SSI, from Specifications to Protocol? Formally verify security!

Christoph H.-J. Braun; Ross Horne; Tobias Käfer; Sjouke Mauw

SSI, from Specifications to Protocol? Formally verify security!

Christoph H.-J. Braun, Ross Horne, Tobias Käfer, Sjouke Mauw

Published: 23 Jan 2024, Last Modified: 23 May 2024TheWebConf24 OralEveryoneRevisionsBibTeX

Keywords: SSI, Protocol, Standards, Verifiable Credentials, DID, Hyperledger Aries

Abstract: We evaluate a bundle of specifications from the Self-Sovereign Identity (SSI) paradigm to construct an authentication protocol for the Web. We demonstrate how relevant standards such as W3C Verifiable Credentials (VC), W3C Decentralised Identifiers (DIDs), and components of the Hyperledger Aries Framework are to be assembled methodologically into a protocol. We make those assumptions from standard trust models explicit that underlie the derived protocol, and verify security and privacy properties, notably secrecy, authentication, and unlinkability. This enables us to formally justify the additional precision that we urge these specifications to consider, to ensure that implementors of SSI-based systems do not neglect security-critical controls.

Track: Security

Submission Guidelines Scope: Yes

Submission Guidelines Blind: Yes

Submission Guidelines Format: Yes

Submission Guidelines Limit: Yes

Submission Guidelines Authorship: Yes

Student Author: Yes

Submission Number: 643

Loading