SSI, from specifications to protocol? Formally verify security!

Christoph H.-J. Braun, Ross Horne, Tobias Käfer, Sjouke Mauw

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

4 Downloads (Pure)

Abstract

We evaluate a bundle of specifications from the Self-Sovereign Identity (SSI) paradigm to construct an authentication protocol for the Web. We demonstrate how relevant standards such as W3C Verifiable Credentials (VC), W3C Decentralised Identifiers (DIDs), and components of the Hyperledger Aries Framework are to be assembled methodologically into a protocol. We make those assumptions from standard trust models explicit that underlie the derived protocol, and verify security and privacy properties, notably secrecy, authentication, and unlinkability. This enables us to formally justify the additional precision that we urge these specifications to consider, to ensure that implementors of SSI-based systems do not neglect security-critical controls.
Original languageEnglish
Title of host publicationWWW '24: Proceedings of the ACM on Web Conference 2024
Pages1620–1631
Number of pages12
ISBN (Electronic)9798400701719
DOIs
Publication statusPublished - 13 May 2024
EventWWW '24: The ACM Web Conference 2024 - Singapore
Duration: 13 May 202417 May 2024

Conference

ConferenceWWW '24: The ACM Web Conference 2024
CitySingapore
Period13/05/2417/05/24

Keywords

  • web standards
  • self-sovereign identity
  • formal verification

Fingerprint

Dive into the research topics of 'SSI, from specifications to protocol? Formally verify security!'. Together they form a unique fingerprint.

Cite this