DNS-IdM: A Blockchain Identity Management System to Secure Personal Data Sharing in a Network

Jamila Alsayed Kassem; Sarwar Sayeed; Hector Marco-Gisbert; Zeeshan Pervez; Keshav Dahal

doi:10.3390/app9152953

DNS-IdM: A Blockchain Identity Management System to Secure Personal Data Sharing in a Network

Applied Sciences ◽

10.3390/app9152953 ◽

2019 ◽

Vol 9 (15) ◽

pp. 2953 ◽

Cited By ~ 7

Author(s):

Jamila Alsayed Kassem ◽

Sarwar Sayeed ◽

Hector Marco-Gisbert ◽

Zeeshan Pervez ◽

Keshav Dahal

Keyword(s):

Management System ◽

Identity Management ◽

Personal Information ◽

Single Point ◽

Personal Data ◽

Third Party ◽

Security And Privacy ◽

General Data Protection Regulation ◽

Main Challenge ◽

Identity Management System

Identity management (IdM) is a method used to determine user identities. The centralized aspect of IdM introduces a serious concern with the growing value of personal information, as well as with the General Data Protection Regulation (GDPR). The problem with currently-deployed systems and their dominating approach, with identity providers (IdP) and single-point services, is that a third party is in charge of maintaining and controlling the personal data. The main challenge to manage data securely lies in trusting humans and institutes who are responsible for controlling the entire activity. Identities are not owned by the rightful owners or the user him/herself, but by the mentioned providers. With the rise of blockchain technology, self-sovereign identities are in place utilizing decentralization; unfortunately, the flaws still exist. In this research, we propose DNS-IdM, a smart contract-based identity management system that enables users to maintain their identities associated with certain attributes, accomplishing the self-sovereign concept. DNS-IdM has promising outcomes in terms of security and privacy. Due to the decentralized nature, DNS-IdM is able to avoid not only the conventional security threats, but also the limitations of the current decentralized identity management systems.

Download Full-text

Privacy-aware blockchain for personal data sharing and tracking

Open Computer Science ◽

10.1515/comp-2019-0005 ◽

2019 ◽

Vol 9 (1) ◽

pp. 80-91 ◽

Cited By ~ 5

Author(s):

Md Mehedi Hassan Onik ◽

Chul-Soo Kim ◽

Nam-Yong Lee ◽

Jinhong Yang

Keyword(s):

Information Management ◽

Data Sharing ◽

Management System ◽

Personal Information ◽

Personal Data ◽

Information Management System ◽

Data Movement ◽

General Data Protection Regulation ◽

Blockchain Technology ◽

Personally Identifiable Information

AbstractSecure data distribution is critical for data accountability. Surveillance caused privacy breaching incidents have already questioned existing personal data collection techniques. Organizations assemble a huge amount of personally identifiable information (PII) for data-driven market analysis and prediction. However, the limitation of data tracking tools restricts the detection of exact data breaching points. Blockchain technology, an ‘immutable’ distributed ledger, can be leveraged to establish a transparent data auditing platform. However, Art. 42 and Art. 25 of general data protection regulation (GDPR) demands ‘right to forget’ and ‘right to erase’ of personal information, which goes against the immutability of blockchain technology. This paper proposes a GDPR complied decentralized and trusted PII sharing and tracking scheme. Proposed blockchain based personally identifiable information management system (BcPIIMS) demonstrates data movement among GDPR entities (user, controller and processor). Considering GDPR limitations, BcPIIMS used off-the-chain data storing architecture. A prototype was created to validate the proposed architecture using multichain. The use of off-the-chain storage reduces individual block size. Additionally, private blockchain also limits personal data leaking by collecting fast approval from restricted peers. This study presents personal data sharing, deleting, modifying and tracking features to verify the privacy of proposed blockchain based personally identifiable information management system.

Download Full-text

BPDIMS:A Blockchain-based Personal Data and Identity Management System

Proceedings of the 52nd Hawaii International Conference on System Sciences ◽

10.24251/hicss.2019.821 ◽

2019 ◽

Cited By ~ 6

Author(s):

Benedict Faber ◽

Georg Cappelen Michelet ◽

Niklas Weidmann ◽

Raghava Rao Mukkamala ◽

Ravi Vatrapu

Keyword(s):

Management System ◽

Identity Management ◽

Personal Data ◽

Identity Management System

Download Full-text

Survey on Identity Management using Blockchain Technology

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v7i12.506 ◽

2018 ◽

Vol 7 (12) ◽

pp. 52 ◽

Cited By ~ 1

Author(s):

Mardavkumar Gandhi

Keyword(s):

Management System ◽

Identity Management ◽

Personal Information ◽

Place Of Birth ◽

Blockchain Technology ◽

Driver's License ◽

Identity Management System ◽

Privacy Problem ◽

User Friendly ◽

Current Systems

In the present interconnected world, digital IDs are used to demonstrate identity. These IDs prove to be only tangentially related to the service being accessed and requires us to apply a significant amount of privacy. The current systems possess number of problems such as proxies but blockchain proves to be the solution for this type of Identity related problem.Markers of identity are often required to be very personal pieces of data. Consider a list of personal information collected when someone opens a savings account, such as address and identification (driver’s license or passport). It’s easy to take these pieces of data for granted, as we’ve generally become accustomed to handing them over at the drop of a hat. But let’s take a moment to consider what giving up these pieces of identity really means and whether is it necessary?In handing over a passport to a banker, a person gives the bank full permission to record not only their date and place of birth, but also everywhere he or she has toured.In order to solve above privacy problem and to make Identity sharing process more user friendly I have implemented an Identity Management System with Blockchain technology with the help of hyperledger fabric framework.

Download Full-text

Holistic Privacy-Preserving Identity Management System for the Internet of Things

Mobile Information Systems ◽

10.1155/2017/6384186 ◽

2017 ◽

Vol 2017 ◽

pp. 1-20 ◽

Cited By ~ 14

Author(s):

Jorge Bernal Bernabe ◽

Jose L. Hernandez-Ramos ◽

Antonio F. Skarmeta Gomez

Keyword(s):

Internet Of Things ◽

Management System ◽

Large Scale ◽

Identity Management ◽

Privacy Preserving ◽

Security And Privacy ◽

The Internet ◽

Identity Management System ◽

Anonymous Credential ◽

The Internet Of Things

Security and privacy concerns are becoming an important barrier for large scale adoption and deployment of the Internet of Things. To address this issue, the identity management system defined herein provides a novel holistic and privacy-preserving solution aiming to cope with heterogeneous scenarios that requires both traditional online access control and authentication, along with claim-based approach for M2M (machine to machine) interactions required in IoT. It combines a cryptographic approach for claim-based authentication using the Idemix anonymous credential system, together with classic IdM mechanisms by relying on the FIWARE IdM (Keyrock). This symbiosis endows the IdM system with advanced features such as privacy-preserving, minimal disclosure, zero-knowledge proofs, unlikability, confidentiality, pseudonymity, strong authentication, user consent, and offline M2M transactions. The IdM system has been specially tailored for the Internet of Things bearing in mind the management of both users’ and smart objects’ identity. Moreover, the IdM system has been successfully implemented, deployed, and tested in the scope of SocIoTal European research project.

Download Full-text

Federated Identity Management (FIdM) Systems Limitation and Solutions

10.5121/csit.2021.110502 ◽

2021 ◽

Author(s):

Maha Aldosary ◽

Norah Alqahtani

Keyword(s):

Management System ◽

Identity Management ◽

Security And Privacy ◽

Identity Information ◽

Identity Management System ◽

Federated Identity Management ◽

Federated Identity ◽

Privacy Issues ◽

Digital Identities

Efficient identity management system has become one of the fundamental requirements for ensuring safe, secure, and transparent use of identifiable information and attributes. FIdM allows users to distribute their identity information across security domains which increase the portability of their digital identities. However, it also raises new architectural challenges and significant security and privacy issues that need to be mitigated. In this paper, we presented the limitations and risks in Federated Identity Management system and discuss the results and proposed solutions.

Download Full-text

A Smart Contract-Based Dynamic Consent Management System for Personal Data Usage under GDPR

Sensors ◽

10.3390/s21237994 ◽

2021 ◽

Vol 21 (23) ◽

pp. 7994

Author(s):

Mpyana Mwamba Merlec ◽

Youn Kyu Lee ◽

Seng-Phil Hong ◽

Hoh Peter In

Keyword(s):

Management System ◽

Personal Information ◽

Experimental Testing ◽

Personal Data ◽

Security And Privacy ◽

Data Provenance ◽

Privacy Rights ◽

Data Usage ◽

Smart Contract ◽

Dynamic Consent

A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.

Download Full-text

Understanding of blockchain-based identity management system adoption in the public sector

Journal of Enterprise Information Management ◽

10.1108/jeim-12-2020-0532 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Chang Soo Sung ◽

Joo Yeon Park

Keyword(s):

Literature Review ◽

Management System ◽

Public Services ◽

Identity Management ◽

New Technologies ◽

Personal Information ◽

Content Type ◽

Government Sector ◽

Identity Management System ◽

The Government

PurposeThis study aims to understand the benefits and challenges associated with the adoption of a blockchain-based identity management system in public services by conducting an academic literature review, and to explore the design of such a system that can be applied to the Korean government.Design/methodology/approachThis study explores the adoption of a blockchain-based identity management system using a literature review and an actual design case intended for use by the government sector.FindingsBlockchain-based identity management systems can significantly improve transparency, accountability, and reliability in the user control of one's own data while reducing the time and cost needed to deliver public services, as well as increasing administrative efficiency. However, it is not always easy to implement such systems, and introducing new technologies in the government field requires a complicated, time-consuming process. There is currently an appetite for research extending beyond the typical technology-driven approach to elucidate the government adoption of new technologies and explore its implications.Practical implicationsThe idea behind this system is that by storing and managing personal information on the blockchain and providing mobile apps to customers, users can log in or retrieve previously authenticated personal information without having to go through an authentication process. Since users do not need to go through the verification process every time, it is expected that they will be able to access only the necessary personal information more quickly and conveniently without having to deal with unnecessary details. In addition, the blockchain-based operation of a public service effectively increases the transparency and reliability of that service and reduces the social costs caused by personal information leakage.Originality/valueThis study introduces the design of a blockchain-based identity management system that can be used in public services, specifically in the Korean government sector for the first time. Along with a literature review, the implications that this study gleans from these real-world use cases can contribute to this field of research.

Download Full-text

Health-ID: A Blockchain-Based Decentralized Identity Management for Remote Healthcare

Healthcare ◽

10.3390/healthcare9060712 ◽

2021 ◽

Vol 9 (6) ◽

pp. 712

Author(s):

Ibrahim Tariq Javed ◽

Fares Alharbi ◽

Badr Bellaj ◽

Tiziana Margaria ◽

Noel Crespi ◽

...

Keyword(s):

Management System ◽

Identity Management ◽

Service Providers ◽

Healthcare Providers ◽

Security And Privacy ◽

Propagation Time ◽

Block Time ◽

Remote Healthcare ◽

Identity Management System ◽

Ehealth Service

COVID-19 has made eHealth an imperative. The pandemic has been a true catalyst for remote eHealth solutions such as teleHealth. Telehealth facilitates care, diagnoses, and treatment remotely, making them more efficient, accessible, and economical. However, they have a centralized identity management system that restricts the interoperability of patient and healthcare provider identification. Thus, creating silos of users that are unable to authenticate themselves beyond their eHealth application’s domain. Furthermore, the consumers of remote eHealth applications are forced to trust their service providers completely. They cannot check whether their eHealth service providers adhere to the regulations to ensure the security and privacy of their identity information. Therefore, we present a blockchain-based decentralized identity management system that allows patients and healthcare providers to identify and authenticate themselves transparently and securely across different eHealth domains. Patients and healthcare providers are uniquely identified by their health identifiers (healthIDs). The identity attributes are attested by a healthcare regulator, indexed on the blockchain, and stored by the identity owner. We implemented smart contracts on an Ethereum consortium blockchain to facilities identification and authentication procedures. We further analyze the performance using different metrics, including transaction gas cost, transaction per second, number of blocks lost, and block propagation time. Parameters including block-time, gas-limit, and sealers are adjusted to achieve the optimal performance of our consortium blockchain.

Download Full-text