You are here

Decentralized Authentication for Self-Sovereign Identities using Name Systems

TitleDecentralized Authentication for Self-Sovereign Identities using Name Systems
Publication TypeReport
Year of Publication2018
AuthorsGrothoff, C, Schanzenbach, M, Laube, A, Benoist, E, Mainini, P
Refereed DesignationNon-Refereed
Series TitleH2020-OnlineSecurityPrize-2017
Document Number847382
Date Published10/2018
InstitutionBerner Fachhochschule
TypeH2020 submission
KeywordsDNS, GNU Name System, GNUnet, privacy, ReclaimID

The GNU Name System (GNS) is a fully decentralized public key infrastructure and name system with private information retrieval semantics. It serves a holistic approach to interact seamlessly with IoT ecosystems and enables people and their smart objects to prove their identity, membership and privileges - compatible with existing technologies.

In this report we demonstrate how a wide range of private authentication and identity management scenarios are addressed by GNS in a cost-efficient, usable and secure manner. This simple, secure and privacy-friendly authentication method is a significant breakthrough when cyber peace, privacy and liability are the priorities for the benefit of a wide range of the population.

After an introduction to GNS itself, we show how GNS can be used to authenticate servers, replacing the Domain Name System (DNS) and X.509 certificate authorities (CAs) with a more privacy-friendly but equally usable protocol which is trustworthy, human-centric and includes group authentication. We also built a demonstrator to highlight how GNS can be used in medical computing to simplify privacy-sensitive data processing in the Swiss health-care system. Combining GNS with attribute-based encryption, we created ReclaimID, a robust and reliable OpenID Connect-compatible authorization system. It includes simple, secure and privacy-friendly single sign-on to seamlessly share selected attributes with Web services, cloud ecosystems. Further, we demonstrate how ReclaimID can be used to solve the problem of addressing, authentication and data sharing for IoT devices.

These applications are just the beginning for GNS; the versatility and extensibility of the protocol will lend itself to an even broader range of use-cases.

GNS is an open standard with a complete free software reference implementation created by the GNU project. It can therefore be easily audited, adapted, enhanced, tailored, developed and/or integrated, as anyone is allowed to use the core protocols and implementations free of charge, and to adopt them to their needs under the terms of the GNU Affero General Public License, a free software license approved by the Free Software Foundation.

Short TitleDASEIN
PDF icon dasein10.pdf183.25 KB