Modeling the Threats to Self-Sovereign Identities

Self-sovereign identity (SSI) is a relatively young identity management paradigm allowing digital identities to be managed in a user-centric, decentralized manner, often but not necessarily utilizing distributed ledger technologies. This emerging technology gets into the focus through the new electronic IDentification, Authentication and trust Services (eIDAS) regulation in Europe. As identity management involves the management and use of personally identifiable information, it is important to evaluate the threats to SSI. We apply the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) threat modeling approach to the core components of SSI architecture and the interactions between them. Based on the summarized results, we discuss relevant mitigation methods and future research areas.

Pöhn, Daniela; Grabatin, Michael; Hommel, Wolfgang (2023): Modeling the Threats to Self-Sovereign Identities. Open Identity Summit 2023. DOI: 10.18420/OID2023_07. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-729-6. pp. 85-96. Regular Research Papers. Heilbronn, Germany. 15.-16. June 2023

Keywords

Self-sovereign identity, identity management, security analysis, threat modeling

DOI

10.18420/OID2023_07

URI

https://dl.gi.de/handle/20.500.12116/41695

Collections

P335 - Open Identity Summit 2023

Full item page

Show citations

Modeling the Threats to Self-Sovereign Identities

Fulltext URI

Document type

Files

Additional Information

Date

Authors

Journal Title

Journal ISSN

Volume Title

Source

Publisher

Abstract

Description

Keywords

Citation

DOI

URI

Collections

Endorsement

Review

Supplemented By

Referenced By