Secure, decentralized trust establishment in self-sovereign identity systems

Description

Researchers agree that trust is an inherently individual metric depending on institutional frameworks. Instead of revolving

around the user, trust in modern Internet infrastructure is implicit and has been progressively centered around large technology

corporations. The identity management domain is especially dominated by the "Social Logins" of powerful organizations, such as

Facebook and Google, and therefore poses a threat to digital sovereignty and individual trust. In an effort to decentralize identity

management, self-sovereign identity (SSI) systems have emerged. SSI systems require new methodologies to establish trust in a

secure and decentralized way. Our research shows that, at the moment, no optimal trust models are available. As the main contribution

of this thesis, we propose a novel trust framework for SSI. We argue that a self-sovereign system requires an explicit trust model where

the trust decision must always lie with the verifier. We use a trust evaluation component that enables verifiers to formulate complex and

context-specific trust policies. Further, we extend a practical attribute-based delegation approach and propose how it can be utilized as a

decentralized trust establishment mechanism to assess trust in unknown entities. We adopt the concept of trust schemes and show that the

mechanism can express different forms of trust. Further, a unified space is introduced, which verifiers use to manage policies and trust

schemes - the trust policy store. The evaluation shows that the framework can serve as a self-sovereign trust solution for service providers,

but additional effort is required to support end-users. We conclude that the framework’s usability is in question and requires further investigation.

Lastly, we offer opportunities to advance the technical maturity of the framework by optimizing the proof-of-concept solution for performance and

stability, integrating other trust establishment mechanisms, and introducing support for decentralized identifiers.