TUM Logo

Fraunhofer-Gesellschaft reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption

In this paper we present reclaimID: An architecture that allows users to reclaim their digital identities by securely sharing identity attributes without the need for a centralised service provider. We propose a design where user attributes are stored in and shared over a name system under user-owned namespaces. Attributes are encrypted using attribute-based encryption (ABE), allowing the user to selectively authorize and revoke access of requesting parties to subsets of his attributes. We present an implementation based on the decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE using type-1 pairings. To show the practicality of our implementation, we carried out experimental evaluations of selected implementation aspects including attribute resolution performance. Finally, we show that our design can be used as a standard OpenID Connect Identity Provider allowing our implementation to be integrated into standard-compliant services.

Fraunhofer-Gesellschaft reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption

International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Authors: Martin Schanzenbach, Georg Bramm, and Julian Schütte
Year/month: 2018/8
Booktitle: International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Address: New York, New York
Publisher: Institute of Electrical and Electronics Engineers -IEEE-
Fulltext:

Abstract

In this paper we present reclaimID: An architecture that allows users to reclaim their digital identities by securely sharing identity attributes without the need for a centralised service provider. We propose a design where user attributes are stored in and shared over a name system under user-owned namespaces. Attributes are encrypted using attribute-based encryption (ABE), allowing the user to selectively authorize and revoke access of requesting parties to subsets of his attributes. We present an implementation based on the decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE using type-1 pairings. To show the practicality of our implementation, we carried out experimental evaluations of selected implementation aspects including attribute resolution performance. Finally, we show that our design can be used as a standard OpenID Connect Identity Provider allowing our implementation to be integrated into standard-compliant services.

Bibtex:

@inproceedings { schanzenbach2018reclaim,
author = { Martin Schanzenbach and Georg Bramm and Julian Schütte},
title = { Fraunhofer-Gesellschaft reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption },
year = { 2018 },
month = { August },
booktitle = { International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) },
address = { New York, New York },
publisher = { Institute of Electrical and Electronics Engineers -IEEE- },

}