Abstract
Federated Identity Management offers numerous economic benefits and convenience to Service Providers and users alike. In such federations, the Identity Provider (IdP) is the solitary entity responsible for managing user credentials and generating assertions for the users, who are requesting access to a service provider’s resource. This makes the IdP centralised and exhibits a single point of failure for the federation, making the federation prone to catastrophic damages. The paper presents our effort in designing and implementing a decentralised system in establishing an identity federation. In its attempt to decentralise the IdP in the federation, the proposed system relies on blockchain technology, thereby, mitigating the single point of failure shortcoming of existing identity federations and is designed using a set of requirements. In this article, we explore different aspects of designing and developing the system, present its protocol flow, analyse its performance, and evaluate its security using ProVerif, a state-of-the-art formal protocol verification tool.
Similar content being viewed by others
Data availability
The experimental data that support the experimental evaluation presented in this article are available on GitHub with the URL: https://github.com/shuhanmirza/Decentralised-Identity-Federations-using-Blockchain
References
(2022) Ethereum: a next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/wiki/White-Paper, accessed: 2024-03-11
Alom, I., Eshita, R.M., Harun, A.I., et al.: Dynamic management of identity federations using blockchain. In: 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), IEEE, pp. 1–9 (2021)
Androulaki, E., Barger, A., Bortnikov, V., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the thirteenth EuroSys conference, pp 1–15 (2018)
Apache Apache Kafka. https://kafka.apache.org/ Accessed: May 13, 2024 (2022)
Apache JMeter. https://jmeter.apache.org/, Accessed: 01-10-2022(2022)
Bhuiyan, M.S.I., Razzak, A., Ferdous, M.S., et al.: Bonik: a blockchain empowered chatbot for financial transactions. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1079–1088 (2020)
Blanchet, B.: Automatic verification of security protocols in the symbolic model: the verifier ProVerif. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) Foundations of Security Analysis and Design VII, FOSAD Tutorial Lectures. Lecture Notes in Computer Science, vol. 8604, pp. 54–87. Springer, Berlin (2014)
Blanchet, B., Smyth, B.: Automated reasoning for equivalences in the applied pi calculus with barriers. J. Comput. Secur. 26(3), 367–422 (2018)
Cantor, S., Moreh, J., Philpott, R., et al.: Metadata for the OASIS security assertion markup language (SAML) V2. 0”. http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf, Accessed: 01-09-2020 (2018)
Castro, M.: Practical byzantine fault tolerance. PhD thesis, laboratory for computer science, https://www.microsoft.com/en-us/research/publication/practical-byzantine-fault-tolerance-2/, george M. Sprowls Award (2001)
Chadwick, D.W.: Federated identity management. In: Foundations of Security Analysis and Design V, pp. 96–120. Springer, Berlin (2009)
Chowdhury, M.J.M., Ferdous, M.S., Biswas, K., et al.: A comparative analysis of distributed ledger technology platforms. IEEE Access 7(1), 167930–167943 (2019)
Consortium, S.: Shibboleth. https://www.shibboleth.net/, Accessed: 01-09-2020 (2022)
Daniel, L.: Delegated proof of stake. https://bitshares.org/delegated-proof-of-stake-consensus/, [Accessed 16-03-2024] (2024)
El Haddouti, S., Ouaguid, A., Ech-Cherif El Kettani, M.D.: Fedidchain: an innovative blockchain-enabled framework for cross-border interoperability and trust management in identity federation systems. J. Netw. Syst. Manage. 31(2), 42 (2023)
ElGayyar, M.M., ElYamany, H.F., Grolinger, K., et al.: Blockchain-based federated identity and auditing. International Journal of Blockchains and Cryptocurrencies. 1(2), 179–205 (2020) https://www.inderscienceonline.com/doi/pdf/10.1504/IJBC.2020.109004
European Union. Gdpr–general data protection regulation. https://gdpr-info.eu/, accessed: 2023-03-22 (2023)
Ferdous, M.S., Poet, R.: Dynamic identity federation using security assertion markup language (saml). In: IFIP Working Conference on Policies and Research in Identity Management, pp 131–146 (2013)
Ferdous, M.S., Poet, R.: Portable personal identity provider in mobile phones. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-13), IEEE, pp 736–745 (2013)
Ferdous, M.S., Poet, R.: Managing dynamic identity federations using security assertion markup language. J. Theor. Appl. Electron. Commer. Res. 10(2), 53–76 (2015)
Ferdous, M.S., Poet, R.: Formalising identity management protocols. In: 14th Annual Conference on Privacy, Security and Trust (PST-16), IEEE, pp 137–146 (2016)
Ferdous, M.S., Norman, G., Poet, R.: Mathematical modelling of identity, identity management and other related topics. In: 7th International Conference on Security of Information and Networks, pp. 9–9. Glasgow, UK; ACM (2014)
Ferdous, M.S., Chowdhury, F., Alassafi, M.O.: In search of self-sovereign identity leveraging blockchain technology. IEEE Access 7, 103059–103079 (2019)
Ferdous, M.S., Chowdhury, F., Alassafi, M.O., et al.: Social anchor: privacy-friendly attribute aggregation from social networks. IEEE Access 8, 61844–61871 (2020)
Foundation, O.: Node.js. https://nodejs.org/en/, Accessed: 10-07-2022 (2022)
Gudgeon, L., Moreno-Sanchez, P., Roos, S., et al.: Sok: Layer-two blockchain protocols. In: Financial Cryptography and Data Security: 24th International Conference, FC 2020, Kota Kinabalu, Malaysia, February 10–14, 2020 Revised Selected Papers 24, Springer, pp 201–226 (2020)
Hyperledger Fabric: hyperledger fabric documentation. https://hyperledger-fabric.readthedocs.io/en/release-1.4/, accessed: 2023-03-22 (2023)
Hyperledger foundation: hyperledger project. https://www.hyperledger.org/, Accessed: 10-07-2022 (2022)
Jeffrey, Dean, et al.: Leveldb. https://github.com/google/leveldb, Accessed: 10-07-2022 (2022)
Josang, A., AlZomai, M., Suriadi, S.: Usability and privacy in identity management architectures. In: ACSW Frontiers 2007: Proceedings of 5th Australasian Symposium on Grid Computing and e-Research, Australian Computer Society, pp 143–152 (2007)
Khattak, Z.A., Sulaiman, S., Manan, J.L.A.: A study on threat model for federated identities in federated identity management system. In: 2010 International Symposium on Information Technology, pp 618–623, https://doi.org/10.1109/ITSIM.2010.5561611 (2010)
King, S., Nadal, S.: Ppcoin: Peer-to-peer crypto-currency with proof-of-stake. https://peercoin.net/assets/paper/peercoin-paper.pdf, [Accessed 16-03-2024] (2024)
Liu, Y., He, D., Obaidat, M.S., et al.: Blockchain-based identity management systems: a review. J. Netw. Comput. Appl. 166, 102731 (2020)
Mell, P., Dray, J., Shook, J.: Smart contract federated identity management without third party authentication services. arXiv preprint arXiv:1906.11057 (2019)
MySQL, A.B.: Mysql. https://www.mysql.com/, Accessed: 01-10-2022 (2024)
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Tech. rep, Manubot (2019)
OASIS Standard: Security and privacy considerations for the oasis security assertion markup language (saml) v2.0. https://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf, accessed: 2023-03-22 (2005)
Open Web Application Security Project (OWASP) Saml security cheat sheet. https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html, accessed: 2023-03-22 (2023)
Papathanasaki, M., Maglaras, L., Ayres, N.: Modern authentication methods: a comprehensive survey. AI Comput. Sci. Robot. Technol. (2022). https://doi.org/10.5772/acrt.08
Quorum: Quorum blockchain. https://www.goquorum.com/, Accessed: 10-07-2022(2022)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
SimpleSAMLphp: security advisories - simplesamlphp. https://simplesamlphp.org/security/, Accessed: May 13, 2024 (2023)
SimpleSAMLphp: simplesamlphp modules. https://simplesamlphp.org/docs/stable/simplesamlphp-modules.html, accessed: 2024-03-22 (2023)
SimpleSAMLphp: simplesamlphp third-party modules. https://simplesamlphp.org/modules/, accessed: 2024-03-22 (2023)
Szabo, N.: Smart contracts: building blocks for digital markets. EXTROPY: J. Transhumanist Thought (16) (1996)
Holowaychuk, T.J., et al.: Express JS. https://expressjs.com/, Accessed: 10-07-2022 (2022)
UNINETT (2022) SimpleSAMLphp. https://simplesamlphp.org/, Accessed: 01-06-2022
U.S. Department of Health & Human Services. Health insurance portability and accountability act (hipaa). https://www.hhs.gov/hipaa/index.html, accessed: 2023-03-22 (2023)
Woo, T.Y., Lam, S.S.: A semantic model for authentication protocols. In: Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, IEEE, pp 178–194 (1993) https://www.cs.utexas.edu/users/lam/Vita/IEEE/WooLam93a.pdf
Yu, G., Wang, X., Yu, K., et al.: Survey: sharding in blockchains. IEEE Access 8, 14155–14181 (2020)
ZXID. ZXID http://www.zxid.org/, Accessed: 01-09-2020 (2020)
Author information
Authors and Affiliations
Contributions
Mirza Kamrul Bashar Shuhan: Conceptualisation, Methodology, Investigation, Software, Resources, Writing - Original Draft, Visualisation Syed Md. Hasnayeen: Conceptualisation, Methodology, Investigation, Software, Resources, Writing - Original Draft Tanmoy Krishna Das: Investigation, Visualisation, Writing - Original Draft Md. Nazmus Sakib: Formal Analysis, Writing - Original Draft Dr. Md Sadek Ferdous: Conceptualisation, Methodology, Resources, Writing - Original Draft, Writing - Review & Editing, Supervision, Project administration
Corresponding author
Ethics declarations
Conflict of interest
The authors have no Conflict of interest to declare that are directly or indirectly related to the content of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix
A Algorithm
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Shuhan, M.K.B., Hasnayeen, S.M., Das, T.K. et al. Decentralised identity federations using blockchain. Int. J. Inf. Secur. (2024). https://doi.org/10.1007/s10207-024-00864-6
Published:
DOI: https://doi.org/10.1007/s10207-024-00864-6