International Journal on Advanced Science, Engineering and Information Technology

The Internet today lacks an identity protocol for identifying people and organizations. As a result, service providers needed to build and maintain their own databases of user information. This solution is costly to the service providers, inefficient as much of the information is duplicated across different providers, difficult to secure as evidenced by recent large-scale personal data breaches around the world, and cumbersome to the users who need to remember different sets of credentials for different services. Furthermore, personal information could be collected for data mining, profiling and exploitation without users' knowledge or consent. The ideal solution would be self-sovereign identity, a new form of identity management that is owned and controlled entirely by each individual user. This solution would include the individual's consolidated digital identity as well as their set of verified attributes that have been cryptographically signed by various trusted issuers. The individual provides proof of identity and membership by sharing relevant parts of their identity with the service providers. Consent for access may also be revoked hence giving the individual full control over its own data. This survey critically investigates different blockchain based identity management and authentication frameworks. A summary of the state-of-the-art blockchain based identity management and authentication solutions from year 2014 to 2018 is presented. The paper concludes with the open issues, main challenges and directions highlighted for future work in this area. In a nutshell, the discovery of this new mechanism disrupted the existing identity management and authentication solutions and by providing a more promising secure platform.

Blockchain, Authentication, Identity Management, Distributed Ledger Technology, Ethereum, Hyperledger

Nakamoto, S., Bitcoin: A Peer-to-Peer Electronic Cash System. 2008.

Wood, G., Ethereum: A Secure Decentralised Generalised Transaction Ledger EIP-150 Revision. 2014.

Swan, M., Blockchain: Blueprint for a new economy. 2015: O'Reilly Media, Inc.

Alizadeh Mojtaba, A.S., Zamani Mazdak, Baharun Sabariah, Sakurai Kouichi, Authentication in mobile cloud computing: A survey. Journal of Network and Computer Applications, 2016. 61: p. 59-80.

Shu Yun Lim, M.L.M.K., Tan Fong Ang, Security Issues and Future Challenges of Cloud Service Authentication. Acta Polytechnica Hungarica, 2017. 14(2): p. 69-89.

TheStar, M’sia sees biggest mobile data breach, in TheStar. 2017.

MalaysiaKini, After data leaks, Personal Data Protection Act needs review, in Malaysia Kini. 2018.

Nagaraju, S. and L. Parthiban, SecAuthn: Provably Secure Multi-Factor Authentication for the Cloud Computing Systems. Indian Journal of Science and Technology, 2016. 9(9).

Ghazizadeh E., M., J. L. A., Zamani, M., Pashang, A. A survey on security issues of federated identity in the cloud computing. in Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on. 2012.

Meredith, S., Facebook-Cambridge Analytica: A timeline of the data hijacking scandal. 2018, CNBC.

Andrew Tobin, D.R., The Inevitable Rise of Self-Sovereign Identity. 2017.

Simon, H. SAML: The Secret to Centralized Identity Management. 2004.

Zwattendorfer, B., et al., A Federated Cloud Identity Broker-Model for Enhanced Privacy via Proxy Re-Encryption, in Communications and Multimedia Security, B. De Decker and A. Zúquete, Editors. 2014, Springer Berlin Heidelberg. p. 92-103.

Andrew Tobin, D.R., The Inevitable Rise of Self-Sovereign Identity (White paper). 2017: Sovrin Foundation.

M I Awang, M.A.M., R R Mohamed, A Ahmad, N A Rawi, A Pattern-Based Password Authentication Scheme for Minimizing Shoulder Surfing Attack. International Journal on Advanced Science, Engineering and Information Technology, 2017. 7(3).

Keszthelyi , A., About Passwords. Acta Polytechnica Hungarica, 2013. Vol. 10, No. 6.

Recordon, D. and B. Fitzpatrick, OpenID Authentication 1.1. Finalized OpenID Specification, May, 2006.

Celesti, A., et al. Three-Phase Cross-Cloud Federation Model: The Cloud SSO Authentication. in Advances in Future Internet (AFIN), 2010 Second International Conference on. 2010.

Senk, C., Future of Cloud-Based Services for Multi-factor Authentication: Results of a Delphi Study, in Cloud Computing, M. Yousif and L. Schubert, Editors. 2013, Springer International Publishing. p. 134-144.

Chaurasia, B., A. Shahi, and S. Verma, Authentication in Cloud Computing Environment Using Two Factor Authentication, in Proceedings of the Third International Conference on Soft Computing for Problem Solving, M. Pant, et al., Editors. 2014, Springer India. p. 779-785.

Banyal, R.K., P. Jain, and V.K. Jain. Multi-factor Authentication Framework for Cloud Computing. in Computational Intelligence, Modelling and Simulation (CIMSim), 2013 Fifth International Conference on. 2013.

Imran Naguru, N.K.R.B., Feature Matching in Iris Recognition System using MATLAB. International Journal on Advanced Science, Engineering and Information Technology, 2017. 7(5).

Hahn, C. and J. Hur, Efficient and privacy-preserving biometric identification in cloud. ICT Express, 2016. 2(3): p. 135-139.

Rathgeb, C. and A. Uhl, A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security, 2011. 2011(1): p. 3.

Markus Jakobsson, E.S., Philippe Golle, Richard Chow, Implicit authentication for mobile devices, in Proceedings of the 4th USENIX conference on Hot topics in security. 2009, USENIX Association: Montreal, Canada. p. 9-9.

Jeong, H. and E. Choi, User Authentication using Profiling in Mobile Cloud Computing. Aasri Conference on Power and Energy Systems, 2012. 2: p. 262-267.

Chow, R., et al., Authentication in the clouds: a framework and its application to mobile users, in Proceedings of the 2010 ACM workshop on Cloud computing security workshop. 2010, ACM: Chicago, Illinois, USA. p. 1-6.

Ismail, R., Enhancement of Online Identity Authentication Though Blockchain Technology. 2017: Malaysia.

Aaron Wright, P.D.F., Decentralized Blockchain Technology and the Rise of Lex Cryptographia. 2015.

Vukolić, M., The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication, in Open Problems in Network Security. iNetSec 2015. Lecture Notes in Computer Science. 2016, Springer.

M. Ali, R.S., J. Nelson and M. J. Freedman, Blockstack: A New Internet for Decentralized Applications (Whitepaper). 2017.

J. Nelson, M.A., R. Shea and M. J. Freedman, Extending Existing Blockchains with Virtualchain, in Workshop on Distributed Cryptocurrencies and Consensus Ledgers. 2016.

M. Ali, J.N., R. Shea and M. J. Freedman. Blockstack: A Global Naming and Storage System Secured by Blockchains. in 2016 USENIX Annual Technical Conference. 2016.

Atzori, M., Blockchain technology and decentralized governance: Is the state still necessary? 2015.

Foundation, T.L., Hyperledger Overview. 2018.

Jesse Leimgruber, A.M., John Backus, Bloom Protocol: Decentralized credit scoring powered by Ethereum and IPFS. 2018.

Shocard, Identity Management Verified Using the Blockchain. 2017.

Christian Lundkvist, R.H., Joel Torstensson, Zac Mitton, Michael Sena, UPORT: A Platform for Self-Sovereign Identity. 2016.

Digital, I.O., I/O Digital Application Based Blockchain Whitepaper. 2016.

BlockAuth, Powering a franchised network of OpenID Connect providers that verify user authentication and authenticity. 2014.

Uniquid. Uniquid Blockchain Access Management. 2017; Available from: http://uniquid.com/.

Charleen Fei, J.L., Eugeniu Rusu,Kasia Szawan, Kai Wagner, Natascha Wittenberg, Jolocom: Decentralization By Design. 2018.

Blockchain, C. Identity compliance, simplified. 2018; Available from: https://www.cambridge-blockchain.com/.

Legal, K. Blockchain identity verification. 2018; Available from: https://kyc.legal/en.

Conner Fromknecht, D.V., Sophia Yakoubov CertCoin: A NameCoin Based Decentralized Authentication System. 2014.

Authenteq. Identity Verification & KYC. 2018; Available from: https://authenteq.com/.

Samaniego, M., & Deters, R. . Blockchain as a Service for IoT. in IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). 2016. IEEE.

Kirk, J. Blockchain for Identity Management: It's Years Away. 2018 [cited 2018; Available from: https://www.bankinfosecurity.com/blockchain-for-identity-management-its-years-away-a-10598.

NameCoin. Namecoin. 2018; Available from: https://www.namecoin.org/.