Towards Improving Privacy and Security of Identity Management Systems Using Blockchain Technology: A Systematic Review
Abstract
:1. Introduction
2. Background
2.1. Overview of IDMSs
2.1.1. The Isolated User Identity Model (SILO) or Centralized Model
2.1.2. Federated Identity Model
2.1.3. User-Centric Model
2.1.4. Self-Sovereign Identity Model (SSI)
2.2. Blockchain
- -
- A block: A block of data which has a 32-bit randomly generated number (nonce) and cryptographic hash, which is like a fingerprint of the block data. The first block of the chain is called the Genesis Block, and it does not contain a previous hash, because it is the original and the first block on the chain, and thus it is the only block with this feature [37].
- -
- Miners: The blockchain technology requires miners to solve complex math algorithms to generate the cryptographic hash from the random nonce for each block created.
- -
- Nodes: The nodes can be any electronic device holding all of the blockchain transactions copies.
- -
- Chain: Group of blocks.
- -
- Consensus protocol: Operations implementation rules.
3. Literature Review
3.1. Traditional IDMSs
3.2. Blockchain-Based IDMSs
4. Method
4.1. Research Need Identification
4.2. Research Questions
- Q1: What are the current issues that threaten user privacy and security in centralized IDMSs?
- Q2: Will decentralizing identity management by using distributed ledger technology solve user privacy problems, and if so, why?
- Q3: What are the blockchain-based technologies that may be utilized to enhance user privacy?
- Q4: What is the most efficient blockchain-based development platform for IDMSs?
4.3. Information Source and Database
4.4. Research String
4.5. Criteria Selection
4.6. Inclusion and Exclusion Criteria
5. Results and Discussion
5.1. Study Characteristics
5.2. Discussion and Result
5.2.1. Domain
5.2.2. Issues and Blockchain Type
5.2.3. Smart Contract
5.2.4. Research Questions and Answers
- Q1: What are the current issues that threaten user privacy and security in centralized IDMSs?
- Q2: Will decentralizing identity management by using distributed-ledger technology solve user privacy problems, and if so, why?
- Q3: What are the blockchain-based technologies that may be utilized to enhance user privacy?
- Q4: What is the most efficient blockchain-based development platform for IDMSs?
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Appendix A. Included Studies
Study NO | Title | Authors | Year | Type | Publisher | BC Used and Filed | Smart Contract |
---|---|---|---|---|---|---|---|
[28] | EBAS: An Efficient Blockchain-based Authentication Scheme for Secure Communication in Vehicular Ad Hoc Network | Xia Feng et al. | 2022 | article | MDPI | Blockchain, r secure communication in VANET | no |
[12] | Developing an IoT Identity Management System Using Blockchain | Sitalakshmi Venkatraman et al. | 2022 | article | MDPI | Blockchain, IOT | Yes |
[21] | Modbus Access Control System Based on SSI over Hyperledger Fabric Blockchain | Santiago Figueroa-Lorenzo et al. | 2021 | article | MDPI | Hyperledger fabric blockchain, Modbus access control. | no |
[17] | Blockchain and Self Sovereign Identity to Support Quality in the Food Supply Chain | Luisanna Cocco et al. | 2021 | article | MDPI | Ethereum Blockchain, Food Supply chain | yes |
[31] | Health-ID: A Blockchain-Based Decentralized Identity Management for Remote Healthcare | Ibrahim Tariq Javed et al. | 2021 | article | MDPI | Ethereum consortium blockchain, e health | yes |
[22] | Blockchain-Enabled Access Management System for Edge Computing | Yong Zhu et al | 2021 | article | MDPI | Blockchain, edge computing | yes |
[34] | ABlockchain-based Authentiaction Protocol For Cooperative Vehicular Ad Hoc Network | A. F. M. Suaib Akhter et al. | 2021 | article | MDPI | Ethereum blockchain, internet of Vehicles (IoV) | yes |
[13] | Alightweight Blockchain based IOT Identity Managemnt Approach | Mohammed Amine Bouras et al. | 2021 | article | MDPI | consortium blockchain-based identity management, IoT(implement by Hyperledger Fabric) | yes |
[32] | Aprivacy-preserving Healthcare Framework Using Hyperledger Fabric | Charalampos Stamatellis et al. | 2020 | article | MDPI | Hyperledger Fabric’s permissioned blockchain framework, healthcare | no |
[23] | DNS-IDM: A Blockchain Identity Management System to Secure Personal Data Sharing in A Network | Jamila Alsayed Kassem et al. | 2019 | article | MDPI | private Ethereum network (permissioned Ethereum ledger) | yes |
[14] | BlendCAC: ASmart Contract-Enabled Decentralized Capability-Based Access Control Mechanism For The IOT | Ronghua Xu et al. | 2018 | article | MDPI | private Ethereum blockchain, AC in IoT devices. | yes |
Study NO | Title | Authors | Year | Type | Publisher | BC Used and Filed | Smart Contract |
---|---|---|---|---|---|---|---|
[27] | EIDM: A Ethereum-Based Cloud User Identity Management Protocol | shangping wang et al. | 2019 | article | IEEE | Ethereum blockchain, cloud IDM | yes |
[24] | Burnable Pseudo-Identity: A Non-binding Anonymous Identity Method for Ethereum | iván gutiérrez-agüero et al. | 2021 | article | IEEE | Ethereum, Anonymous Identity | yes |
[35] | Pseudonym Management Through Blockchain: Cost-efficient Privacy Preservation on Intelligent Transportation Systems | shihan bao et al. | 2019 | article | IEEE | Blockchain, internet of connected vehicles. | no |
[15] | VAIM: Verifiable Anonymous Identity Management for Human-centric Security and Privacy in the Internet of Things | gyeongjin ra et al. | 2021 | article | IEEE | permissioned blockchain, the human internet of things (HIoT) | no |
[25] | ATIB: Design and Evaluation of an Architecture for Brokered Self-Sovereign Identity Integration and Trust-Enhancing Attribute Aggregation for the Service Provider | andreas grüner et al. | 2021 | article | IEEE | Blockchain, IDM(attributes aggregations.) | no |
[26] | A Trusted Approach for Decentralized and Privacy-Preserving Identity Management | rafael torres moreno et al. | 2021 | article | IEEE | Hyperledger fabric, IDM | yes |
[36] | A New Transitively Closed Undirected Graph Authentication Scheme for Blockchain-based Identity Management Systems | chao lin1 et al. | 2018 | article | IEEE | Ethereum, undirected graph. | yes |
[16] | Blockchain-Based IoT Access Control System: Towards Security, Lightweight, and Cross-Domain | shuang sun et al. | 2021 | article | IEEE | Hyperledger fabric permissioned blockchain, IOT AC. | yes |
[33] | A Permissioned Blockchain-based Identity Management and User Authentication Scheme for E-Health Systems | xinyin xiang et al. | 2020 | article | IEEE | permissioned blockchain, e-health systems | yes |
[29] | FADB: A Fine-grained Access Control Scheme for VANET Data Based on Blockchain | hui li et al. | 2020 | article | IEEE | Ethereum, Vehicular Ad Hoc Network (VANET) | yes |
[18] | A Blockchain-based Framework for Supply Chain Provenance | pinchen cui et al. | 2019 | article | IEEE | Hyperledger fabric permissioned blockchain, Supply Chain | yes |
[19] | Smart Contract-based Product Traceability System in the Supply Chain Scenario | shangping wang et al. | 2019 | article | IEEE | Ethereum, Supply Chain | yes |
[30] | A Privacy-Preserving Trust Model Based on Blockchain for VANETs | zhaojun lu et al. | 2018 | article | IEEE | Blockchain, vehicular ad hoc networks (VANETs) | no |
[20] | A Permissioned Distributed Ledger for the US Beef Cattle Supply Chain | tanvir ferdousi et al. | 2020 | article | IEEE | permissioned blockchain network, Ethereum Supply Chain | yes |
References
- L’Amrani, H.; Berroukech, B.; Ajhoun, R.; El Idrissi, Y. Identity Management Systems: Laws of Identity for Models′ Evaluation. In Proceedings of the 2016 4th IEEE International Colloquium on Information Science and Technology (CiSt), Tangier, Morocco, 24–26 October 2016. [Google Scholar]
- Liu, Y.; He, D.; Obaidat, M.; Kumar, N.; Khan, M.; Choo, K. Blockchain-based identity management systems: A review. J. Netw. Comput. Appl. 2020, 166, 102731. [Google Scholar] [CrossRef]
- Agudo, I. Digital Identity and Identity Management Technologies. Serb. Publ. InfoReview Joins UPENET Netw. CEPIS Soc. J. Mag. 2010, 6. [Google Scholar]
- Jøsang, A.; AlZomai, M.; Suriadi, S. Usability and Privacy in Identity Management Architectures. In Proceedings of the Fifth Australasian Symposium on Grid Computing and e-Research (AusGrid 2007), the Fifth Australasian Information Security Workshop (Privacy Enhancing Technologies) (AISW 2007), and the Australasian Workshop on Health Knowledge Management and Discovery (HKMD 2007). Proceedings, Ballarat, VIC, Australia, 30 January-2 February 2007. [Google Scholar]
- Panait, A.; Olimid, R.; Stefane, A. Identity Management on Blockchain—Privacy and Security Aspects. Proc. Rom. Acad.-Ser. A Math. Phys. Tech. Sci. Inf. Sci. 2021, 21, 45–52. [Google Scholar]
- Alrodhan, W. Privacy and Practicality of Identity Management Systems: Academic Overview; Vdm Verlag Dr. Müller: Saarbrücken, Germany, 2011. [Google Scholar]
- Lim, S.Y.; Tankam Fotsing, P.; Almasri, A.; Musa, O.; Mat Kiah, M.L.; Ang, T.F.; Ismail, R. Blockchain Technology the Identity Management and Authentication Service Disruptor: A Survey. Int. J. Adv. Sci. Eng. Inf. Technol. 2018, 8, 1735. Available online: http://insightsociety.org/ojaseit/index.php/ijaseit/article/view/6838 (accessed on 15 August 2022). [CrossRef] [Green Version]
- Almeshal, T.A.; Alhogail, A.A. Blockchain for Businesses: A Scoping Review of Suitability Evaluations Frameworks. IEEE Access 2021, 9, 155425–155442. [Google Scholar] [CrossRef]
- Zhu, X. Research on blockchain consensus mechanism and implementation. IOP Conf. Ser. Mater. Sci. Eng. 2019, 569, 042058. [Google Scholar] [CrossRef]
- Maldonado, F.C. Introduction to Blockchain and Ethereum: Use Distributed Ledgers to Validate Digital Transactions in a Decentralized and Trustless Manner; Packt Publishing: Birmingham, UK, 2018. [Google Scholar]
- Joshi, J.; Nepal, S.; Zhang, Q.; Zhang, L. Blockchain—ICBC 2019. In Proceedings of the Second International Conference, held as Part of the Services Conference Federation, SCF 2019, San Diego, CA, USA, 25–30 June 2019; Springer: Cham, Switzerland, 2019. [Google Scholar]
- Bao, Z.; Wang, Q.; Shi, W.; Wang, L.; Lei, H.; Chen, B. When Blockchain Meets SGX: An Overview, Challenges, and Open Issues. IEEE Access 2020, 8, 170404–170420. [Google Scholar] [CrossRef]
- Bouras, M.A.; Lu, Q.; Dhelim, S.; Ning, H. A Lightweight Blockchain-Based IoT Identity Management Approach. Future Internet 2021, 13, 24. [Google Scholar] [CrossRef]
- Xu, R.; Chen, Y.; Blasch, E.; Chen, G. BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT. Computers 2018, 7, 39. [Google Scholar] [CrossRef] [Green Version]
- Ra, G.; Kim, T.; Lee, I. VAIM: Verifiable Anonymous Identity Management for Human-Centric Security and Privacy in the Internet of Things. IEEE Access 2021, 9, 75945–75960. [Google Scholar] [CrossRef]
- Sun, S.; Du, R.; Chen, S.; Li, W. Blockchain-Based IoT Access Control System: Towards Security, Lightweight, and Cross-Domain. IEEE Access 2021, 9, 36868–36878. [Google Scholar] [CrossRef]
- Cocco, L.; Tonelli, R.; Marchesi, M. Blockchain and Self Sovereign Identity to Support Quality in the Food Supply Chain. Future Internet 2021, 13, 301. [Google Scholar] [CrossRef]
- Cui, P.; Dixon, J.; Guin, U.; Dimase, D. A Blockchain-Based Framework for Supply Chain Provenance. IEEE Access 2019, 7, 157113–157125. [Google Scholar] [CrossRef]
- Wang, S.; Li, D.; Zhang, Y.; Chen, J. Smart Contract-Based Product Traceability System in the Supply Chain Scenario. IEEE Access 2019, 7, 115122–115133. [Google Scholar] [CrossRef]
- Ferdousi, T.; Gruenbacher, D.; Scoglio, C.M. A Permissioned Distributed Ledger for the US Beef Cattle Supply Chain. IEEE Access 2020, 8, 154833–154847. [Google Scholar] [CrossRef]
- Figueroa-Lorenzo, S.; Añorga Benito, J.; Arrizabalaga, S. Modbus Access Control System Based on SSI over Hyperledger Fabric Blockchain. Sensors 2021, 21, 5438. [Google Scholar] [CrossRef]
- Zhu, Y.; Huang, C.; Hu, Z.; Al-Dhelaan, A.; Al-Dhelaan, M. Blockchain-Enabled Access Management System for Edge Computing. Electronics 2021, 10, 1000. [Google Scholar] [CrossRef]
- Alsayed Kassem, J.; Sayeed, S.; Marco-Gisbert, H.; Pervez, Z.; Dahal, K. DNS-IdM: A Blockchain Identity Management System to Secure Personal Data Sharing in a Network. Appl. Sci. 2019, 9, 2953. [Google Scholar] [CrossRef] [Green Version]
- Gutierrez-Aguero, I.; Anguita, S.; Larrucea, X.; Gomez-Goiri, A.; Urquizu, B. Burnable Pseudo-Identity: A Non-Binding Anonymous Identity Method for Ethereum. IEEE Access 2021, 9, 108912–108923. [Google Scholar] [CrossRef]
- Gruner, A.; Muhle, A.; Meinel, C. ATIB: Design and Evaluation of an Architecture for Brokered Self-Sovereign Identity Integration and Trust-Enhancing Attribute Aggregation for Service Provider. IEEE Access 2021, 9, 138553–138570. [Google Scholar] [CrossRef]
- Moreno, R.T.; Garcia-Rodriguez, J.; Bernabe, J.B.; Skarmeta, A. A Trusted Approach for Decentralised and Privacy-Preserving Identity Management. IEEE Access 2021, 9, 105788–105804. [Google Scholar] [CrossRef]
- Wang, S.; Pei, R.; Zhang, Y. EIDM: A Ethereum-Based Cloud User Identity Management Protocol. IEEE Access 2019, 7, 115281–115291. [Google Scholar] [CrossRef]
- Feng, X.; Cui, K.; Jiang, H.; Li, Z. EBAS: An Efficient Blockchain-Based Authentication Scheme for Secure Communication in Vehicular Ad Hoc Network. Symmetry 2022, 14, 1230. [Google Scholar] [CrossRef]
- Li, H.; Pei, L.; Liao, D.; Chen, S.; Zhang, M.; Xu, D. FADB: A Fine-Grained Access Control Scheme for VANET Data Based on Blockchain. IEEE Access 2020, 8, 85190–85203. [Google Scholar] [CrossRef]
- Lu, Z.; Liu, W.; Wang, Q.; Qu, G.; Liu, Z. A Privacy-Preserving Trust Model Based on Blockchain for VANETs. IEEE Access 2018, 6, 45655–45664. [Google Scholar] [CrossRef]
- Javed, I.T.; Alharbi, F.; Bellaj, B.; Margaria, T.; Crespi, N.; Qureshi, K.N. Health-ID: A Blockchain-Based Decentralized Identity Management for Remote Healthcare. Healthcare 2021, 9, 712. [Google Scholar] [CrossRef]
- Stamatellis, C.; Papadopoulos, P.; Pitropakis, N.; Katsikas, S.; Buchanan, W.J. A Privacy-Preserving Healthcare Framework Using Hyperledger Fabric. Sensors 2020, 20, 6587. [Google Scholar] [CrossRef] [PubMed]
- Xiang, X.; Wang, M.; Fan, W. A Permissioned Blockchain-Based Identity Management and User Authentication Scheme for E-Health Systems. IEEE Access 2020, 8, 171771–171783. [Google Scholar] [CrossRef]
- Akhter, A.F.M.S.; Ahmed, M.; Shah, A.F.M.S.; Anwar, A.; Kayes, A.S.M.; Zengin, A. A Blockchain-Based Authentication Protocol for Cooperative Vehicular Ad Hoc Network. Sensors 2021, 21, 1273. [Google Scholar] [CrossRef] [PubMed]
- Bao, S.; Cao, Y.; Lei, A.; Asuquo, P.; Cruickshank, H.; Sun, Z.; Huth, M. Pseudonym Management Through Blockchain: Cost-Efficient Privacy Preservation on Intelligent Transportation Systems. IEEE Access 2019, 7, 80390–80403. [Google Scholar] [CrossRef]
- Lin, C.; He, D.; Huang, X.; Khurram Khan, M.; Choo, K.-K.R. A New Transitively Closed Undirected Graph Authentication Scheme for Blockchain-Based Identity Management Systems. IEEE Access 2018, 6, 28203–28212. [Google Scholar] [CrossRef]
- de Ponteves, H.; Eremenko, K.; Ligency Team. Blockchain A-Z™: Learn How To Build Your First Blockchain. September 2021. Available online: https://www.udemy.com/course/build-your-blockchain-az/#instructor-1 (accessed on 11 June 2022).
- Shobanadevi, A.; Tharewal, S.; Soni, M.; Kumar, D.D.; Khan, I.R.; Kumar, P. Novel identity management system using smart blockchain technology. Int. J. Syst. Assur. Eng. Manag. 2022, 13 (Suppl. 1), 496–505. [Google Scholar] [CrossRef]
- Lastovetska, A. Blockchain Architecture Basics: Components, Structure, Benefits & Creation. 5 January 2021. Available online: https://mlsdev.com/blog/156-how-to-build-your-own-blockchain-architecture (accessed on 1 November 2022).
- Buterin, V. The Meaning of Decentralization. [Online] Medium. 2017. Available online: https://medium.com/@VitalikButerin/the-meaning-of-decentralization-a0c92b76a274 (accessed on 26 October 2022).
- Wüst, K. Do you need a Blockchain? In Proceedings of the Crypto Valley Conference on Blockchain Technology (CVCBT), Zug, Switzerland, 20–22 June 2018. [Google Scholar]
- Alrodhan, W.; Mitchell, C. Improving the Security of CardSpace. EURASIP J. Inf. Secur. 2009, 2009, 1–8. [Google Scholar] [CrossRef] [Green Version]
- Alrodhan, W.; Mitchell, C. Enhancing User Authentication in Claim-Based Identity Management. In Proceedings of the 2010 International Symposium on Collaborative Technologies and Systems, Chicago, IL, USA, 17–21 May 2010. [Google Scholar]
- Dai, Z.; Zhou, W. The Federated Identity and Access Management Architectures: A Literature Survey; Deakin University, School of Information Technology: Geelong, VIC, Australia, 2005. [Google Scholar]
- Sung, C.; Park, J. Understanding of blockchain-based identity management system adoption in the public sector. J. Enterp. Inf. Manag. 2021, 34, 1481–1505. [Google Scholar] [CrossRef]
- Niu, J.; Ren, Z. A self-sovereign identity management scheme using smart contracts. MATEC Web Conf. 2021, 336, 08005. [Google Scholar] [CrossRef]
- Bouras, M.; Lu, Q.; Zhang, F.; Wan, Y.; Zhang, T.; Ning, H. Distributed Ledger Technology for eHealth Identity Privacy: State of the Art and Future Perspective. Sensors 2020, 20, 483. [Google Scholar] [CrossRef] [Green Version]
- Ferdous, M.S.; Poet, R. A Comparative Analysis of Identity Management Systems. In Proceedings of the 2012 International Conference on High Performance Computing & Simulation (HPCS), Madrid, Spain, 2–6 July 2012. [Google Scholar]
- Stockburger, L.; Kokosioulis, G.; Mukkamala, A.; Mukkamala, R.; Avital, M. Blockchain-enabled Decentralized Identity Management: The Case of Self-sovereign Identity in Public Transportation. Blockchain Res. Appl. 2021, 2, 100014. [Google Scholar] [CrossRef]
- Outchakoucht, A.; Es-Samaali, H. Dynamic Access Control Policy based on Blockchain and Machine Learning for the Internet of Things. Int. J. Adv. Comput. Sci. Appl. 2017, 8, 417–424. [Google Scholar] [CrossRef] [Green Version]
- Liao, C.H.; Guan, X.Q.; Cheng, J.H.; Yuan, S.M.; Blockchain-Based Identity Management and Access Control Framework for Open Banking Ecosystem. pp. 450–466. Available online: https://ssrn.com/abstract=4039865 (accessed on 5 October 2022).
- Desabathina, N.V.M.; Merugu, S.; Gunjan, V.K.; Kumar, B.S. Agricultural Crowdfunding Through Blockchain. In ICDSMLA 2020; Kumar, A., Senatore, S., Gunjan, V.K., Eds.; Lecture Notes in Electrical Engineering; Springer: Singapore, 2022; Volume 783. [Google Scholar] [CrossRef]
- Tetzlaff, J.; Page, M.; Moher, D. Pns154 the prisma 2020 statement: Development of and key changes in an updated guideline for reporting systematic reviews and meta-analyses. Value Health 2020, 23, S312–S313. [Google Scholar] [CrossRef]
Database | Website |
---|---|
IEEE Xplore Digital Library | https://www.ieee.org |
MDPI | https://www.mdpi.com |
Database | Keywords | NO | Open Access | After Deleting Duplicate | After Reading Paper |
---|---|---|---|---|---|
IEEE | “Identity management systems AND blockchain” | 319 | 38 | 38 | 14 |
“Identity management system AND smart contract” | 101 | 11 | 2 | 0 | |
“Ethereum AND identity management system” | 41 | 5 | 4 | 0 | |
MDPI | “Identity management systems AND blockchain” | 26 | 26 | 26 | 11 |
“Identity management system AND smart contract “ | 7 | 7 | 1 | 0 | |
“Ethereum AND identity management system” | 2 | 2 | 0 | 0 |
Inclusion Criteria | Exclusion Criteria |
---|---|
Written English | Studies written in other languages |
Studies From 2018 until now | Studies before 2018 |
Original research paper | Survey, systematic review papers |
Proposed solution implemented | Proposed solutions not implemented |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Alanzi, H.; Alkhatib, M. Towards Improving Privacy and Security of Identity Management Systems Using Blockchain Technology: A Systematic Review. Appl. Sci. 2022, 12, 12415. https://doi.org/10.3390/app122312415
Alanzi H, Alkhatib M. Towards Improving Privacy and Security of Identity Management Systems Using Blockchain Technology: A Systematic Review. Applied Sciences. 2022; 12(23):12415. https://doi.org/10.3390/app122312415
Chicago/Turabian StyleAlanzi, Haifa, and Mohammad Alkhatib. 2022. "Towards Improving Privacy and Security of Identity Management Systems Using Blockchain Technology: A Systematic Review" Applied Sciences 12, no. 23: 12415. https://doi.org/10.3390/app122312415
APA StyleAlanzi, H., & Alkhatib, M. (2022). Towards Improving Privacy and Security of Identity Management Systems Using Blockchain Technology: A Systematic Review. Applied Sciences, 12(23), 12415. https://doi.org/10.3390/app122312415