A blockchain-based energy trading system is a new paradigm of grid infrastructure, which allows that energy purchaser and seller can efficiently exchange the energy through two-way communication. ...However, because energy trading services are provided through public networks, these systems are vulnerable to potential security breaches. This paper proposed a privacy-preserving blockchain-based energy trading scheme for vehicle-to-vehicle to resolve the security issues of contemporary systems and provide secure energy trading services. The proposed scheme has high efficiency by applying decentralized identifiers and verifiable credentials technologies because the records of energy trading are not stored on blockchain and blockchain is only utilized in the validation of users. After completing the energy trading, the vehicle issues a verifiable credential to the counterpart to prove the legitimacy of the transaction. We also perform informal and formal security analysis to demonstrate its security and achieve secure mutual authentication, confidentiality, and session key security. Furthermore, we implement AVISPA simulation to show that our scheme is resistant to man-in-the-middle and replay attacks. As a result, the proposed scheme can be used in distributed smart grid environments.
•A blockchain-based energy trading scheme for V2V is proposed.•The proposed scheme provides a high capacity for blockchain using DID and VC.•Formal security analysis and simulation analysis are performed to prove its security.•The performance analysis is performed compared with the contemporary schemes.
•SSI can make KYC processes completely digital, efficient, compliant, and convenient.•No personal data need to be stored on a blockchain.•SSI inhibits data silos, lock-in effects, and aggregation of ...market power.•Blockchains role for SSI should be more restricted than is often proposed.
Display omitted
Know your customer (KYC) processes place a great burden on banks, because they are costly, inefficient, and inconvenient for customers. While blockchain technology is often mentioned as a potential solution, it is not clear how to use the technology’s advantages without violating data protection regulations and customer privacy. We demonstrate how blockchain-based self-sovereign identity (SSI) can solve the challenges of KYC. We follow a rigorous design science research approach to create a framework that utilizes SSI in the KYC process, deriving nascent design principles that theorize on blockchain’s role for SSI.
In large-scale Internet of Things, centralized authentication imposes several critical challenges in terms of vast identity management, authentication overhead, and single point of failure. ...Distributed identity management has been envisioned as a promising approach for mitigating above all, but the security and performance of the overall solution have not been extensively evaluated. In this paper, we proposed a decentralized identity management scheme based on blockchain for tackling large-scale Internet of Things such as VANET. We implement smart contracts to support large-scale user access control, together with design trust management methods for reputation evaluation and credit penalty mechanisms, which can prevent various types of attacks in distributed identification contexts. The experiment results and analysis justified that our scheme is scalable with good performance. Specifically, the system response is on a millisecond scale and all the functions consume within 250ms. Also, the time consumption of the query maintains a manageable delay within 0.5ms no matter the remarkable growth of users. Finally, we observe that the throughput of the current blockchain platform could meet the requirement of our scheme with the increasing number of users' upload request in real-world simulation.
Abstract
Digital identity and access management (IAM) poses significant challenges for companies. Cyberattacks and resulting data breaches frequently have their root cause in enterprises’ IAM ...systems. During the COVID-19 pandemic, issues with the remote authentication of employees working from home highlighted the need for better IAM solutions. Using a design science research approach, the paper reviews the requirements for IAM systems from an enterprise perspective and identifies the potential benefits of self-sovereign identity (SSI) – an emerging, passwordless paradigm in identity management that provides end users with cryptographic attestations stored in digital wallet apps. To do so, this paper first conducts a systematic literature review followed by an interview study and categorizes IAM system requirements according to security and compliance, operability, technology, and user aspects. In a second step, it presents an SSI-based prototype for IAM, whose suitability for addressing IAM challenges was assessed by twelve domain experts. The results suggest that the SSI-based authentication of employees can address requirements in each of the four IAM requirement categories. SSI can specifically improve manageability and usability aspects and help implement acknowledged best practices such as the principle of least privilege. Nonetheless, the findings also reveal that SSI is not a silver bullet for all of the challenges that today’s complex IAM systems face.
Self-Sovereign Identity (SSI) empowers users to govern their digital identity and personal data. This approach has changed the identity paradigm where users become the central governor of their ...identity; hence the rapid growth of the SSI model. Utilizing the security and privacy properties of blockchain, together with other security technologies, SSI purports to provide a robust security and privacy service. However, this governing power for users comes with a greater accountability and security risk, as not all users are capable or trained in its use and therefore in its efficient application. This trade-off requires a systematic evaluation of potential attacks on the SSI system and their security risks. Hitherto, there have been no noteworthy research studies performed to evaluate potential attacks on the SSI system and their security risks. This paper proposes an easy, efficient and economical approach to perform an evaluation of potential attacks on the SSI system and their security risks. This approach utilises a combination of an attack tree model and risk matrix model to perform this evaluation of potential attacks and their security risks, in addition to outlining a systematic approach including describing the system architecture and determining its assets in order to perform this evaluation of potential attacks and their security risks. This evaluation work has identified three potential attacks on the SSI system: faking identity, identity theft and distributed denial of service attacks, and performed their security risk evaluation utilising the proposed approach. Finally, this paper has proposed several mitigation strategies for the three evaluated attacks on the SSI system. This proposed evaluation approach is a systematic and generalised approach for evaluating attacks and their security risks, and can be applied to any other IT system.
The continuous development of the mobile computing environment has led to the emergence of fintech to enable convenient financial transactions in this environment. Previously proposed financial ...identity services mostly adopted centralized servers that are prone to single-point-of-failure problems and performance bottlenecks. Blockchain-based self-sovereign identity (SSI), which emerged to address this problem, is a technology that solves centralized problems and allows decentralized identification. However, the verifiable credential (VC), a unit of SSI data transactions, guarantees unlimited right to erasure for self-sovereignty. This does not suit the specificity of the financial transaction network, which requires the restriction of the right to erasure for credit evaluation. This paper proposes a model for VC generation and revocation verification for credit scoring data. The proposed model includes double zero knowledge - succinct non-interactive argument of knowledge (zk-SNARK) proof in the VC generation process between the holder and the issuer. In addition, cross-revocation verification takes place between the holder and the verifier. As a result, the proposed model builds a trust platform among the holder, issuer, and verifier while maintaining the decentralized SSI attributes and focusing on the VC life cycle. The model also improves the way in which credit evaluation data are processed as VCs by granting opt-in and the special right to erasure.
In recent years, the interest in using wireless communication technologies and mobile devices in the healthcare environment has increased. However, despite increased attention to the security of ...electronic health records, patient privacy is still at risk for data breaches. Thus, it is quite a challenge to involve an access control system especially if the patient's medical data are accessible by users who have diverse privileges in different situations. Blockchain is a new technology that can be adopted for decentralized access control management issues. Nevertheless, different scalability, security, and privacy challenges affect this technology. To address these issues, we suggest a novel Decentralized Self-Management of data Access Control (DSMAC) system using a blockchain-based Self-Sovereign Identity (SSI) model for privacy-preserving medical data, empowering patients with mechanisms to preserve control over their personal information and allowing them to self-grant access rights to their medical data. DSMAC leverages smart contracts to conduct Role-based Access Control policies and adopts the implementation of decentralized identifiers and verifiable credentials to describe advanced access control techniques for emergency cases. Finally, by evaluating performance and comparing analyses with other schemes, DSMAC can satisfy the privacy requirements of medical systems in terms of privacy, scalability, and sustainability, and offers a new approach for emergency cases.
The centralized PKI is not a suitable solution to provide identities in large-scale IoT systems. The main problem is the high cost of managing X.509 certificates throughout their lifecycle, from ...installation to regular updates and revocation. The Self-Sovereign Identity (SSI) is a decentralized option that reduces the need for human intervention, and therefore has the potential to significantly reduce the complexity and cost associated to identity management in large-scale IoT systems. However, to leverage the full potential of SSI, the authentication of IoT nodes needs to be moved from the application to the Transport Layer Security (TLS) level. This paper contributes to the adoption of SSI in large-scale IoT systems by addressing, for the first time, the extension of the original TLS 1.3 handshake to support two new SSI authentication modes while maintaining the interoperability with nodes implementing the original handshake protocol. The open source implementation of the new TLS 1.3 handshake protocol in OpenSSL is used to experimentally prove the feasibility of the approach.
PurposeRecognizing, tracking and providing mechanisms for sharing an individual's comprehensive record of learning is necessary and essential for both her agency over and ability to manage sharing ...her qualifications with parties whom she desires to be aware of her learning record. In doing so, she may capture and present degrees, certifications, microcredentials or badges representing varying levels of knowledge, skill and abilities (KSAs) achieved in both formal and informal educational experiences. This paper aims to discuss the aforementioned ideas.Design/methodology/approachIn the USA, competency frameworks are gaining more solid footing with both higher education institutions and employers as both move to address the changing landscape of education-to-work preparation and the relationships that exist between them. The need to support lifelong learning and the various pathways that individuals traverse in and out of educational pursuits and the workforce require a more personalized approach.FindingsThis paper will discuss the drivers of the newfound traction of competency frameworks among higher education and employers within the USA, present examples of the frameworks and how they are being applied to address the common interests of educators, employers and the learner/earners, and explain the role badges and microcredentials play in capturing and recognizing the broad spectrum of learning, skills and competencies achieved by an individual throughout the lifelong learning journey.Originality/valueThe digital badging taxonomy and concept of using badges as a representation of a unit of competency, both introduced in this paper, provide a unique strategy for contextualizing the relationship between levels of cognitive domain recognized in academic settings and the language of KSAs used by employers.
As the usage of electric vehicles (EVs) expands, various energy management technologies, including battery energy storage systems, are being developed to efficiently charge EVs using various energy ...sources. In recent years, many blockchain-based energy trading schemes have been proposed for secure energy trading. However, existing schemes cannot fully solve privacy issues and security problems during energy trading. In this paper, we propose a reliable and privacy-preserving vehicular energy trading scheme utilizing decentralized identifier technology. In the proposed scheme, identity information and trading result information are not revealed publicly; this is due to the use of decentralized identifiers and verifiable credential technologies. Additionally, only parties who have successfully conducted energy trading can manage complete transaction information. We also demonstrate our method’s security and ensure privacy preservation by performing informal and formal security analyses. Furthermore, we analyze the performance and security features of the proposed scheme and related works and show that the proposed scheme has competitive performance.