NSF backs research into self-sovereign digital identities

Research that’s being carried out under a U.S. National Science Foundation (NSF) grant aims to improve the cryptographic procedures and applications for generating, storing, and managing Internet users’ digital identities.

Backed by a two-year, $173,852 NSF grant, computer scientist Dr. Nikolay Ivanov, assistant professor in the Department of Computer Science at Rowan University’s College of Science & Mathematics and director of the Research Laboratory for Advanced Cyber Systems and Usable Security, is conducting the first systematic study of the usability of self-sovereign digital identities’ (SSDIs) interactions, and to develop the first comprehensive inventory of these protocols.

Self-Sovereign Digital Identities is a decentralized approach whereby individual online users have complete control over their own digital identities. Users can store, manage, and verify their personal data without relying on a third-party provider. SSIs create trust in digital data exchange and ensures safer handling of personal information. By using an SSI, users can grant or withhold access to their data, enhancing privacy and security.

SSIs also enable interoperability between different digital services, making it easier for users to manage their identities across various platforms, and improves compliance with data protection regulations by giving individuals direct control over their personal information.

As digital identities become progressively important, the self-sovereign approach pledges a more secure and private user experience.

“The majority of mass data breaches are the shortcomings of current systems for storing internet users’ digital identities,” Ivanov said, explaining that “a more secure framework already exists, but it lacks usability.” He added that SSDI protocols are cumbersome and “require such a degree of technical savviness that they are not yet ready for the general public.”

“We cannot expect billions of people to memorize an 80-digit private key,” Ivanov said.

“If the databases where all these records are stored together are attacked, the result is something we see in the news almost every day: massive data breaches,” Ivanov said, noting that because “digital identity management is such an intrinsic part of our daily life … we don’t think much about what we are risking when we register accounts or share information.”

“When we store our data under third-party servers, we are at the mercy of those services,” Ivanov said. “Even our personal security is now more dependent on our digital accounts, so allowing third-party companies to handle such important things is becoming riskier.”

Through SSDIs, he explained, “we’re trying to bring digital identities back on the user side. Self-sovereign digital identities, by design, effectively prevent mass-scale data breaches.”

SSDIs “can facilitate more digital equity so that, regardless of their background, people have equal access and opportunities when it comes to using digital resources,” Ivanov said, noting that a digital identity is not just one account, but rather it involves multiple records that are used to access servers, websites, and platforms that are all tied to users’ personal data.

According to the NSF, Ivanov’s research will “advance the SSDI field through a multi-phased approach focusing on usability and on the development of practical communication protocols.”

NSF explained that the “two-stage study involving human subjects is poised to identify usability issues within the SSDI lifecycle, guiding the creation of a detailed inventory of SSDI communication protocols. These protocols cover account management, authentication, authorization, certification, revocation, data provenance, non-repudiation, transactions, multi-party signatures, voting, delegation, one-time access tokens, public key infrastructure (PKI), data oracles, and zero-knowledge data storage and retrieval.”

NSF said “the developed protocols will form the basis of the framework that will feature an application programming interface (API) and tools for effective SSDI management.”

According to the NSF, “the new concept of Self-Sovereign Digital Identities enables individuals to maintain control over their own data and digital accounts. This approach aims to be safer and more private than traditional systems, such as Centralized Digital Identities or Federated Digital Identities. However, there is a need for more secure and interoperable communication protocols between SSDI systems. Additionally, these systems require enhancements to their user-friendliness, as many people are hesitant to adopt them due to their complexity and lack of full development.”

Pursuant to NSF’s grant, Ivanov plans to conduct the first comprehensive examination of SSDI usability and to create a complete inventory of communication protocols that can function across various SSDI applications.

NSF said the broader significance and importance of the scientist’s research will show that “the SSDI paradigm has the potential to significantly improve data privacy and mitigate the impact of data breaches, offering extensive benefits to both the global economy and individual citizens” and will, presumably, include comprehensive usability datasets; will be fully public and open-source, serving as valuable resources for cross-disciplinary projects that investigate human factors in cybersecurity; and make “a substantial contribution to the fields of digital privacy rights and digital equity.”

Article Topics

data protection  |  digital identity  |  national science foundation  |  self-sovereign identity