Improving the security and privacy of decentralized identity management in multi-controller scenarios

Yang, Huijiong

Author:	Yang, Huijiong
Title:	Improving the security and privacy of decentralized identity management in multi-controller scenarios
Advisors:	Xiao, Bin (COMP)
Degree:	M.Phil.
Year:	2025
Department:	Department of Computing
Pages:	x, 75 pages : color illustrations
Language:	English
Abstract:	Decentralized identity (DID) is pivotal to Web3 applications as it empowers users to manage their identities and credentials without relying on any central authority, thereby enhancing privacy, security, and user autonomy. Existing research on DID primarily focuses on single-controller scenarios, where controllers have complete privileges for identity and credential management. The multi-controller scenario is also an important and indispensable component outlined by the W3C DID standards, while its privacy and security issues have not yet been fully explored. These issues stem from both existing coarse-grained identity management and the intrinsic characteristics of blockchain systems, such as data transparency and high ledger-commit latency. In this thesis, we aim to solve these problems and construct privacy-preserving and secure identity management schemes for DID in multi-control scenarios. We carry out the following work. In our first work, to solve the problems caused by coarse-grained identity management adopted current schemes, i.e., identity impersonation by malicious controllers and high key recovery overhead, we propose MoDID, a fine-grained identity management scheme for multiple controllers, which complies with the DID standard proposed by W3C. Our solution allows multiple controllers to control DID subjects flexibly and reliably through hierarchical controller management. Additionally, we design a secure and low-overhead key recovery scheme to reduce the risk of identity loss. The controllers only rely on the social control recovery in case other controllers cannot execute replacing operations. Finally, we implement MoDID on the Sepolia Ethereum Test Network to evaluate the effectiveness of our proposed scheme. The result demonstrates that our system allows multiple controllers to manage a single identity with lower gas consumption and time consumption than the state-of-the-art. In our second work, we find two new attacks in multiple controller scenarios caused by the intrinsic characteristics of blockchain systems. We also propose a privacy-preserving and secure identity management scheme to defend against them. The first proposed controller-correlation attack allows an attacker to infer relationships between different subjects by correlating the public keys uploaded by controllers in the blockchain. To avoid this kind of privacy leakage, we propose a masking scheme based on the Merkle tree, which allows the controllers to prove their ownership over the multi-controller identities without publicizing the plaintext of their public keys. The other identity impersonation attack exploits insecure controller revocation caused by high block synchronization latency. To resist this attack, we propose a lightweight authentication scheme where the holders provide digest freshness proof and the verifiers only need to download block headers. Finally, to evaluate the feasibility of our proposed scheme, we implement our system on the Sepolia TestNet. The experimental result demonstrates that our system can prevent these attacks with acceptable gas consumption and time consumption, compared with the state-of-the-art.
Rights:	All rights reserved
Access:	open access

Files in This Item:

File	Description	Size	Format
8068.pdf	For All Users	2.64 MB	Adobe PDF	View/Open

Copyright Undertaking

As a bona fide Library user, I declare that:

I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.

By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.

Show full item record

Please use this identifier to cite or link to this item: https://theses.lib.polyu.edu.hk/handle/200/13624