Skip to main content
SpringerLink
Log in

Decentralised identity federations using blockchain

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Federated Identity Management offers numerous economic benefits and convenience to Service Providers and users alike. In such federations, the Identity Provider (IdP) is the solitary entity responsible for managing user credentials and generating assertions for the users, who are requesting access to a service provider’s resource. This makes the IdP centralised and exhibits a single point of failure for the federation, making the federation prone to catastrophic damages. The paper presents our effort in designing and implementing a decentralised system in establishing an identity federation. In its attempt to decentralise the IdP in the federation, the proposed system relies on blockchain technology, thereby, mitigating the single point of failure shortcoming of existing identity federations and is designed using a set of requirements. In this article, we explore different aspects of designing and developing the system, present its protocol flow, analyse its performance, and evaluate its security using ProVerif, a state-of-the-art formal protocol verification tool.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Data availability

The experimental data that support the experimental evaluation presented in this article are available on GitHub with the URL: https://github.com/shuhanmirza/Decentralised-Identity-Federations-using-Blockchain

References

  1. (2022) Ethereum: a next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/wiki/White-Paper, accessed: 2024-03-11

  2. Alom, I., Eshita, R.M., Harun, A.I., et al.: Dynamic management of identity federations using blockchain. In: 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), IEEE, pp. 1–9 (2021)

  3. Androulaki, E., Barger, A., Bortnikov, V., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the thirteenth EuroSys conference, pp 1–15 (2018)

  4. Apache Apache Kafka. https://kafka.apache.org/ Accessed: May 13, 2024 (2022)

  5. Apache JMeter. https://jmeter.apache.org/, Accessed: 01-10-2022(2022)

  6. Bhuiyan, M.S.I., Razzak, A., Ferdous, M.S., et al.: Bonik: a blockchain empowered chatbot for financial transactions. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1079–1088 (2020)

  7. Blanchet, B.: Automatic verification of security protocols in the symbolic model: the verifier ProVerif. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) Foundations of Security Analysis and Design VII, FOSAD Tutorial Lectures. Lecture Notes in Computer Science, vol. 8604, pp. 54–87. Springer, Berlin (2014)

    Google Scholar 

  8. Blanchet, B., Smyth, B.: Automated reasoning for equivalences in the applied pi calculus with barriers. J. Comput. Secur. 26(3), 367–422 (2018)

    Article  Google Scholar 

  9. Cantor, S., Moreh, J., Philpott, R., et al.: Metadata for the OASIS security assertion markup language (SAML) V2. 0”. http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf, Accessed: 01-09-2020 (2018)

  10. Castro, M.: Practical byzantine fault tolerance. PhD thesis, laboratory for computer science, https://www.microsoft.com/en-us/research/publication/practical-byzantine-fault-tolerance-2/, george M. Sprowls Award (2001)

  11. Chadwick, D.W.: Federated identity management. In: Foundations of Security Analysis and Design V, pp. 96–120. Springer, Berlin (2009)

    Chapter  Google Scholar 

  12. Chowdhury, M.J.M., Ferdous, M.S., Biswas, K., et al.: A comparative analysis of distributed ledger technology platforms. IEEE Access 7(1), 167930–167943 (2019)

    Article  Google Scholar 

  13. Consortium, S.: Shibboleth. https://www.shibboleth.net/, Accessed: 01-09-2020 (2022)

  14. Daniel, L.: Delegated proof of stake. https://bitshares.org/delegated-proof-of-stake-consensus/, [Accessed 16-03-2024] (2024)

  15. El Haddouti, S., Ouaguid, A., Ech-Cherif El Kettani, M.D.: Fedidchain: an innovative blockchain-enabled framework for cross-border interoperability and trust management in identity federation systems. J. Netw. Syst. Manage. 31(2), 42 (2023)

    Article  Google Scholar 

  16. ElGayyar, M.M., ElYamany, H.F., Grolinger, K., et al.: Blockchain-based federated identity and auditing. International Journal of Blockchains and Cryptocurrencies. 1(2), 179–205 (2020) https://www.inderscienceonline.com/doi/pdf/10.1504/IJBC.2020.109004

  17. European Union. Gdpr–general data protection regulation. https://gdpr-info.eu/, accessed: 2023-03-22 (2023)

  18. Ferdous, M.S., Poet, R.: Dynamic identity federation using security assertion markup language (saml). In: IFIP Working Conference on Policies and Research in Identity Management, pp 131–146 (2013)

  19. Ferdous, M.S., Poet, R.: Portable personal identity provider in mobile phones. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-13), IEEE, pp 736–745 (2013)

  20. Ferdous, M.S., Poet, R.: Managing dynamic identity federations using security assertion markup language. J. Theor. Appl. Electron. Commer. Res. 10(2), 53–76 (2015)

    Article  Google Scholar 

  21. Ferdous, M.S., Poet, R.: Formalising identity management protocols. In: 14th Annual Conference on Privacy, Security and Trust (PST-16), IEEE, pp 137–146 (2016)

  22. Ferdous, M.S., Norman, G., Poet, R.: Mathematical modelling of identity, identity management and other related topics. In: 7th International Conference on Security of Information and Networks, pp. 9–9. Glasgow, UK; ACM (2014)

  23. Ferdous, M.S., Chowdhury, F., Alassafi, M.O.: In search of self-sovereign identity leveraging blockchain technology. IEEE Access 7, 103059–103079 (2019)

    Article  Google Scholar 

  24. Ferdous, M.S., Chowdhury, F., Alassafi, M.O., et al.: Social anchor: privacy-friendly attribute aggregation from social networks. IEEE Access 8, 61844–61871 (2020)

    Article  Google Scholar 

  25. Foundation, O.: Node.js. https://nodejs.org/en/, Accessed: 10-07-2022 (2022)

  26. Gudgeon, L., Moreno-Sanchez, P., Roos, S., et al.: Sok: Layer-two blockchain protocols. In: Financial Cryptography and Data Security: 24th International Conference, FC 2020, Kota Kinabalu, Malaysia, February 10–14, 2020 Revised Selected Papers 24, Springer, pp 201–226 (2020)

  27. Hyperledger Fabric: hyperledger fabric documentation. https://hyperledger-fabric.readthedocs.io/en/release-1.4/, accessed: 2023-03-22 (2023)

  28. Hyperledger foundation: hyperledger project. https://www.hyperledger.org/, Accessed: 10-07-2022 (2022)

  29. Jeffrey, Dean, et al.: Leveldb. https://github.com/google/leveldb, Accessed: 10-07-2022 (2022)

  30. Josang, A., AlZomai, M., Suriadi, S.: Usability and privacy in identity management architectures. In: ACSW Frontiers 2007: Proceedings of 5th Australasian Symposium on Grid Computing and e-Research, Australian Computer Society, pp 143–152 (2007)

  31. Khattak, Z.A., Sulaiman, S., Manan, J.L.A.: A study on threat model for federated identities in federated identity management system. In: 2010 International Symposium on Information Technology, pp 618–623, https://doi.org/10.1109/ITSIM.2010.5561611 (2010)

  32. King, S., Nadal, S.: Ppcoin: Peer-to-peer crypto-currency with proof-of-stake. https://peercoin.net/assets/paper/peercoin-paper.pdf, [Accessed 16-03-2024] (2024)

  33. Liu, Y., He, D., Obaidat, M.S., et al.: Blockchain-based identity management systems: a review. J. Netw. Comput. Appl. 166, 102731 (2020)

    Article  Google Scholar 

  34. Mell, P., Dray, J., Shook, J.: Smart contract federated identity management without third party authentication services. arXiv preprint arXiv:1906.11057 (2019)

  35. MySQL, A.B.: Mysql. https://www.mysql.com/, Accessed: 01-10-2022 (2024)

  36. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Tech. rep, Manubot (2019)

  37. OASIS Standard: Security and privacy considerations for the oasis security assertion markup language (saml) v2.0. https://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf, accessed: 2023-03-22 (2005)

  38. Open Web Application Security Project (OWASP) Saml security cheat sheet. https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html, accessed: 2023-03-22 (2023)

  39. Papathanasaki, M., Maglaras, L., Ayres, N.: Modern authentication methods: a comprehensive survey. AI Comput. Sci. Robot. Technol. (2022). https://doi.org/10.5772/acrt.08

    Article  Google Scholar 

  40. Quorum: Quorum blockchain. https://www.goquorum.com/, Accessed: 10-07-2022(2022)

  41. Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)

    Google Scholar 

  42. SimpleSAMLphp: security advisories - simplesamlphp. https://simplesamlphp.org/security/, Accessed: May 13, 2024 (2023)

  43. SimpleSAMLphp: simplesamlphp modules. https://simplesamlphp.org/docs/stable/simplesamlphp-modules.html, accessed: 2024-03-22 (2023)

  44. SimpleSAMLphp: simplesamlphp third-party modules. https://simplesamlphp.org/modules/, accessed: 2024-03-22 (2023)

  45. Szabo, N.: Smart contracts: building blocks for digital markets. EXTROPY: J. Transhumanist Thought (16) (1996)

  46. Holowaychuk, T.J., et al.: Express JS. https://expressjs.com/, Accessed: 10-07-2022 (2022)

  47. UNINETT (2022) SimpleSAMLphp. https://simplesamlphp.org/, Accessed: 01-06-2022

  48. U.S. Department of Health & Human Services. Health insurance portability and accountability act (hipaa). https://www.hhs.gov/hipaa/index.html, accessed: 2023-03-22 (2023)

  49. Woo, T.Y., Lam, S.S.: A semantic model for authentication protocols. In: Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, IEEE, pp 178–194 (1993) https://www.cs.utexas.edu/users/lam/Vita/IEEE/WooLam93a.pdf

  50. Yu, G., Wang, X., Yu, K., et al.: Survey: sharding in blockchains. IEEE Access 8, 14155–14181 (2020)

    Article  Google Scholar 

  51. ZXID. ZXID http://www.zxid.org/, Accessed: 01-09-2020 (2020)

Download references

Author information

Authors and Affiliations

  1. Shahjalal University of Science and Technology, Sylhet, Bangladesh

    Mirza Kamrul Bashar Shuhan, Syed Md. Hasnayeen & Tanmoy Krishna Das

  2. The University of Texas at Dallas, Dallas, USA

    Md. Nazmus Sakib

  3. BRAC University, Dhaka, Bangladesh

    Md Sadek Ferdous

  4. Imperial College London, London, UK

    Md Sadek Ferdous

Authors
  1. Mirza Kamrul Bashar Shuhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Syed Md. Hasnayeen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tanmoy Krishna Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Md. Nazmus Sakib
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Md Sadek Ferdous
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Mirza Kamrul Bashar Shuhan: Conceptualisation, Methodology, Investigation, Software, Resources, Writing - Original Draft, Visualisation Syed Md. Hasnayeen: Conceptualisation, Methodology, Investigation, Software, Resources, Writing - Original Draft Tanmoy Krishna Das: Investigation, Visualisation, Writing - Original Draft Md. Nazmus Sakib: Formal Analysis, Writing - Original Draft Dr. Md Sadek Ferdous: Conceptualisation, Methodology, Resources, Writing - Original Draft, Writing - Review & Editing, Supervision, Project administration

Corresponding author

Correspondence to Md Sadek Ferdous.

Ethics declarations

Conflict of interest

The authors have no Conflict of interest to declare that are directly or indirectly related to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendices

Appendix

A Algorithm

Algorithm 1
figure e

Chaincode

Full size image
Algorithm 2
figure f

DApp Code

Full size image

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shuhan, M.K.B., Hasnayeen, S.M., Das, T.K. et al. Decentralised identity federations using blockchain. Int. J. Inf. Secur. (2024). https://doi.org/10.1007/s10207-024-00864-6

Download citation

  • Published:

  • DOI: https://doi.org/10.1007/s10207-024-00864-6

Keywords

Search

Navigation