With the ever-increasing amount of online services, it is important to have a reliable digital identity. Many services use identity solutions from either Facebook or Google, but these solutions violate our privacy. There are alternatives...
For instance, the identity solution used by the Dutch government, DigiD. This solution has its limitations. Commercial parties are not allowed to use it and even if they could, they would most likely deem it too expensive.1 Another common problem is that most digital identities do not actually verify the user, but rather a device. For instance, with DigiD or Facebook you verify ownership over your identity using a password. If a hacker gets a hold of your passwords, he can pretend to be you. Some identity solutions take this a step further by adding two factor authentication (2FA), connecting your password to your sim card. Yet, this means that if someone somehow gets access to your device, they still can steal your identity. What we see is that there is an increasing demand for a digital identity that does a better job at protecting your privacy, especially with the introduction of the General Data Protection Regulation (GDPR) last year. Self-sovereign identity (SSI) has emerged as a possible solution.
The user in control
The new privacy law “GDPR” states that the user should have more control over what happens with their data. Self-sovereign identity (SSI) is a concept that goes a step further by giving the user full ownership over their own data. With SSI, user credentials are stored on a smart card or phone owned by the user which can’t be accessed by third parties without the user’s consent. With SSI, the authentication of user credentials is done by showing the minimal amount of relevant data. For instance, when proving you are allowed to drink alcohol you currently have to show your identity card, which in the Netherlands, include your BSN (citizen service) number. With SSI, you only show you are over 18 years old and therefore are old enough to drink. Since with SSI you no longer require third parties who have access to your data, your privacy is better protected and it also means they are no longer able to sell your data to other third parties without your consent.
SSI also makes it harder for hackers to access identity data using social engineering. Today, many services like insurance companies only ask for your date of birth and email address for verification. A hacker can easily get access to sensitive data knowing this information. Removing a central party that allows you to access your identity has its advantages, but it also yields a new challenge. Currently, when a user loses or forgets his/her password they can call the central party to regain access in the way described above. With SSI regaining access is a much bigger challenge since there is no third party who owns a spare key.
The future of digital identity
At Visma Connect, we believe that self-sovereign identity is the future of digital identity. We envision that SSI could eventually replace e-IDs such as DigiD in the future. We also expect that, using blockchain, SSI can become more efficient in verifying and issuing credentials due to a shared distributed ledger between relevant parties. Because several parties currently responsible for validating credentials would become redundant, we expect SSI to become cheaper than it currently is with centralized solutions. This would make it attractive from a commercial stance. With SSI, we believe we can better prevent identity fraud and protect privacy.
We notice that most SSI providers try to tackle very big problems and we believe it is better to start small. A use case we could start with to prove the usefulness of SSI could be to verify the validity of university degrees. We could have the university issue a certificate which the user can use to prove they have indeed graduated. This would help greatly since research shows that 40% of people exaggerate their academic qualifications and 11% make up a certificate altogether.2
For SSI to work, it needs to be user-friendly. If it isn't convenient enough to use, people won’t use it. SSI critics say people do not really want to manage their own data, since it implies you have to do a lot of work. However, this does not necessarily need to be the case. For instance, let’s say Nike wants to use personal data from running apps to target you with ads for products that suit your needs. Maybe you want to get these ads since you run quite a lot. With SSI, you can whitelist Nike, so they get all the relevant data to present you with relevant ads. Nike may even incentivize that you share that data by giving you a discount when you do.
SSI blocks third parties from accessing your data without your knowledge. If they need it, you are notified about their request to access certain data and you can either accept or reject it. We can even build in an option that would allow you to pre-approve a party’s future requests if you wish.
So we have established that managing your data does not have to be a hassle. What about recovering your keys when you lose them? With centralized solutions you can call the helpdesk to recover your keys to access your identity. With SSI, this would no longer be possible since the identity is owned by you and you alone. It is no longer stored in a central location managed by a trusted third party. Yet, we know from experience that people tend to choose very simple passwords which are easy to hack. They also forget their passwords often.
Undeniably, we need ways to deal with this problem if SSI is to gain traction. The first thing we should get rid of are passwords altogether. In fact, why not forgo passwords in central solutions as well? With current computer technology, password standards are outdated. A special character barely does anything to prevent brute force attacks and the best thing you can do is enter a very long passphrase of at least 12 characters. The problem is that people either forget or don’t create passwords that are complicated enough. To secure the system, we should remove the human factor as much as possible.
A combination of biometrics and two factor authentication is a possible solution most banks are already using. To use bank applications, you require a fingerprint and or a pin which is coupled to your sim card. This last part is important because a hacker requires both your sim card and fingerprint to access your bank account.
But even a fingerprint is not airtight. It can be copied when someone steals a glass you used. So, for important things, you require more certainty than that offered by a fingerprint. Facial recognition suffers a similar limitation. Facial recognition services can sometimes be fooled with pictures from the internet. So to be completely secure, the service needs to include liveness detection. iProov, for instance, is currently using this for biometric face authentication.3
In short, when using SSI in certain scenarios, you should use facial recognition with liveness detection for extra security.
This tackles part of the problem, since you most likely won’t lose your biometrics. However, it is possible for you to lose your device. How do you safely recover the identity on your phone? One way is to use a master key or multisig wallet. We can generate an extra key which you can store in a secure location at home4. If you lose your phone, the master key can be used to change the keypair and transfer the credentials to a new device.
Another approach is using delegates like uPort is doing5. In this case you can assign people you trust, like your parents, partner, best friends etc. If the majority of them say you have lost your keys, a small time window opens for you to change your keys. The disadvantage of this system is that a hacker could use social engineering to find out who the delegates are, target them and possibly fool them into believing you lost your keys to then take over your identity.
Yet another approach is to encrypt the private key using biometrics and split this encrypted key using a Shamar secret sharing scheme into an arbitrary amount of “n” parts6. With this scheme you require an arbitrary k out of n parts to recreate the encrypted key which you can then decrypt using your biometric signature if you lost your key. This method does have a false reject rate of about 1%, meaning there is a small chance this recovery method fails.
The methods described above can be used to recover your keys when lost. They do however need to be set up in advance. If the user didn’t set anything up or the methods fail there is no way of recovering the keys. In this unfortunate scenario the user has to apply for a brand new identity and set everything up from scratch again. Going back to our example of using SSI for University degrees, this would mean that once you have a new identity you have to contact the university again to have them issue your academic credentials on your SSI again.
Is the world ready for SSI?
Although SSI is still a new technology for most organizations, it has a huge potential to resolve common security problems we face with digital identity. Paired with blockchain, it can be much more secure and easier to implement for end users. Interested in learning about SSI and how it can benefit your users? Contact us.