Achieving Higher Level of Assurance in Privacy Preserving Identity Wallets

2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Year: 2023, Pages: 1049-1059
DOI: 10.1109/TrustCom60117.2023.00146

ABSTRACT
Recent advances in Decentralized Digital Identity solutions, revolving around the use of Verifiable Credentials towards identity sovereignty, are centered around Identity Wallets for ensuring that identity data control remains with the user. However, such schemes still lack the capabilities to provide higher Level of Assurance (LoA) guarantees, for identity verification, which restricts their full potential. In this paper, we design and showcase DOOR; a library that enables Identity Wallets to leverage hardware Roots-of-Trust (RoT) for binding user authentication factors to HW-based keys, thus, allowing for both proof of (User) identity and (Wallet) integrity, bringing them in alignment with emerging regulations and standards that require higher LoA for services (e.g. eIDAS). At the same time, we make sure that privacy-enhancing properties like selective-disclosure are fully supported in order to make the Wallet compliant with privacy regulations (e.g. GDPR). To achieve all the above, we have designed an enhanced variant of Attribute-based Direct Anonymous Attestation (DAA-A) crypto protocol for offering anonymity, unlinkability, and unforgeability, while being the first to offer strong guarantees on the Wallet’s integrity when constructing attribute attestations. We formally prove the security properties of DOOR, offered by the underlying crypto primitives used to enable selective disclosure of attributes, by describing their construction while also benchmarking their computational footprint and comparing them with other widespread cryptographic mechanisms (adopted by the standards) in terms of performance, size of the associated verifiable presentations while safeguarding user anonymous authentication and unlinkability.

AUTHORS
Benjamin Larsen, Technical University of Denmark,Kongens Lyngby,Denmark  
Nada El Kassem, University of Surrey,Surrey,UK  
Thanassis Giannetsos, Ubitech Ltd.,Athens,Greece  
Ioannis Krontiris, Huawei Technologies Duesseldorf GmbH,Munich,Germany  
Stefanos Vasileiadis, Ubitech Ltd.,Athens,Greece  
Liqun Chen, University of Surrey,Surrey,UK