Skip to main content

Trust Me If You Can: Trusted Transformation Between (JSON) Schemas to Support Global Authentication of Education Credentials

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 625)

Abstract

Recruiters and institutions around the world struggle with the verification of diplomas issued in a diverse and global education setting. Firstly, it is a nontrivial problem to identify bogus institutions selling education credentials. While institutions are often accredited by qualified authorities on a regional level, there is no global authority fulfilling this task.Secondly, many different data schemas are used to encode education credentials, which represents a considerable challenge to automated processing. Consequently, significant manual effort is required to verify credentials.

In this paper, we tackle these challenges by introducing a decentralized and open system to automatically verify the legitimacy of issuers and interpret credentials in unknown schemas. We do so by enabling participants to publish transformation information, which enables verifiers to transform credentials into their preferred schema. Due to the lack of a global root of trust, we utilize a distributed ledger to build a decentralized web of trust, which verifiers can query to gather information on the trustworthiness of issuing institutions and to establish trust in transformation information. Going beyond diploma fraud, our system can be generalized to tackle the generalized problem for other domains lacking a root of trust and agreements on data schemas.

Keywords

  • Blockchain
  • Distributed ledger
  • Web of trust
  • Trust management
  • Education credentials
  • Verification
  • Self-sovereign identity

This work was supported by the European Union’s Horizon 2020 Framework Programme for Research and Innovation under grant agreement № 871473 (KRAKEN) as well as the Josef Ressel Center for Blockchain Technologies and Security Management (JRC Blockchains). The authors would also like to thank TU Graz’ Registrar’s Office for insights into verification of (paper-based) diplomas.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-78120-0_2
  • Chapter length: 17 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   119.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-78120-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   159.99
Price excludes VAT (USA)
Hardcover Book
USD   159.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

Notes

  1. 1.

    Computed by multiplying gas price (https://etherscan.io/chart/gasprice) and ether price (https://etherscan.io/chart/etherprice) on 22 January 2021.

References

  1. Abraham, A., More, S., Rabensteiner, C., Hörandner, F.: Revocable and offline-verifiable self-sovereign identities. In: TrustCom/BigDataSE 2020. IEEE (2020)

    Google Scholar 

  2. Alber, L., More, S., Mödersheim, S.A., Schlichtkrull, A.: Adapting the TPL trust policy language for a self-sovereign identity world. In: Open Identity Summit 2021. OID 2021, Gesellschaft für Informatik (2021, in press)

    Google Scholar 

  3. Alexopoulos, N., Daubert, J., Mühlhäuser, M., Habib, S.M.: Beyond the hype: on using blockchains in trust management for authentication. In: TrustCom/BigDataSE/ICESS 2017, pp. 546–553. IEEE (2017)

    Google Scholar 

  4. Allen, C., et al.: Decentralized public key infrastructure. White Paper, Rebooting the Web of Trust (2015)

    Google Scholar 

  5. Bear, J., Ezell, A.: Degree Mills: The Billion-Dollar Industry That Has Sold Over a Million Fake Diplomas. Prometheus Books (2012)

    Google Scholar 

  6. Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: design and semantics of a decentralized authorization language. J. Comput. Secur. 18(4), 619–665 (2010)

    CrossRef  Google Scholar 

  7. Børresen, L.J., Meier, E., Skjerven, S.A.: Detecting fake university degrees in a digital world. In: Corruption in Higher Education: Global Challenges and Responses, Global Perspectives on Higher Education, vol. 46, pp. 102–107. Brill \(\mid \) Sense (2020)

    Google Scholar 

  8. Brunner, C., Knirsch, F., Unterweger, A., Engel, D.: A comparison of blockchain-based PKI implementations. In: Proceedings of the 6th International Conference on Information Systems Security and Privacy, ICISSP 2020, pp. 333–340. SciTePress (2020)

    Google Scholar 

  9. Camilleri, A.F., Duffy, K.H., Otto, N.: Modeling Educational Verifiable Credentials. Draft community group report, W3C Verifiable Credentials for Education Task Force (2020). https://w3c-ccg.github.io/vc-ed-models. Accessed 22 Jan 2021

  10. Camilleri, A.F., Tück, C.: Higher Education Interoperable Data Initiative (HEIDI). Living document (2020). https://heidirepo.github.io/HEIDI. Accessed 22 Jan 2021

  11. Connecting Europe Facility: EBSI: Use Cases and Functional Documentation (2020). https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITALEBSI/Use+Cases+and+Functional+Documentation. Accessed 22 Jan 2021

  12. Davie, M., Gisolfi, D., Hardman, D., Jordan, J., O’Donnell, D., Reed, D.: The trust over IP stack. IEEE Commun. Stand. Mag. 3(4), 46–51 (2019)

    CrossRef  Google Scholar 

  13. Digital Credentials Consortium: Building the Digital Credential Infrastructure for the Future (2020). https://digitalcredentials.mit.edu/wp-content/uploads/2020/02/white-paper-building-digital-credential-infrastructure-future.pdf. Accessed 22 Jan 2021

  14. ETER: European Tertiary Education Register (2020). https://www.eter-project.com. Accessed 22 Jan 2021

  15. Ethereum: Ethereum JSON RPC API (2020). https://eth.wiki/json-rpc/API. Accessed 22 Jan 2021

  16. Ethereum: Solidity Documentation (2021). https://docs.soliditylang.org. Accessed 22 Jan 2021

  17. Etherscan: Ethereum Blocktime (2021). https://etherscan.io/chart/blocktime. Accessed 22 Jan 2021

  18. European Commission: Europass Digital Credentials Infrastructure (2020). https://ec.europa.eu/futurium/en/europass/europass-digital-credentials-infrastructure. Accessed 22 Jan 2021

  19. FutureTrust Consortium: Global Trust Service List (2020). https://pilots.futuretrust.eu/gtsl. Accessed 22 Jan 2021

  20. Gräther, W., Kolvenbach, S., Ruland, R., Schütte, J., Torres, C., Wendland, F.: Blockchain for education: lifelong learning passport. In: Proceedings of the 1st ERCIM Blockchain Workshop. European Society for Socially Embedded Technologies (2018)

    Google Scholar 

  21. Gössner, S.: Transforming JSON (2006). https://goessner.net/articles/jsont. Accessed 22 Jan 2021

  22. Gössner, S.: JSONPath - XPath for JSON (2007). https://goessner.net/articles/JsonPath. Accessed 22 Jan 2021

  23. HEDD: UK Higher Education Degree Datacheck (2020). https://hedd.ac.uk/about. Accessed 22 Jan 2021

  24. IMS Global Learning Consortium: Open Badges v2.0. Technical report (2018). https://www.imsglobal.org/sites/default/files/Badges/OBv2p0Final/index.html

  25. Kuperberg, M.: Blockchain-based identity management: a survey from the enterprise and ecosystem perspective. IEEE Trans. Eng. Manag. 67(4), 1008–1027 (2020)

    CrossRef  Google Scholar 

  26. Lane, D., Vontas, C., Rückstieß, T., Poggi, D.: jsonpath-object-transform (2017). https://github.com/dvdln/jsonpath-object-transform. Accessed 22 Jan 2021

  27. Lee, A.J., Yu, T.: Towards quantitative analysis of proofs of authorization: applications, framework, and techniques. In: Proceedings for the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, pp. 139–153. IEEE (2010)

    Google Scholar 

  28. Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. J. Comput. Secur. 11(1), 35–86 (2003)

    CrossRef  Google Scholar 

  29. MIT Media Lab Learning Initiative and Hyland Credentials: Blockcerts - An Open Infrastructure for Academic Credentials on the Blockchain (2016). https://www.blockcerts.org. Accessed 22 Jan 2021

  30. Mödersheim, S., Schlichtkrull, A., Wagner, G., More, S., Alber, L.: TPL: a trust policy language. In: Meng, W., Cofta, P., Jensen, C.D., Grandison, T. (eds.) IFIPTM 2019. IAICT, vol. 563, pp. 209–223. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33716-2_16

    CrossRef  Google Scholar 

  31. Mödersheim, S.A., Ni, B.: GTPL: A graphical trust policy language. In: Open Identity Summit 2019, OID 2019, pp. 107–118. Gesellschaft für Informatik (2019)

    Google Scholar 

  32. Mühle, A., Grüner, A., Gayvoronskaya, T., Meinel, C.: A survey on essential components of a self-sovereign identity. Comput. Sci. Rev. 30, 80–86 (2018)

    CrossRef  Google Scholar 

  33. Office for Students: OfS Register (Spreadsheet) (2021). https://apis.officeforstudents.org.uk/OfsRegisterDownload/api/Register/. Accessed 22 Jan 2021

  34. Protocol Labs: IPFS Documentation (2021). https://docs.ipfs.io. Accessed 22 Jan 2021

  35. Reed, D., Sporny, M., Longley, D., Allen, C., Grant, R., Sabadello, M.: Decentralized Identifiers (DIDs) v1.0. W3C working draft, W3C (2021). https://www.w3.org/TR/2021/WD-did-core-20210128/

  36. Rodler, M., Li, W., Karame, G.O., Davi, L.: Sereum: protecting existing smart contracts against re-entrancy attacks. In: Proceedings of the 26th Annual Network and Distributed System Security Symposium, NDSS 2019. Internet Society (2019)

    Google Scholar 

  37. Rodler, M., Li, W., Karame, G.O., Davi, L.: EVMPatch: timely and automated patching of ethereum smart contracts. In: 30th USENIX Security Symposium. USENIX Security 2021. USENIX Association (2021)

    Google Scholar 

  38. Sporny, M., Longley, D., Chadwick, D.: Verifiable Credentials Data Model 1.0. W3C recommendation, W3C (2019). https://www.w3.org/TR/2019/REC-vc-data-model-20191119/

  39. Torres, C.F., Baden, M., Norvill, R., Pontiveros, B.B.F., Jonker, H., Mauw, S.: ÆGIS: shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020, pp. 584–597. ACM (2020)

    Google Scholar 

  40. UK Department of Education: Higher Education Degree Datacheck (2020). https://hedd.ac.uk/about. Accessed 16 Oct 2020

  41. W3C Verifiable Credentials for Education Task Force: vc-ed (2020). https://w3c-ccg.github.io/vc-ed. Accessed 22 Jan 2021

  42. Weinhardt, S., Omolola, O.: Usability of policy authoring tools: a layered approach. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy, ICISSP 2019, pp. 301–308. SciTePress (2019)

    Google Scholar 

  43. Weinhardt, S., St. Pierre, D.: Lessons learned – conducting a user experience evaluation of a trust policy authoring tool. In: Open Identity Summit 2019, OID 2019, pp. 185–190. Gesellschaft für Informatik (2019)

    Google Scholar 

  44. Wright, A., Andrews, H., Hutton, B.: JSON Schema Specification (2020). https://json-schema.org/specification.html. Accessed 22 Jan 2021

  45. Yakubov, A., Shbair, W., State, R.: BlockPGP: a blockchain-based framework for PGP key servers. In: Proceedings of the 6th International Symposium on Computing and Networking Workshops, pp. 316–322. IEEE (2018)

    Google Scholar 

  46. Zwattendorfer, B., Zefferer, T., Stranacher, K.: An overview of cloud identity management-models. In: Proceedings of the 10th International Conference on Web Information Systems and Technologies, WEBIST 2014, vol. 2, pp. 82–92. SciTePress (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Stefan More .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 IFIP International Federation for Information Processing

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

More, S., Grassberger, P., Hörandner, F., Abraham, A., Klausner, L.D. (2021). Trust Me If You Can: Trusted Transformation Between (JSON) Schemas to Support Global Authentication of Education Credentials. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78120-0_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78119-4

  • Online ISBN: 978-3-030-78120-0

  • eBook Packages: Computer ScienceComputer Science (R0)