Speaker
Description
Introduction
The DEFENSIVE project aims to create a platform for sharing Threat Intelligence and security incident data while adhering to stringent information security and data protection standards. Key priorities include the platform's decentralized operation and the ability to securely and anonymously exchange data.
Federated approaches are widely used and well-established for implementing decentralized models of authentication and authorization. One example is the Authentication and Authorization Infrastructure (eduGAIN), utilized by GEANT. While this decentralized service performs effectively in the trusted environment of research networks, challenges remain when applied to more diverse settings with stringent data security and privacy requirements (e.g., anonymity, with non-repudiation mostly preserved). In this contribution, we demonstrate that Self Sovereign Identity can effectively address these challenges.
Federated Authentication
In federated authentication models (e.g., eduGAIN / OpenID Connect), a user registers and authenticates themselves with an identity provider (IdP). The IdP signs and manages the attributes associated with that user. When a user accesses a service, the service provider (SP) redirects the user to the associated IdP, where the user provides their credentials for authentication. The IdP then passes the verified user's attributes to the service provider. While the user's true identity can be concealed through the use of a pseudonym, this pseudonym remains constant for all accesses to services. As a result, colluding service providers are able to track the user's behavior across multiple services. Therefore, fully anonymous usage that prevents tracking is not achievable.
Self-Sovereign Identity
In Self-Sovereign Identity the role of the IdP is inherited by one or multiple Issuers. In analogy to the federated model, a user provides a set of attributes to the Issuer, which verifies their validity, signs them, and returns the signed attributes to the user. The user can then validate the correctness of the signature.
In contrast to the federated model, the user directly manages the attested attributes and provides them to the service provider upon request. There are several fundamental differences between the federated model and SSI concerning the management and provision of attributes. While all relevant attributes are transmitted to the service provider (SP) in the federated model, SSI allows the user to decide which attributes to transmit and which to keep confidential (Selective Disclosure).
Rather than directly providing attributes, the user generates a proof in SSI that incorporates all signed attributes in an encrypted form. The validity of the proof can be verified by the SP. It is important to note that the validity of the proof also guarantees the validity of the enclosed attributes. However, the raw signatures that could allow tracking are encoded in such a way that although their validity can be proved, they are cryptographically protected against disclosure (Unlinkable Proofs, Proof of Possession). This enables users to conceal their identity without compromising the security demands.
These capabilities of Self-Sovereign Identity are realized through a signature scheme (e.g., BBS+) that is mathematically more complex than the well known signature schemes based on RSA or elliptic curves.
Our Contribution
For the DEFENSIVE platform, Self-Sovereign Identity allows users to anonymously share incident data while providing evidence of belonging to a CSIRT or a governmental institution, such as the German BSI. This enables the user to prove membership in a trusted institution without revealing their exact identity. By using arbitrary identities, the user can prevent being tracked across multiple transactions.
In this presentation, we will introduce federated authentication models and Self-Sovereign Identity, highlighting their similarities and differences. Our aim is to provide a foundational understanding of both models and explore their unique use cases.