Advertisement

Trust Me If You Can: Trusted Transformation Between (JSON) Schemas to Support Global Authentication of Education Credentials

Conference paper
  • 355 Downloads
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 625)

Abstract

Recruiters and institutions around the world struggle with the verification of diplomas issued in a diverse and global education setting. Firstly, it is a nontrivial problem to identify bogus institutions selling education credentials. While institutions are often accredited by qualified authorities on a regional level, there is no global authority fulfilling this task.Secondly, many different data schemas are used to encode education credentials, which represents a considerable challenge to automated processing. Consequently, significant manual effort is required to verify credentials.

In this paper, we tackle these challenges by introducing a decentralized and open system to automatically verify the legitimacy of issuers and interpret credentials in unknown schemas. We do so by enabling participants to publish transformation information, which enables verifiers to transform credentials into their preferred schema. Due to the lack of a global root of trust, we utilize a distributed ledger to build a decentralized web of trust, which verifiers can query to gather information on the trustworthiness of issuing institutions and to establish trust in transformation information. Going beyond diploma fraud, our system can be generalized to tackle the generalized problem for other domains lacking a root of trust and agreements on data schemas.

Keywords

Blockchain Distributed ledger Web of trust Trust management Education credentials Verification Self-sovereign identity 

References

  1. 1.
    Abraham, A., More, S., Rabensteiner, C., Hörandner, F.: Revocable and offline-verifiable self-sovereign identities. In: TrustCom/BigDataSE 2020. IEEE (2020)Google Scholar
  2. 2.
    Alber, L., More, S., Mödersheim, S.A., Schlichtkrull, A.: Adapting the TPL trust policy language for a self-sovereign identity world. In: Open Identity Summit 2021. OID 2021, Gesellschaft für Informatik (2021, in press)Google Scholar
  3. 3.
    Alexopoulos, N., Daubert, J., Mühlhäuser, M., Habib, S.M.: Beyond the hype: on using blockchains in trust management for authentication. In: TrustCom/BigDataSE/ICESS 2017, pp. 546–553. IEEE (2017)Google Scholar
  4. 4.
    Allen, C., et al.: Decentralized public key infrastructure. White Paper, Rebooting the Web of Trust (2015)Google Scholar
  5. 5.
    Bear, J., Ezell, A.: Degree Mills: The Billion-Dollar Industry That Has Sold Over a Million Fake Diplomas. Prometheus Books (2012)Google Scholar
  6. 6.
    Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: design and semantics of a decentralized authorization language. J. Comput. Secur. 18(4), 619–665 (2010)CrossRefGoogle Scholar
  7. 7.
    Børresen, L.J., Meier, E., Skjerven, S.A.: Detecting fake university degrees in a digital world. In: Corruption in Higher Education: Global Challenges and Responses, Global Perspectives on Higher Education, vol. 46, pp. 102–107. Brill \(\mid \) Sense (2020)Google Scholar
  8. 8.
    Brunner, C., Knirsch, F., Unterweger, A., Engel, D.: A comparison of blockchain-based PKI implementations. In: Proceedings of the 6th International Conference on Information Systems Security and Privacy, ICISSP 2020, pp. 333–340. SciTePress (2020)Google Scholar
  9. 9.
    Camilleri, A.F., Duffy, K.H., Otto, N.: Modeling Educational Verifiable Credentials. Draft community group report, W3C Verifiable Credentials for Education Task Force (2020). https://w3c-ccg.github.io/vc-ed-models. Accessed 22 Jan 2021
  10. 10.
    Camilleri, A.F., Tück, C.: Higher Education Interoperable Data Initiative (HEIDI). Living document (2020). https://heidirepo.github.io/HEIDI. Accessed 22 Jan 2021
  11. 11.
    Connecting Europe Facility: EBSI: Use Cases and Functional Documentation (2020). https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITALEBSI/Use+Cases+and+Functional+Documentation. Accessed 22 Jan 2021
  12. 12.
    Davie, M., Gisolfi, D., Hardman, D., Jordan, J., O’Donnell, D., Reed, D.: The trust over IP stack. IEEE Commun. Stand. Mag. 3(4), 46–51 (2019)CrossRefGoogle Scholar
  13. 13.
    Digital Credentials Consortium: Building the Digital Credential Infrastructure for the Future (2020). https://digitalcredentials.mit.edu/wp-content/uploads/2020/02/white-paper-building-digital-credential-infrastructure-future.pdf. Accessed 22 Jan 2021
  14. 14.
    ETER: European Tertiary Education Register (2020). https://www.eter-project.com. Accessed 22 Jan 2021
  15. 15.
    Ethereum: Ethereum JSON RPC API (2020). https://eth.wiki/json-rpc/API. Accessed 22 Jan 2021
  16. 16.
    Ethereum: Solidity Documentation (2021). https://docs.soliditylang.org. Accessed 22 Jan 2021
  17. 17.
    Etherscan: Ethereum Blocktime (2021). https://etherscan.io/chart/blocktime. Accessed 22 Jan 2021
  18. 18.
    European Commission: Europass Digital Credentials Infrastructure (2020). https://ec.europa.eu/futurium/en/europass/europass-digital-credentials-infrastructure. Accessed 22 Jan 2021
  19. 19.
    FutureTrust Consortium: Global Trust Service List (2020). https://pilots.futuretrust.eu/gtsl. Accessed 22 Jan 2021
  20. 20.
    Gräther, W., Kolvenbach, S., Ruland, R., Schütte, J., Torres, C., Wendland, F.: Blockchain for education: lifelong learning passport. In: Proceedings of the 1st ERCIM Blockchain Workshop. European Society for Socially Embedded Technologies (2018)Google Scholar
  21. 21.
    Gössner, S.: Transforming JSON (2006). https://goessner.net/articles/jsont. Accessed 22 Jan 2021
  22. 22.
    Gössner, S.: JSONPath - XPath for JSON (2007). https://goessner.net/articles/JsonPath. Accessed 22 Jan 2021
  23. 23.
    HEDD: UK Higher Education Degree Datacheck (2020). https://hedd.ac.uk/about. Accessed 22 Jan 2021
  24. 24.
    IMS Global Learning Consortium: Open Badges v2.0. Technical report (2018). https://www.imsglobal.org/sites/default/files/Badges/OBv2p0Final/index.html
  25. 25.
    Kuperberg, M.: Blockchain-based identity management: a survey from the enterprise and ecosystem perspective. IEEE Trans. Eng. Manag. 67(4), 1008–1027 (2020)CrossRefGoogle Scholar
  26. 26.
    Lane, D., Vontas, C., Rückstieß, T., Poggi, D.: jsonpath-object-transform (2017). https://github.com/dvdln/jsonpath-object-transform. Accessed 22 Jan 2021
  27. 27.
    Lee, A.J., Yu, T.: Towards quantitative analysis of proofs of authorization: applications, framework, and techniques. In: Proceedings for the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, pp. 139–153. IEEE (2010)Google Scholar
  28. 28.
    Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. J. Comput. Secur. 11(1), 35–86 (2003)CrossRefGoogle Scholar
  29. 29.
    MIT Media Lab Learning Initiative and Hyland Credentials: Blockcerts - An Open Infrastructure for Academic Credentials on the Blockchain (2016). https://www.blockcerts.org. Accessed 22 Jan 2021
  30. 30.
    Mödersheim, S., Schlichtkrull, A., Wagner, G., More, S., Alber, L.: TPL: a trust policy language. In: Meng, W., Cofta, P., Jensen, C.D., Grandison, T. (eds.) IFIPTM 2019. IAICT, vol. 563, pp. 209–223. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-33716-2_16CrossRefGoogle Scholar
  31. 31.
    Mödersheim, S.A., Ni, B.: GTPL: A graphical trust policy language. In: Open Identity Summit 2019, OID 2019, pp. 107–118. Gesellschaft für Informatik (2019)Google Scholar
  32. 32.
    Mühle, A., Grüner, A., Gayvoronskaya, T., Meinel, C.: A survey on essential components of a self-sovereign identity. Comput. Sci. Rev. 30, 80–86 (2018)CrossRefGoogle Scholar
  33. 33.
    Office for Students: OfS Register (Spreadsheet) (2021). https://apis.officeforstudents.org.uk/OfsRegisterDownload/api/Register/. Accessed 22 Jan 2021
  34. 34.
    Protocol Labs: IPFS Documentation (2021). https://docs.ipfs.io. Accessed 22 Jan 2021
  35. 35.
    Reed, D., Sporny, M., Longley, D., Allen, C., Grant, R., Sabadello, M.: Decentralized Identifiers (DIDs) v1.0. W3C working draft, W3C (2021). https://www.w3.org/TR/2021/WD-did-core-20210128/
  36. 36.
    Rodler, M., Li, W., Karame, G.O., Davi, L.: Sereum: protecting existing smart contracts against re-entrancy attacks. In: Proceedings of the 26th Annual Network and Distributed System Security Symposium, NDSS 2019. Internet Society (2019)Google Scholar
  37. 37.
    Rodler, M., Li, W., Karame, G.O., Davi, L.: EVMPatch: timely and automated patching of ethereum smart contracts. In: 30th USENIX Security Symposium. USENIX Security 2021. USENIX Association (2021)Google Scholar
  38. 38.
    Sporny, M., Longley, D., Chadwick, D.: Verifiable Credentials Data Model 1.0. W3C recommendation, W3C (2019). https://www.w3.org/TR/2019/REC-vc-data-model-20191119/
  39. 39.
    Torres, C.F., Baden, M., Norvill, R., Pontiveros, B.B.F., Jonker, H., Mauw, S.: ÆGIS: shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020, pp. 584–597. ACM (2020)Google Scholar
  40. 40.
    UK Department of Education: Higher Education Degree Datacheck (2020). https://hedd.ac.uk/about. Accessed 16 Oct 2020
  41. 41.
    W3C Verifiable Credentials for Education Task Force: vc-ed (2020). https://w3c-ccg.github.io/vc-ed. Accessed 22 Jan 2021
  42. 42.
    Weinhardt, S., Omolola, O.: Usability of policy authoring tools: a layered approach. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy, ICISSP 2019, pp. 301–308. SciTePress (2019)Google Scholar
  43. 43.
    Weinhardt, S., St. Pierre, D.: Lessons learned – conducting a user experience evaluation of a trust policy authoring tool. In: Open Identity Summit 2019, OID 2019, pp. 185–190. Gesellschaft für Informatik (2019)Google Scholar
  44. 44.
    Wright, A., Andrews, H., Hutton, B.: JSON Schema Specification (2020). https://json-schema.org/specification.html. Accessed 22 Jan 2021
  45. 45.
    Yakubov, A., Shbair, W., State, R.: BlockPGP: a blockchain-based framework for PGP key servers. In: Proceedings of the 6th International Symposium on Computing and Networking Workshops, pp. 316–322. IEEE (2018)Google Scholar
  46. 46.
    Zwattendorfer, B., Zefferer, T., Stranacher, K.: An overview of cloud identity management-models. In: Proceedings of the 10th International Conference on Web Information Systems and Technologies, WEBIST 2014, vol. 2, pp. 82–92. SciTePress (2014)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2021

Authors and Affiliations

  1. 1.Graz University of TechnologyGrazAustria
  2. 2.lab10 collectiveGrazAustria
  3. 3.St. Pölten University of Applied SciencesSt. PöltenAustria

Personalised recommendations