A New Approach to Constructing Decentralized Identifier for Secure and Flexible Key Rotation

Owing to the introduction of blockchain (BC) technology, a decentralized identity (DID) model has been proposed to replace conventional identity models based on centralized authorities. The BC platform operated by various participants provides a new root-of-trust functionality for entity identificat...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE internet of things journal 2022-07, Vol.9 (13), p.10610-10624
Hauptverfasser:	Park, Chang-Seop, Nam, Hye-Min
Format:	Artikel
Sprache:	eng
Schlagworte:	Access control Blockchain (BC) Blockchains Cryptography decentralized identity (DID) hyperledger fabric identity-stealing attack infinite one-way hash chain Internet of Things key rotation Performance evaluation Registers root-of-trust Rotation Security Smart contracts
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	10624
container_issue	13
container_start_page	10610
container_title	IEEE internet of things journal
container_volume	9
creator	Park, Chang-Seop Nam, Hye-Min
description	Owing to the introduction of blockchain (BC) technology, a decentralized identity (DID) model has been proposed to replace conventional identity models based on centralized authorities. The BC platform operated by various participants provides a new root-of-trust functionality for entity identification and access control. Each entity generates and registers its own identifier and credential (public key) to the BC such that any entity can obtain the other entity's public key. When the corresponding private key is compromised, the key rotation to generate and register a new key pair should be performed. However, the current approach for cryptographically binding a decentralized identifier with a public key induces a serious security problem that results in both identity-stealing attacks and multiple identifiers for a single entity. A new DID to address the security problem above is proposed herein, which is based on a newly proposed cryptographic primitive (infinite one-way hash chain), as well as its security analysis and performance evaluation on Hyperledger Fabric and Contiki Cooja simulator. To demonstrate the applicability of the proposed DID to various security protocols, an authenticated key exchange protocol is also designed.
doi_str_mv	10.1109/JIOT.2021.3121722
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_2677851175</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9583584</ieee_id><sourcerecordid>2677851175</sourcerecordid><originalsourceid>FETCH-LOGICAL-c208t-ee1be8ea1ab804a80c4a2f93a22d2bbb0385058754e1f61567d41de2e69be4d73</originalsourceid><addsrcrecordid>eNpNkFFLwzAQx4MoOOY-gPgS8LkzlzZN-jim0-lwoPNNCGl71YzazDRF56e3Y0N8ujv4_-64HyHnwMYALLu6ny9XY844jGPgIDk_IgMecxklacqP__WnZNS2a8ZYjwnI0gF5ndBH_KKTzcY7U7zT4OjUNW3wXRFs80avscAmeFPbHyzpvOwHW1n0tHKePmPReaSmKemsxm-b10gfcEufXDDBuuaMnFSmbnF0qEPyMrtZTe-ixfJ2Pp0sooIzFSJEyFGhAZMrlhjFisTwKosN5yXP85zFSjChpEgQqhREKssESuSYZjkmpYyH5HK_t3_is8M26LXrfNOf1DyVUgkAKfoU7FOFd23rsdIbbz-M32pgeudR7zzqnUd98NgzF3vGIuJfPhMqFiqJfwGcUG5D</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2677851175</pqid></control><display><type>article</type><title>A New Approach to Constructing Decentralized Identifier for Secure and Flexible Key Rotation</title><source>IEEE Electronic Library (IEL)</source><creator>Park, Chang-Seop ; Nam, Hye-Min</creator><creatorcontrib>Park, Chang-Seop ; Nam, Hye-Min</creatorcontrib><description>Owing to the introduction of blockchain (BC) technology, a decentralized identity (DID) model has been proposed to replace conventional identity models based on centralized authorities. The BC platform operated by various participants provides a new root-of-trust functionality for entity identification and access control. Each entity generates and registers its own identifier and credential (public key) to the BC such that any entity can obtain the other entity's public key. When the corresponding private key is compromised, the key rotation to generate and register a new key pair should be performed. However, the current approach for cryptographically binding a decentralized identifier with a public key induces a serious security problem that results in both identity-stealing attacks and multiple identifiers for a single entity. A new DID to address the security problem above is proposed herein, which is based on a newly proposed cryptographic primitive (infinite one-way hash chain), as well as its security analysis and performance evaluation on Hyperledger Fabric and Contiki Cooja simulator. To demonstrate the applicability of the proposed DID to various security protocols, an authenticated key exchange protocol is also designed.</description><identifier>ISSN: 2327-4662</identifier><identifier>EISSN: 2327-4662</identifier><identifier>DOI: 10.1109/JIOT.2021.3121722</identifier><identifier>CODEN: IITJAU</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Access control ; Blockchain (BC) ; Blockchains ; Cryptography ; decentralized identity (DID) ; hyperledger fabric ; identity-stealing attack ; infinite one-way hash chain ; Internet of Things ; key rotation ; Performance evaluation ; Registers ; root-of-trust ; Rotation ; Security ; Smart contracts</subject><ispartof>IEEE internet of things journal, 2022-07, Vol.9 (13), p.10610-10624</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c208t-ee1be8ea1ab804a80c4a2f93a22d2bbb0385058754e1f61567d41de2e69be4d73</citedby><cites>FETCH-LOGICAL-c208t-ee1be8ea1ab804a80c4a2f93a22d2bbb0385058754e1f61567d41de2e69be4d73</cites><orcidid>0000-0003-1273-5162 ; 0000-0003-1034-8257</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9583584$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27923,27924,54757</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9583584$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Park, Chang-Seop</creatorcontrib><creatorcontrib>Nam, Hye-Min</creatorcontrib><title>A New Approach to Constructing Decentralized Identifier for Secure and Flexible Key Rotation</title><title>IEEE internet of things journal</title><addtitle>JIoT</addtitle><description>Owing to the introduction of blockchain (BC) technology, a decentralized identity (DID) model has been proposed to replace conventional identity models based on centralized authorities. The BC platform operated by various participants provides a new root-of-trust functionality for entity identification and access control. Each entity generates and registers its own identifier and credential (public key) to the BC such that any entity can obtain the other entity's public key. When the corresponding private key is compromised, the key rotation to generate and register a new key pair should be performed. However, the current approach for cryptographically binding a decentralized identifier with a public key induces a serious security problem that results in both identity-stealing attacks and multiple identifiers for a single entity. A new DID to address the security problem above is proposed herein, which is based on a newly proposed cryptographic primitive (infinite one-way hash chain), as well as its security analysis and performance evaluation on Hyperledger Fabric and Contiki Cooja simulator. To demonstrate the applicability of the proposed DID to various security protocols, an authenticated key exchange protocol is also designed.</description><subject>Access control</subject><subject>Blockchain (BC)</subject><subject>Blockchains</subject><subject>Cryptography</subject><subject>decentralized identity (DID)</subject><subject>hyperledger fabric</subject><subject>identity-stealing attack</subject><subject>infinite one-way hash chain</subject><subject>Internet of Things</subject><subject>key rotation</subject><subject>Performance evaluation</subject><subject>Registers</subject><subject>root-of-trust</subject><subject>Rotation</subject><subject>Security</subject><subject>Smart contracts</subject><issn>2327-4662</issn><issn>2327-4662</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkFFLwzAQx4MoOOY-gPgS8LkzlzZN-jim0-lwoPNNCGl71YzazDRF56e3Y0N8ujv4_-64HyHnwMYALLu6ny9XY844jGPgIDk_IgMecxklacqP__WnZNS2a8ZYjwnI0gF5ndBH_KKTzcY7U7zT4OjUNW3wXRFs80avscAmeFPbHyzpvOwHW1n0tHKePmPReaSmKemsxm-b10gfcEufXDDBuuaMnFSmbnF0qEPyMrtZTe-ixfJ2Pp0sooIzFSJEyFGhAZMrlhjFisTwKosN5yXP85zFSjChpEgQqhREKssESuSYZjkmpYyH5HK_t3_is8M26LXrfNOf1DyVUgkAKfoU7FOFd23rsdIbbz-M32pgeudR7zzqnUd98NgzF3vGIuJfPhMqFiqJfwGcUG5D</recordid><startdate>20220701</startdate><enddate>20220701</enddate><creator>Park, Chang-Seop</creator><creator>Nam, Hye-Min</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-1273-5162</orcidid><orcidid>https://orcid.org/0000-0003-1034-8257</orcidid></search><sort><creationdate>20220701</creationdate><title>A New Approach to Constructing Decentralized Identifier for Secure and Flexible Key Rotation</title><author>Park, Chang-Seop ; Nam, Hye-Min</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c208t-ee1be8ea1ab804a80c4a2f93a22d2bbb0385058754e1f61567d41de2e69be4d73</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Access control</topic><topic>Blockchain (BC)</topic><topic>Blockchains</topic><topic>Cryptography</topic><topic>decentralized identity (DID)</topic><topic>hyperledger fabric</topic><topic>identity-stealing attack</topic><topic>infinite one-way hash chain</topic><topic>Internet of Things</topic><topic>key rotation</topic><topic>Performance evaluation</topic><topic>Registers</topic><topic>root-of-trust</topic><topic>Rotation</topic><topic>Security</topic><topic>Smart contracts</topic><toplevel>online_resources</toplevel><creatorcontrib>Park, Chang-Seop</creatorcontrib><creatorcontrib>Nam, Hye-Min</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE internet of things journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Park, Chang-Seop</au><au>Nam, Hye-Min</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A New Approach to Constructing Decentralized Identifier for Secure and Flexible Key Rotation</atitle><jtitle>IEEE internet of things journal</jtitle><stitle>JIoT</stitle><date>2022-07-01</date><risdate>2022</risdate><volume>9</volume><issue>13</issue><spage>10610</spage><epage>10624</epage><pages>10610-10624</pages><issn>2327-4662</issn><eissn>2327-4662</eissn><coden>IITJAU</coden><abstract>Owing to the introduction of blockchain (BC) technology, a decentralized identity (DID) model has been proposed to replace conventional identity models based on centralized authorities. The BC platform operated by various participants provides a new root-of-trust functionality for entity identification and access control. Each entity generates and registers its own identifier and credential (public key) to the BC such that any entity can obtain the other entity's public key. When the corresponding private key is compromised, the key rotation to generate and register a new key pair should be performed. However, the current approach for cryptographically binding a decentralized identifier with a public key induces a serious security problem that results in both identity-stealing attacks and multiple identifiers for a single entity. A new DID to address the security problem above is proposed herein, which is based on a newly proposed cryptographic primitive (infinite one-way hash chain), as well as its security analysis and performance evaluation on Hyperledger Fabric and Contiki Cooja simulator. To demonstrate the applicability of the proposed DID to various security protocols, an authenticated key exchange protocol is also designed.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/JIOT.2021.3121722</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0003-1273-5162</orcidid><orcidid>https://orcid.org/0000-0003-1034-8257</orcidid></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 2327-4662
ispartof	IEEE internet of things journal, 2022-07, Vol.9 (13), p.10610-10624
issn	2327-4662 2327-4662
language	eng
recordid	cdi_proquest_journals_2677851175
source	IEEE Electronic Library (IEL)
subjects	Access control Blockchain (BC) Blockchains Cryptography decentralized identity (DID) hyperledger fabric identity-stealing attack infinite one-way hash chain Internet of Things key rotation Performance evaluation Registers root-of-trust Rotation Security Smart contracts
title	A New Approach to Constructing Decentralized Identifier for Secure and Flexible Key Rotation
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-13T06%3A35%3A34IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20New%20Approach%20to%20Constructing%20Decentralized%20Identifier%20for%20Secure%20and%20Flexible%20Key%20Rotation&rft.jtitle=IEEE%20internet%20of%20things%20journal&rft.au=Park,%20Chang-Seop&rft.date=2022-07-01&rft.volume=9&rft.issue=13&rft.spage=10610&rft.epage=10624&rft.pages=10610-10624&rft.issn=2327-4662&rft.eissn=2327-4662&rft.coden=IITJAU&rft_id=info:doi/10.1109/JIOT.2021.3121722&rft_dat=%3Cproquest_RIE%3E2677851175%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2677851175&rft_id=info:pmid/&rft_ieee_id=9583584&rfr_iscdi=true