An Attack Tree Based Risk Analysis Method for Investigating Attacks and Facilitating Their Mitigations in Self-Sovereign Identity

Nitin Naik, Paul Grace, Paul Jenkins

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Citations (Scopus)

Abstract

Self-Sovereign Identity (SSI) is a digital identity that is managed in a decentralized manner utilising an underlying blockchain. It allows identity owners to manage and store their digital identities without relying on centralised third-party providers. Providing full control of an identity to its owner seeks to enhance the security and privacy of the individual. The utilisation of the decentralised trust model provided by an underlying blockchain realises this user-centred control. However, this operational change towards greater control and responsibility placed upon identity owners poses new challenges and security threats to the SSI system. Heretofore, there have been no significant research studies performed to assess potential attacks on the SSI system. The SSI model is an emerging Identity Management model, and requires a meticulous study of its potential attack surfaces. Therefore, this paper proposes an attack tree based risk analysis method for investigating potential attacks on the SSI system and their associated risks in facilitating their mitigations. This proposed attack tree based risk analysis method presents a systematic and generalised model to generate attack trees that can be used to perform risk analysis. In this investigation, three potential attacks on the SSI system are focused: faking identity, identity theft and distributed denial of service attacks. For each attack, the attack tree based risk analysis is performed; and subsequently, their mitigations are proposed.

Original languageEnglish
Title of host publication2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728190488
DOIs
Publication statusPublished - 7 Dec 2021
Event2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021 - Orlando, United States
Duration: 5 Dec 20217 Dec 2021

Publication series

Name2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021 - Proceedings

Conference

Conference2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021
Country/TerritoryUnited States
CityOrlando
Period5/12/217/12/21

Keywords

  • Attack Tree
  • Blockchain
  • DID
  • DLT
  • Decentralized IDentifier
  • Digital Identity
  • Distributed Ledger Technology
  • Faking Identity
  • IDM
  • Identity Management System
  • Identity Theft
  • Risk Analysis Method
  • SSI
  • Self-Sovereign Identity
  • VC
  • Verifiable Credential

Cite this