analysis of Blockchain-Based Did Services

Bong Gon Kim
, Young Seob Cho
, Seok Hyun Kim
, Hyoungshick Kim
, Simon S. Woo

Department of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

31 Scopus citations

Abstract

Decentralized identifiers (DID) has shown great potential for sharing user identities across different domains and services without compromising user privacy. DID is designed to enable the minimum disclosure of the proof from a user's credentials on a need-to-know basis with a contextualized delegation. At first glance, DID appears to be well-suited for this purpose. However, the overall security of DID has not been thoroughly examined. In this paper, we systemically explore key components of DID systems and analyze their possible vulnerabilities when deployed. First, we analyze the data flow between DID system components and analyze possible security threats. Next, we carefully identify potential security threats over seven different DID functional domains, ranging from user wallet to universal resolver. Lastly, we discuss the possible countermeasures against the security threats we identified.

Original language	English
Article number	9336711
Pages (from-to)	22894-22913
Number of pages	20
Journal	IEEE Access
Volume	9
DOIs	https://doi.org/10.1109/ACCESS.2021.3054887
State	Published - 2021

Keywords

attack surface
blockchain
blockchain redaction
data exfiltration
decentralized key management system (DKMS)
DID
universal resolver

Access to Document

10.1109/ACCESS.2021.3054887

Cite this

@article{207ee65b2a704e5c9645618b8567efb1,

title = "A Security Analysis of Blockchain-Based Did Services",

abstract = "Decentralized identifiers (DID) has shown great potential for sharing user identities across different domains and services without compromising user privacy. DID is designed to enable the minimum disclosure of the proof from a user's credentials on a need-to-know basis with a contextualized delegation. At first glance, DID appears to be well-suited for this purpose. However, the overall security of DID has not been thoroughly examined. In this paper, we systemically explore key components of DID systems and analyze their possible vulnerabilities when deployed. First, we analyze the data flow between DID system components and analyze possible security threats. Next, we carefully identify potential security threats over seven different DID functional domains, ranging from user wallet to universal resolver. Lastly, we discuss the possible countermeasures against the security threats we identified.",

keywords = "attack surface, blockchain, blockchain redaction, data exfiltration, decentralized key management system (DKMS), DID, universal resolver",

author = "Kim, \{Bong Gon\} and Cho, \{Young Seob\} and Kim, \{Seok Hyun\} and Hyoungshick Kim and Woo, \{Simon S.\}",

note = "Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2021",

doi = "10.1109/ACCESS.2021.3054887",

language = "English",

volume = "9",

pages = "22894--22913",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - A Security Analysis of Blockchain-Based Did Services

AU - Kim, Bong Gon

AU - Cho, Young Seob

AU - Kim, Seok Hyun

AU - Kim, Hyoungshick

AU - Woo, Simon S.

PY - 2021

Y1 - 2021

N2 - Decentralized identifiers (DID) has shown great potential for sharing user identities across different domains and services without compromising user privacy. DID is designed to enable the minimum disclosure of the proof from a user's credentials on a need-to-know basis with a contextualized delegation. At first glance, DID appears to be well-suited for this purpose. However, the overall security of DID has not been thoroughly examined. In this paper, we systemically explore key components of DID systems and analyze their possible vulnerabilities when deployed. First, we analyze the data flow between DID system components and analyze possible security threats. Next, we carefully identify potential security threats over seven different DID functional domains, ranging from user wallet to universal resolver. Lastly, we discuss the possible countermeasures against the security threats we identified.

AB - Decentralized identifiers (DID) has shown great potential for sharing user identities across different domains and services without compromising user privacy. DID is designed to enable the minimum disclosure of the proof from a user's credentials on a need-to-know basis with a contextualized delegation. At first glance, DID appears to be well-suited for this purpose. However, the overall security of DID has not been thoroughly examined. In this paper, we systemically explore key components of DID systems and analyze their possible vulnerabilities when deployed. First, we analyze the data flow between DID system components and analyze possible security threats. Next, we carefully identify potential security threats over seven different DID functional domains, ranging from user wallet to universal resolver. Lastly, we discuss the possible countermeasures against the security threats we identified.

KW - attack surface

KW - blockchain

KW - blockchain redaction

KW - data exfiltration

KW - decentralized key management system (DKMS)

KW - DID

KW - universal resolver

UR - https://www.scopus.com/pages/publications/85100487556

U2 - 10.1109/ACCESS.2021.3054887

DO - 10.1109/ACCESS.2021.3054887

M3 - Article

AN - SCOPUS:85100487556

SN - 2169-3536

VL - 9

SP - 22894

EP - 22913

JO - IEEE Access

JF - IEEE Access

M1 - 9336711

ER -

A Security Analysis of Blockchain-Based Did Services

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this