TY - GEN
T1 - An Attack Tree Based Risk Analysis Method for Investigating Attacks and Facilitating Their Mitigations in Self-Sovereign Identity
AU - Naik, Nitin
AU - Grace, Paul
AU - Jenkins, Paul
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/12/7
Y1 - 2021/12/7
N2 - Self-Sovereign Identity (SSI) is a digital identity that is managed in a decentralized manner utilising an underlying blockchain. It allows identity owners to manage and store their digital identities without relying on centralised third-party providers. Providing full control of an identity to its owner seeks to enhance the security and privacy of the individual. The utilisation of the decentralised trust model provided by an underlying blockchain realises this user-centred control. However, this operational change towards greater control and responsibility placed upon identity owners poses new challenges and security threats to the SSI system. Heretofore, there have been no significant research studies performed to assess potential attacks on the SSI system. The SSI model is an emerging Identity Management model, and requires a meticulous study of its potential attack surfaces. Therefore, this paper proposes an attack tree based risk analysis method for investigating potential attacks on the SSI system and their associated risks in facilitating their mitigations. This proposed attack tree based risk analysis method presents a systematic and generalised model to generate attack trees that can be used to perform risk analysis. In this investigation, three potential attacks on the SSI system are focused: faking identity, identity theft and distributed denial of service attacks. For each attack, the attack tree based risk analysis is performed; and subsequently, their mitigations are proposed.
AB - Self-Sovereign Identity (SSI) is a digital identity that is managed in a decentralized manner utilising an underlying blockchain. It allows identity owners to manage and store their digital identities without relying on centralised third-party providers. Providing full control of an identity to its owner seeks to enhance the security and privacy of the individual. The utilisation of the decentralised trust model provided by an underlying blockchain realises this user-centred control. However, this operational change towards greater control and responsibility placed upon identity owners poses new challenges and security threats to the SSI system. Heretofore, there have been no significant research studies performed to assess potential attacks on the SSI system. The SSI model is an emerging Identity Management model, and requires a meticulous study of its potential attack surfaces. Therefore, this paper proposes an attack tree based risk analysis method for investigating potential attacks on the SSI system and their associated risks in facilitating their mitigations. This proposed attack tree based risk analysis method presents a systematic and generalised model to generate attack trees that can be used to perform risk analysis. In this investigation, three potential attacks on the SSI system are focused: faking identity, identity theft and distributed denial of service attacks. For each attack, the attack tree based risk analysis is performed; and subsequently, their mitigations are proposed.
KW - Attack Tree
KW - Blockchain
KW - DID
KW - DLT
KW - Decentralized IDentifier
KW - Digital Identity
KW - Distributed Ledger Technology
KW - Faking Identity
KW - IDM
KW - Identity Management System
KW - Identity Theft
KW - Risk Analysis Method
KW - SSI
KW - Self-Sovereign Identity
KW - VC
KW - Verifiable Credential
UR - http://www.scopus.com/inward/record.url?scp=85125764900&partnerID=8YFLogxK
U2 - 10.1109/SSCI50451.2021.9659929
DO - 10.1109/SSCI50451.2021.9659929
M3 - Conference contribution
AN - SCOPUS:85125764900
T3 - 2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021 - Proceedings
BT - 2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021
Y2 - 5 December 2021 through 7 December 2021
ER -