Institute of Engineering
Purwanchal Campus
A PROJECT PROPOSAL ON
Submitted by
Submitted to
July, 2019
ABSTRACT
Self-sovereign identity is a new paradigm, backed by blockchain technology. The field of
identity management currently faces issues in multiple areas. Identity theft and data
breaches are not uncommon, and are often the result of insecure identity management
practices. The general public has to trust large corporations and governments to correctly
handle their personal data. Currently the personal data are stored in the central databases
due to which mass data breaches occurs often. But in Self-Sovereign Identity the individual
owns the administration and the data is need not to be stored in the central database.
Individual has right to decide whom to give access to their personal information. To
facilitate a self-sovereign identity system, a decentralized information system is needed.
Blockchain technology fulfil this need, as it makes use of a distributed ledger.
Keywords: identity management, self-sovereign identity, blockchain, distributed ledger
technology, verifiable claims.
i
TABLE OF CONTENTS
LIST OF FIGURES …………………………………………………………………. iii
CHAPTER1: INTRODUCTION ……………………………………………………… 1
LIST OF ABBREVIATIONS
DID Decentralized Identifier
SSI Self-Sovereign Identity
P2P Peer to Peer
KYC Know Your Customer
IDE Integrated Design Environment
ii
LIST OF FIGURES
FIGURE PAGE
Figure 3.1 ………………………………………………………………………. 5
Figure 3.2 ……………………………………………………………………… 6
iii
CHAPTER 1: INTRODUCTION
1.1 Background
We use the terminology of Self-Sovereign Identity, as the concept of individuals or
organizations having sole ownership of their identities, and control over how their
personal data is shared and used. This adds a layer of security and flexibility allowing
the identity holder to only reveal the necessary data for any given transaction or
interaction.
Initially identity was siloed, then came federated identity, and now it is time for user
centric identity, that is what self-sovereign identity is. So, when we talk about siloed
identity, in early days of Internet we had separate credentials for every site that we use
on the internet. Then came the era of Federated identity where websites enable
authentication using our Facebook or Google account. And in Self-Sovereign Identity
user is in control of their identity. In the future, we might not have to use centralized
authorization services to access the Internet such as Twitter, Google or Facebook and
instead we will use our Self Sovereign Identity to validate our identity without having
to rely on third parties e.g. by using a mobile device.
Our lives have become increasingly digital and so has the vast amount of personal data
traces that we leave behind. For most online transactions or surfing many sites that
individuals discloses specific personal information before they can access services. For
instance, before financial transactions can be carried out on platforms such as E-Sewa,
Khalti, and among others, users are always required to input there financial and personal
details. Thus, it gets stored on numerous internet databases. As such digital clone of
same individual detail exists across these different platforms in a centralize databases.
So, there is high risk of data breach such as Equifax hack in 2017, Cambridge Analytica
scandal of misusing people’s personal information from Facebook to influence voters
in the US Elections 2016. So, currently the personal data is not in control of individual
users. The data is controlled and accessed by the service providers. Individuals do not
have an idea of how many times their personal data has been shared or used without
their consent.
1.3 Objectives
I. To be familiar with blockchain technology and cryptography.
II. To make user the controller of his/her personal data.
III. To learn process for project development
IV. To create a secure channel to share the personal data between user and organization.
1
1.4 Applications
Our system can be used to share the user’s personal information data to the different
organization for many reasons like authenticating the users, verifying the KYC details.
2
CHAPTER 2: LITERATURE REVIEW
Blockchain technology is still evolving and the number of applications using blockchain
are slowly increasing. Self-Sovereign identity system enables the user to be the
administrator of his/her own data. Thus, removing the data control of the big organizations.
The Self-Sovereign identity can be implemented using blockchain technology. The self-
sovereign identity using blockchain is the identity management system which will surely
going to replace the current identity management system.
We have spent a lot of time on researching about the self-sovereign identity management
system using blockchain. We found out that this system is in its very initial phase of
development. So, only very few projects related to self-sovereign identity are available in
the market. We found out some research paper related to the self-sovereign identity and
read them to know the deeper understanding of how the system works.
3
CHAPTER 3: METHODOLOGY
3.1 System Design
A unique decentralize identifier (DID) is generated for each user’s credentials. The user’s
credential is verified by the Issuer. After verifying the credentials, a signature is generated
cryptographically using the private key of the issuer. Thus, verified credential’s DID and
signature is registered in the immutable ledger. Now the user can send the verified
credentials to any receiver. The personal details are encrypted by using public key of the
receiver and sent by a peer-to-peer network connection. The receiver decrypts the
credentials using private key and then verify the credentials using the blockchain. We are
using Ethereum blockchain as an immutable ledger for our projects for recording the
decentralized identifier.
For our project development the following aspects are used:
3.1.1 Blockchain
Blockchain is a distributed database. We are using Ethereum blockchain test network
called Rinkeby as our blockchain ledger to store the decentralized identifier (DID) of
user’s credentials and the verified signature of issuer.
3.1.2 Cryptography
We are using public key cryptography (asymmetric cryptography) for encryption and
validation. Each user is assigned with the keypairs i.e. a public key and a private key.
A public key can be shared by the user but the private key must be kept secret. The
personal data are encrypted by public key cryptography and sent to the receiver end in
a secure manner.
We are developing our project using JavaScript programming language. We are using Node.js,
Express.js for back-end development and React.js for front-end development. Since our team
has 3 members, we are developing our project using GitHub which makes it easier to contribute
in the project. Also, the IDE we are using is visual studio code.
4
3.3 Block Diagram
Presents
Issue claims credentials
Issuer Verifier
Owner
Signs
Verifies
credentials
Signature
Blockchain
5
Use Case Diagram