Abstract
Digital identity provides mechanisms for personally identifying information (PII) to be asserted and verified in digital services and transactions. To utilize the full potential of digital identity in to enable personalized services and efficient transactions, blockchain technology is being proposed as the means to achieve the holy grail. While it certainly has promise, the growing number of threats on the blockchain ecosystem and the traditional identity management system call for a systematic approach towards securing the identity management based on blockchains. We study the existing attacks and the known vulnerabilities and the possible hypothetical attacks which might get executed via these vulnerabilities. We analyze these attack scenarios with respect to the attacker’s costs and benefits and the defender’s mitigation costs and damages. Finally, we propose design considerations for the architects towards securing their implementation of the blockchain based digital identity systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Dunphy, P., Petitcolas, F.A.: A first look at identity management schemes on the blockchain. IEEE Secur. Privacy 16(4), 20–29 (2018)
FireEye: overruled: containing a potentially destructive adversary (July 2019), https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
Hern, A.: Bitcoin currency could have been destroyed by ‘51%’ attack (June 2014). https://www.theguardian.com/technology/2014/jun/16/bitcoin-currency-destroyed-51-attack-ghash-io
Jacobovitz, O.: Blockchain for identity management. the Lynne and William Frankel center for computer science department of computer science. Ben-Gurion Univ. Beer Sheva 1, 9 (2016)
McAfee: Cryptojacking. In: Blockchain Threat Report (August 2018). https://www.mcafee.com/enterprise/en-us/assets/reports/rp-blockchain-security-risks.pdf
MyEtherWallet: Official statement regarding DNS spoofing of myetherwallet domain (2018). https://www.reddit.com/r/MyEtherWallet/comments/8eloo9/official_statement_regarding_dns_spoofing_of/
Pandya, G.: Nokia’s MITM on HTTPS traffic from their phone (January 2013). https://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/
Rusinek, D.: Blockchain: new types of insider threat (January 2020). https://www.securing.pl/en/blockchain-new-types-of-insider-threat/
UK National Cyber Security Centre: Advisory: Use of credential stuffing tools (November 2018). https://www.ncsc.gov.uk/news/use-credential-stuffing-tools
Verizon: Data breach investigations report (April 2015), https://doi.org/10.13140/RG.2.1.4205.5768
Wuille, P.: Hierarchical deterministic wallets seed phrase security (2012). https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Security
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Pillai, A., Saraswat, V., Ramachandran, A.V. (2022). Protection Guidelines for Blockchain Based Digital Identity. In: Abraham, A., et al. Hybrid Intelligent Systems. HIS 2021. Lecture Notes in Networks and Systems, vol 420. Springer, Cham. https://doi.org/10.1007/978-3-030-96305-7_59
Download citation
DOI: https://doi.org/10.1007/978-3-030-96305-7_59
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-96304-0
Online ISBN: 978-3-030-96305-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)