Next Article in Journal / Special Issue
Apokedro: A Decentralization Index for Daos and Beyond
Previous Article in Journal / Special Issue
PROACTION: Profitable Transactions Selection Greedy Algorithm in Rational Proof-of-Work Mining
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Blockchains
Volume 3
Issue 1
10.3390/blockchains3010003
blockchains-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Blockchain-Assisted Self-Sovereign Identities on Education: A Survey

by
Weilin Chan
1,
Keke Gai
2,*,
Jing Yu
3,* and
Liehuang Zhu
2
1
School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, China
2
School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing 100081, China
3
School of Information Engineering, Minzu University of China, Beijing 100081, China
*
Authors to whom correspondence should be addressed.
Blockchains 2025, 3(1), 3; https://doi.org/10.3390/blockchains3010003
Submission received: 13 December 2024 / Revised: 25 January 2025 / Accepted: 4 February 2025 / Published: 11 February 2025
(This article belongs to the Special Issue Feature Papers in Blockchains)
Browse Figures
Versions Notes

Abstract

:
The education sector has witnessed a significant shift towards digitising student records, with relevant data now stored in centralized data repositories. While traditional identity management solutions in education are functional, they often face various challenges, including data privacy concerns, limited portability, and reliability challenges. As the volume of student data continues to grow, inadequate data management practices have led to several problems. These include students losing control and empowerment over their educational information, increased vulnerability to potential data breaches and unauthorized access, a lack of transparency and accountability, data silos and inconsistencies, and administrative inefficiencies. To address these limitations, the implementation of a blockchain-assisted self-sovereign identity (Ba-SSI) concept in the education system presents a viable solution. Self-sovereign identity (SSI) represents a paradigm shift from traditional centralized identity systems, allowing individuals to maintain full control of their identity data without relying on centralized authorities. By leveraging the decentralized nature, SSI frameworks can ensure security, interoperability, and scalability, thereby improving user-centric identity management. This survey paper explores the potential of Ba-SSI within the context of education. It thoroughly reviews the current state of digital identity management in education, highlighting the limitations of conventional systems and the emerging role of blockchain technology in addressing these challenges. The paper discusses the fundamental principles of blockchain technology and how it can be utilized to enhance security, interoperability, and scalability in identity management. Additionally, it examines the insights and benefits of this approach for the education system. Finally, the paper concludes by addressing the issues, challenges, benefits, and future research directions in this domain, underscoring the potential of Ba-SSI solutions to revolutionize the management and empowerment of student data within the education sector.

1. Introduction

The pervasive trend of digitalisation trend has profoundly impacted various domains, and education is no exception. Education institutions worldwide have witnessed a significant transformation toward digitalising student records, educational data management, and administrative processes. This technological shift has facilitated the storage of relevant student information in centralized data repositories, streamlining access and enabling more efficient data management practices.
A vast amount of student data is now being collected, stored, and accessed. The process encompasses a diverse range of data records, including family information, educational background, work experience, course management (such as grading, scores, and credits), language proficiency, assessment results, academic transcripts, academic achievements, financial and billing information, research grant applications, and more. Figure 1 illustrates the available digital identities in the educational sector, categorised into analogue identities (including personal, public, and institutional data) and digital identities. This data often contains sensitive information as well [1], including personally identifiable information (PII) [2]. In one of Sudrastawa’s studies, a significant amount of sensitive personal data was found in the alumni data directory, comprising 73% of Indonesia’s education website [3].
The recording process in academic institutions typically begins with the submission of student applications and enrollment, encompassing subsequent milestones such as graduation, alumni status, and career development. This comprehensive record-keeping has the potential to create a permanent archival record. Consequently, centralized data storage and repositories have become the norm for managing extensive educational data.
As the volume of student data escalates with student records, transcripts, grades, and other educational information, inadequacies in current data management practices may result in several critical issues that require urgent attention [4]. Traditional identity management solutions in the education realm often face a range of challenges related to centralized control over student data, leading to pervasive problems such as data privacy, portability, and reliability [5]. Students frequently experience a loss of control and empowerment, which results in a lack of autonomy over their personal educational information. They must depend on educational institutions to manage, protect, and share their data as needed, often with limited or no access to their records. This reliance erodes their sense of ownership and control over information.
Moreover, centralized systems are prime targets for cyberattacks, including data breaches and unauthorised access. Such breaches can expose sensitive student information, including personal identifiers and academic records. The decentralized nature creates a single point of failure, which can compromise the data of thousands or even millions of students. Centralized management also obscures data-handling practices, making it challenging to ensure transparency and hold institutions accountable. Students and other stakeholders often have limited visibility into how their data are used, shared, or protected. Furthermore, disparate systems and databases lead to fragmented data management. This fragmentation causes data silos, inconsistencies, and inefficiencies, as data may be duplicated, outdated, or inconsistent across different platforms and repositories. Finally, manual data-handling and verification processes are time consuming and error prone. These administrative inefficiencies due to policies and bureaucracies can hamper operational efficiency, leading to delays in data processing and increased administrative workload.
To address these limitations, blockchain-assisted self-sovereign identity (Ba-SSI) offers a promising solution. Self-sovereign identity (SSI) represents a paradigm shift away from centralized identity systems, empowering individuals with complete control over their identity data. With SSI, users can manage their identities independently, without relying on centralized authorities [6,7]. Blockchain technology underpins SSI by providing a decentralized, tamper-proof ledger that enhances security, interoperability, and scalability. The decentralized nature of blockchain, utilizing cryptographic techniques, Merkle trees, and consensus algorithms such as proof-of-work or proof-of-stake, ensures that no single entity has overarching control over the data, thus mitigating risks associated with centralization [8,9]. Blockchain’s immutable records provide a transparent and auditable trail of transactions, fostering trust and accountability [10,11].
Despite extensive research in the field, there is currently no comprehensive study that examines the potential implementation and implications of self-sovereign identity (SSI) specifically within the education sector, to the best of our knowledge. Many scholarly debates about blockchain-based applications, concepts, and principles are from the perspective of data privacy and technical security [4]. The arguments mainly target the flagship blockchain project, financial and payment, supply-chain management, and healthcare system. As shown in Table 1, some review articles only focus on significant areas like healthcare, supply chain, and financial management. Additionally, the existing literature lacks a structured taxonomy that systematically addresses the application of blockchain-assisted self-sovereign identity (Ba-SSI) in academic settings. These gaps have inspired us to conduct an in-depth review of blockchain-driven digital identity from an educational perspective. The key contributions of this work are as follows:
  • We present a detailed review of blockchain-assisted self-sovereign identity (Ba-SSI) in education, developing a structured taxonomy that categorizes and evaluates existing approaches, their unique innovations, and their relevance to academic identity management systems.
  • We identify and analyze critical risks and challenges in current academic identity management systems, such as data privacy concerns, scalability issues, and barriers to user acceptance, while exploring how Ba-SSI can address these challenges and its inherent limitations.
  • We investigate how blockchain and SSI can resolve long-standing problems in identity management, including data breaches, lack of transparency, and operational inefficiencies, while acknowledging that Ba-SSI is not a one-size-fits-all solution.
  • We highlight pressing concerns that warrant further exploration, such as scalability, privacy-preserving techniques, and user adoption, offering a roadmap for future research in this area.
This survey is structured as follows: Section 2 discusses the technical background and development of digital identity and self-sovereign identity. It further explains the available identity management approaches. Section 3 provides an overview of the current attestation and recognition system in the academic domain. It includes a discussion of the system’s characteristics and challenges that necessitate transformation and innovation, categorized into three main areas. Section 4 demonstrates the potential of blockchain and digital identity to enhance transparency, trust, and security, and restore control within the education system. It also explores and explains a few renowned blockchain-based identity solutions available in the market. Lastly, it examines the balance and trade-offs between data privacy and transparency in student data sharing. Section 5 portrays the hesitation and obstacles that educators need to consider before adopting blockchain and self-sovereign identity. Finally, Section 6 suggests recommendations for future work and Section 7 concludes the survey.

2. Background

This section discusses the development of identity management and the evolution until the emergence of self-sovereign identity (SSI). To improve clarity and accessibility, we have summarized the abbreviations used in this survey paper in Table 2.

2.1. Digital Identity in Principle

Identities in our daily lives consist of various attributes and personal information. A digital ID comprises a dataset uniquely identifying an individual or entity in the digital realm [13]. The International Telecommunication Union (ITU) defined digital ID as the digital representation or equivalent of an individual’s personal or organisational physical identity, capable of performing the same functionalities [22,23]. This digital ID acts similarly to an analogue identity in the real world. As illustrated in Figure 1, a digital ID includes not only basic information such as name, birth details, address, and citizenship but also encompasses a person’s online activities (e.g., usernames, passwords, browsing history, social media profiles, email accounts, online banking), biometric identifiers (e.g., fingerprints, facial recognition), cryptographic keys, and digital assets. These elements collectively form a comprehensive digital footprint representing an individual’s digital identity.
Digital IDs are utilized in various contexts, primarily for authentication, authorization, and identity-proofing purposes in online transactions, internet banking, social media platforms, and other digital services [24]. Currently, email addresses and phone numbers are the most commonly used methods for authenticating an individual’s identity. A good digital ID should be flexible, easily accessible, and not restricted by geographical boundaries, allowing deployment anywhere in the world [25]. Furthermore, digital IDs play a crucial role in facilitating the community with a secure identity for individuals, such as refugees and those in crisis-affected countries, enabling them to receive government aid and financial assistance during difficult times [26]. Users must register with service providers to gain access to and manage services offered [27]. It is a credential of validated attributes associated with a specific person, organisation, or thing for the digital mean. According to McKinsey, an effective digital ID should comply with several key attributes to ensure it is practical, secure, and respectful of user rights. These attributes include verifiable, unique, consensus, and data-privacy-preserving characteristics [28].

2.2. Identity Management Model

The IdM models or digital identity models, provide a framework that defines how users’ identities can be verified in digital contexts, such as online purchases, scholarship or subsidy rewards, and participation in e-voting. These models have evolved through several stages, as illustrated in Figure 2. Figure 3 summarizes each IdM model available in the industry, highlighting their strengths, weaknesses, and applicable conditions.
Centralized Identity Model [29], is the most commonly used approach for authentication and authorization, granting permission to access services using a username and password, also named the silos model. For every interaction or relationship, one account will be created and maintained digitally in a centralized manner by a central authority, such as a government agency, corporation, social media, or bank. However, as time progresses, users accumulate a multitude of accounts, each with unique usernames and passwords needed to access different service providers, including email, membership sites, file storage, and word processing applications [30]. To safeguard customer data privacy and minimize security breaches (such as unauthorised access, social engineering, and malware), service providers must invest in hardware, software, auditing, and continuous training to ensure their infrastructure complies with standards and regulations [31].
In a Federated Identity Management Model [32], cross-platform services provided by tech giants like Microsoft, Google, Apple, Meta (Facebook), Alipay, WeChat, and Tencent QQ are prominent. In this model, users’ credentials for authentication and authorization are managed by a single party, with all user information collected and stored by the identity service providers (IdPs) [33]. The model consists of multiple IdPs that authenticate users’ identities before being granted services. It is also known as the IdP model, user-centric identity, or single sign-on model [34]. Users may use the same credentials from the IdP to access more than one digital service. The identity holders always have a legal bind with the service provider to establish trust. Still, the owner has no control over their digital identity. It suits a heterogeneous IT environment well, especially for facilitating secure resource sharing between collaboration partners [35].
The rise of federated identification’s popularity was due to its effortless ability to access multiple services concurrently and seamlessly, even on different platforms. The trust agreement between the user and provider is the same as in the centralized model. In 2005, the Internet Identity Working (IIW) group emphasized a User-Centric Identity Model by supporting a few projects developing decentralized digital identity. OpenID (2005) [36], OpenID 2.0 (2007) [37], OAuth (2007), OAuth 2.0 (2012) [38], OpenID Connect (2014) [39,40], and FIDOv2 (2018), which are industry standards for federated authentication, give full control over the individual’s digital identity to the provider but still do not allow users to manage their identities themselves. FIDOv2 allowed users to adopt a passwordless authentication scheme whereby trusted devices, such as smartphones and laptops, can authenticate users [41,42].
It is commonly utilized in diverse authentication scenarios, including service initiation, device pairing, two-factor authentication (2FA), and logging into user accounts. Multi-factor authentication (MFA) adds an extra layer of protection to the standard “username and password” pair during the authentication process. The users’ identity gets challenged by a series of questions: (a) something you know (knowledge); (b) something they have (possession); (c) physical location detection; and (d) something you inherited to prevent or make it more challenging to gain access if one factor is compromised [43,44]. However, deploying MFA or its subset, two-factor authentication (2FA), was found troublesome and delayed the login process time [45].
Single sign-on (SSO) is a mechanism that enables users to log in to multiple applications or websites with a single set of credentials. When a user logs in to an SSO-enabled application, the application authenticates the user’s credentials based on the identity and generated token, granting permission to access the respective services without requiring repeated verification. Security Assertion Markup Language (SAML) is commonly used for SSO to exchange authentication and authorization data to service providers by allowing a trusted identity provider to grant access and not require re-authenticate in future [46]. SSO provides users convenience by reducing password fatigue, improving productivity, and eliminating the need to memorize multiple passwords and perform multiple login operations.
Moreover, SSO adheres to a user-centric principle by considering the importance of user privacy. Users are not prompted to generate incompliant passwords, particularly weak passwords, easy-to-guess passwords, or repeating old passwords, which may increase risks to users and applications [47]. The token will access multiple applications for different domains and role functionalities with only one click. The most common examples of SSO include Google Workspace, Microsoft Azure, and Salesforce.
A Decentralized Identity Model [48] provides an authentication and authorization experience by matching the user’s credentials through username and password. If the attributes match and handshaking is established with the database, the user is granted access according to the roles and functionalities. Two parties are connected without establishing an account, based on necessity. In this model, the connection does not belong to anyone. Still, users were given control over their digital identities and could authenticate themselves without much dependence on a central authority or the third-party IdP.
The fundamental requirements for identity management are to comply with three basic functions: authentication, authorization, and auditing (AAA) [49,50]. To achieve decentralization, it has to bypass restrictions with no central authorities able to limit the information being accessed.
Self-Sovereign Identity Management Model is one of the decentralized identity models but focuses on controlling and protecting personal data by storing them on a distributed ledger, namely a blockchain network [51]. It is a refinement of federated IdM and a form of User-Centric Identity Model that gives users more control over their identities, choosing which attributes to share for the service and revoking access at any time.

2.3. Self-Sovereign Identity Management Model

Integrating blockchain technology with identity management is a key component that enables the realization of self-sovereignty of identity in principles. SSI relies heavily on blockchain to achieve the core objectives of user control, data sovereignty, and decentralized trust. Unlike traditional identity systems, which depend on centralized authorities to issue, manage, and verify credentials, SSI allows individuals to create, manage, and share their digital identities by having full control over their personal identity information (PII) and data [7,34].

2.3.1. SSI Attributes

SSI is generally characterized by several key attributes that collectively enable a secure, decentralized, and user-centric identity system. These attributes include Decentralized Identifiers (DIDs), Verifiable Credentials (VCs), blockchain, cryptographic key management, and decentralized storage. The relationship of all the actors is explained below.

Decentralized Identifiers (DIDs)

DID is a unique identifier created and managed by the user rather than by a centralized authority [52]. DIDs are a critical component of decentralized identity systems, providing a unique, persistent, and self-controlled identifier that is not dependent on any central authority. Technically, DIDs are strings that can be resolved to DID documents containing public keys, authentication methods, and service endpoints.
DIDs are created using a cryptographic algorithm, which generates a unique identifier linked to the user’s public key. An example of a DID is did:example:ebfeb1f712ebc6f1c276e12ec21 as in Figure 4. This identifier can then authenticate the user’s identity across multiple applications and services without needing a centralized authority to manage the user’s identity data. Another key benefit of DIDs is that they give users high control over their identity data. Users can create and manage their DIDs and choose which applications and services to share their identity data with. This puts users in control of their identity data and reduces the risk of identity theft and data breaches. Nevertheless, DIDs are also designed to be interoperable, meaning that they can be used across multiple decentralized identity systems and applications. This enables users to manage and share their identity data across various contexts and applications without needing multiple identity providers or centralized authorities.
As shown in Figure 5, a DID is a digital document that contains information related to a Decentralized Identifier. Decentralized Identifiers are unique identifiers that are designed to provide individuals, organizations, or entities with control and ownership over their digital identity [52]. A DID document typically includes key information such as DID, public keys, service endpoints, and authentication mechanisms (such as public key-based authentication or other cryptographic protocols). It is useful for establishing trust, enabling secure interactions, and managing access to resources or services [53].

Verifiable Credentials (VCs)

VCs are digital statements issued by trusted entities (issuers) that assert specific attributes or claims about an identity (holder). Technically, VCs are tamper-evident and cryptographically signed, ensuring their authenticity and integrity. They can be selectively disclosed, allowing holders to prove specific claims without revealing their credentials. This selective disclosure is achieved using cryptographic commitments such as zero-knowledge proofs (ZKPs) [54] and blind signatures [55]. Cryptographic commitments allow users to commit to a chosen value while keeping it hidden, only revealing it later if necessary. Blind signatures enable a credential issuer to sign a message without seeing its content, allowing the user to verify specific attributes without exposing the entire credential. Section 2.3.2 will further explain the other commonly used techniques.
VCs play a crucial role in SSI by providing verifiable proof-of-identity attributes and qualifications, which can be presented to and verified by third parties (verifiers) in a secure and privacy-preserving manner. Figure 4 demonstrates a high-level example of VC.

Cryptographic Key Management

Effective cryptographic key management is essential for the security and functionality of SSI. Users control their identities and credentials through cryptographic keys, typically involving a pair of public and private keys. Private keys must be securely stored and managed, often using hardware security modules (HSMs) [56] or secure multi-signature wallets [57]. Key rotation and recovery mechanisms are also critical to ensure that users can maintain control of their identities in case of key compromise or loss. Cryptographic key management underpins the security of DIDs and VCs, enabling secure authentication, data integrity, and non-repudiation.

Decentralized Storage

Decentralized storage solutions store identity-related data off-chain, ensuring scalability and efficiency. While the blockchain provides a secure and immutable ledger for DIDs and credential hashes, storing the credential data on-chain is impractical due to size limitations and privacy concerns. Instead, decentralized storage networks like InterPlanetary File System (IPFS) [58] or Swarm are employed to store larger data off-chain. These networks provide cryptographic guarantees for data integrity and availability while allowing users to control access to their data [59]. Decentralized storage plays a vital role in maintaining the scalability of SSI systems and protecting user privacy by minimizing the amount of data stored on the blockchain.

Blockchain Technology

Blockchain technology is the foundation infrastructure for SSI by tightly integrating the concepts of verifiable credentials and decentralised identifiers. Blockchain is a decentralized and distributed ledger technology that securely records transactions in a tamper-resistant, transparent, and immutable manner, ensuring data integrity and consistency [47]. The blockchain network comprises interconnected nodes or computers across different geographical locations, forming a chain-like structure [11]. This decentralized architecture enables the creation of robust and trustworthy information records without a central authority.
The fundamental building blocks of a blockchain are the blocks, which are stored chronologically and linked together by including the hash of the previous block’s header. This chain-like structure gives the blockchain its unique tamper-proof nature, as any alteration to the data would modify the hash value and be detected by the network [60]. Each block typically consists of several key components, including a block header, Merkle tree root, transactions, nonce, and other metadata [61]. The block header contains crucial metadata about the block, such as the version number, timestamp, previous block’s hash reference, and a nonce value used to satisfy certain conditions during the mining process [62].
Node, which can be computers or devices, play a crucial role in the blockchain network. They are responsible for maintaining a complete copy of the blockchain ledger and participating in the consensus process. There are two main types of nodes: full nodes and lightweight nodes. Full nodes are responsible for syncing, storing, and validating all transactions and blocks. In contrast, lightweight nodes rely on other full nodes for transaction validation, storing only block headers and a small portion of transaction data [63].
Consensus is the mechanism by which the blockchain networks agree on the validity of transactions and consistency of all nodes and maintain the integrity of the blockchain [27]. Various consensus algorithms have been developed, each with its strengths and trade-offs. Proof-of-work (PoW), used by Bitcoin and other cryptocurrencies, relies on cryptographic hash functions to solve complex mathematical puzzles, ensuring the network’s security but at the cost of high computational power and energy consumption [64]. On the other hand, proof-of-stake (PoS) is a more energy-efficient alternative that selects validators based on their stake in the network [65]. Practical Byzantine Fault Tolerance (PBFT) is another consensus algorithm commonly used in permissioned blockchain networks, where participants are known and trusted, providing a fault-tolerant solution for private networks [66,67].
A digital wallet is a critical component in the blockchain ecosystem. It is a software application that functions similarly to a physical wallet. It allows individuals to store, manage, and protect various digital assets, such as cryptocurrencies, tokens, badges, and other digital assets, including decentralized identities. Digital wallets typically use cryptographic techniques to secure and ensure that only the owner can access them. Additionally, digital wallets can send and receive assets, make payments, and manage accounts [68].
Transactions are the fundamental units of data in a blockchain to transfer digital assets from one account to another. Transactions involve the transfer of digital assets, such as cryptocurrencies, and digital assets (such as tokens and NFTs) between participants. Such transactions require nodes’ validation, verification, and broadcast to the network. The states in the blockchain are changed due to transactions. A node can interact directly with another node for transactions while maintaining anonymity.
A digital agent is an autonomous software component representing an individual or an organisation in a DID system. It is designed to manage and control a user’s identity on their behalf. Digital agents act as intermediaries between users and the decentralized identity system, allowing users to manage their identity data securely and privately. Digital agents can be implemented in various ways, including as standalone applications, browser extensions, or integrated into existing applications and services. They can also be customized to meet the specific needs of different users and use cases, enabling users to manage their identity data in a way that is tailored to their individual needs and preferences.

2.3.2. Cryptographic Techniques in Formalizing Self-Sovereign Identity

Cryptographic algorithms can securely be used to ensure the authenticity and integrity of the data. The environment and infrastructure to store the ledger require particular expertise and technical skills. Various cryptographic techniques play a crucial role in ensuring privacy, security, and consistency within SSI frameworks.

Multi-Party Computation (MPC)

MPC is a broader cryptographic technique that enables multiple parties to jointly compute a function over their inputs while keeping those inputs private [69]. Each party holds a piece of the input, and the output is computed collaboratively without revealing individual inputs to any party. MPC focuses on the collaborative computation of private data by performing computations on shared data. MPC can be leveraged to enable secure and privacy-preserving management of digital identities and the associated credentials. Assuming there are n parties and each party shares its input using a secret sharing scheme (e.g., Shamir’s Secret Sharing (SSS) [70], Garbled Circuits [71], Fully Homomorphic Encryption [72], or Homomorphic Secret Sharing [73]), the goal is to compute a function f ( x 1 , x 2 , , x n ) over private inputs x 1 , x 2 , , x n from n parties, without revealing the inputs. The workflow is as below:
  • Initialization
    Assume there are n parties: P 1 , P 2 , , P n . Each party holds a private input, denoted as X 1 , X 2 , , X n .
  • Input Sharing
    Each party splits its input into shares. For example, P 1 with input x 1 might create shares s 11 , s 12 , , s 1 n . The shares are distributed among all parties such that no single party can reconstruct the original input. This can be done using any technique, such as SSS.
  • Computation Phase
    The parties perform computations using their shares. The function f is executed on the shares rather than the original inputs. This computation can be done using secure function evaluation techniques, ensuring that intermediate results do not reveal information about the inputs.
  • Output Sharing
    After the computation, the parties combine their shares to reconstruct the output. The outputs are denoted as Y 1 , Y 2 , , Y n . The outputs are derived from the computation of the private inputs, ensuring that each participant received results without exposing their individual inputs.
The workflow of MPC can be illustrated in Figure 6a. By incorporating the MPC framework into SSI, the education domain implementations can benefit from the robust privacy guarantees and decentralized computation capabilities offered by this secure multi-party protocol. Multiple parties collaborate to securely store and share data while maintaining privacy, ensuring that no single party can access the entire dataset without the consent of others. Sensitive student data, such as personal information and research outcomes, can be shared collaboratively among several organizations while keeping the data confidential. This integration can help realize the vision of user-centric, privacy-preserving, and trust-minimized identity management, which is at the core of SSI principles.

Shamir’s Secret Sharing Scheme (SSS)

Comparatively, Shamir’s Secret Sharing Scheme, as illustrated in Figure 6b, is a set of powerful cryptographic methods that can be effectively used in SSI to enhance security and fault tolerance [74]. SSS is often employed in MPC protocols to share inputs among participating parties. It is particularly useful for linear operations, as these can be performed directly without communication between parties. SSS is commonly used for key management and secure backups due to its relatively simple implementation. The process begins by dividing the secret into multiple pieces, which are then distributed among the participants.
  • Secret initialization
    Let us assume the secret to be shared is a private key or a sensitive piece of identity data.
  • Polynomial creation
    The secret S is encoded as the constant term of a polynomial P ( x ) of degree k 1 . For a threshold k, the polynomial could be P ( x ) = S + a 1 x + a 2 x 2 + …+ a k 1 x k 1 where a 1 , a 2 ,…, a k 1 are random coefficients.
  • Generating shares
    Compute n shares by evaluating the polynomial at n distinct points. Each share is a pair ( x i , P x i ).
When the secret needs to be reconstructed, at least k of these shares are required. Using Lagrange interpolation, the polynomial P ( x ) can be reconstructed from the collected shares. Once the polynomial is retrieved, the original secret S (the constant term of the polynomial) can be extracted. This SSS scheme allows the secret S to be distributed across multiple parties while ensuring that at least k of them are needed to reconstruct the secret. This approach is very useful in the context of education credentials as it preserves the user’s sovereignty over their data, as they can control the distribution and reconstruction of sensitive information. By splitting a secret (e.g., a private key) into n shares and setting a threshold k, SSS prevents any single entity from having complete control over the secret, enhancing security. Shares can be distributed across multiple trusted entities or devices, reducing the risk of a single point of failure.

Attribute-Based Encryption (ABE)

ABE [75] is a type of public key encryption where the secret key of a user and the ciphertext are dependent upon attributes, such as roles or identities. In the context of SSI, ABE can be leveraged to secure identity credentials, ensuring that only users with specific attributes can decrypt the information.
The ABE setup process begins with an authority that generates a master public key and a master secret key. Subsequently, users are issued private keys based on their attributes. When data needs to be encrypted, it is done so with a set of attributes that define the access policy. To access the encrypted data, the user must have a private key that matches the attributes used to encrypt the data. Only users with the correct set of attributes can successfully decrypt the information. This approach allows for fine-grained access control and selective sharing of identity-related data within an SSI ecosystem, empowering individuals to maintain sovereignty over their digital credentials and personal information.

Zero-Knowledge Proofs (ZKPs)

In the context of SSI, ZKPs are a critical component that can cryptographically prove their identity or attributes without disclosing the actual values of those attributes [76]. ZKPs are a powerful cryptographic technique that allows an individual to prove the validity of a statement without revealing any additional information beyond the statement itself.
ZKPs are based on several cryptographic algorithms and commitment schemes to achieve their objectives: Pedersen Commitment [77], Schnorr Signature [78], Fiat–Shamir Heuristic [79], Bulletproofs [80], and Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) [81] are among the common schemes and algorithms to allow the construct of compact and efficient ZKPs. The Schnorr protocol is a specific type of ZKP-based digital signature scheme that is well-suited for use in SSI systems [78]. It provides a secure method for generating digital signatures. The created digital signatures are cryptographically secure and resistant to forgery, hence being lightweight and relatively efficient, well-suited for small appliances which are resource-constrained, such as IoT devices. The Schnorr protocol also ensures the verification process can protect the user’s privacy by preserving sensitive information from exposure.

3. Current Education Systems Landscape

An education management system (EMS) comprises a huge community of individuals and organisations that deliver, manage, operate, and support educational services and resources. The community includes students, parents, educators, scholars, administrators, academia, educational institutions, government agencies, talent hunters, and other stakeholders. Students are the primary beneficiaries of the education system, the key user, and also form the focus group within the community.

3.1. The Importance of Education Recognition Verification

Schools, colleges, and universities are institutions that deliver academic services and manage related resources either through physical or virtual spaces. They served as both issuers and verifiers to verify students’ and alumni’ educational qualifications and credentials. This verification process encompasses many important documents, including diplomas, certificates, degrees, and transcripts. By rigorously examining these credentials, educational institutions can ensure the accuracy and integrity of the educational journey undertaken by individuals, allowing for the seamless recognition of their accomplishments in diverse international contexts.
Governments established dedicated agencies to monitor and oversee quality insurance and compliance for higher education in the nation. Their responsibilities include accrediting and recognizing programs and courses offered by domestic and international educational bodies. They are responsible for maintaining the quality and standards of higher education, both domestically and internationally, while ensuring that recognized qualifications align with national standards.
Third-party verification services, such as background-check companies and credential evaluation agencies, can also serve as verifiers within the education community. These services offer various verifications responsible for checks, credential evaluations, and the verification of degrees and certificates obtained outside the country or region where they are being evaluated. In addition, the government may appoint these services to establish and enforce educational attestation and credential standards. They act as intermediaries on behalf of the government to ensure the accuracy of data provided by accrediting educational institutions. These authorities conduct comparative and unbiased analyses of foreign qualifications across all levels, comparing them to national or international standards. For instance, the United States has the Department of Education and the Council for Higher Education Accreditation (CHEA) (CHEA, https://www.chea.org/, accessed on 1 November 2024) overseeing this process. In the United Kingdom, the Higher Education Degree Datachecrk (HEDD) (HEDD, https://hedd.ac.uk/, accessed on 1 November 2024) operates with the responsibility of benchmarking education quality against national standards, frameworks, and qualification descriptors.

3.2. Characteristics of Current Education System

The integration of digital technologies into education has had a profound impact, transforming its fundamental characteristics. The digital environment in education has brought revolutionary changes, disrupted traditional educational practices, and transformed the entire learning experience [82]. Modern education exhibits several significant features.
First, there is an unprecedented level of access to information. The Internet and digital resources have revolutionized how information is obtained and retrieved. Students now have the freedom to swiftly and effortlessly search vast amounts of information through self-service platforms [83]. The digital landscape provides students with many resources at their fingertips. Resources such as e-books, digital libraries, open access platforms, and online databases are readily available, transcending geographical and temporal boundaries. Second, education today embraces data-driven decision-making. A wealth of student information is generated and collected daily, encompassing aspects such as application, registration, engagement, performance, and learning outcomes [84,85]. Educators leverage data analytics to monitor student progress and gain insights into their development. Assessment practices, including impromptu quizzes and tests, streamline the evaluation process, saving time and enabling prompt feedback to students [86].
Furthermore, the advancement of digitalization has transformed numerous offline paper-based, time-consuming workflows into online processes, resulting in reduced resource expenditures, including human resources, and a shift towards a paperless ecosystem. Consequently, a vast volume of data generated by all information systems has been made available online, encompassing the entire process of capturing student information, starting from enrollment, training management, academic management, and graduation, all the way to employment. This information is mostly accessible through mobile apps, allowing for managing student affairs anytime and anywhere. Integrating a digital identity makes educational information management more efficient, effective, and transparent. Additionally, the system should be capable of intelligently detecting abnormal activities and providing customizable alerts for exceptional circumstances.
Additionally, digital technology facilitates lifelong learning, providing educators with opportunities for ongoing personal and professional growth [87]. Online content deployment via online courses, webinars, podcasts, virtual conferences, and seminars has become a trend, expanding an individual’s knowledge, building skills, and empowering them to contribute effectively to future work scenarios. The traditional classroom learning approach has revolutionized pedagogy. The trend of conducting online learning, virtual classrooms, and interactive multimedia tools has created new avenues for instruction and collaboration. Students can now explore diverse perspectives, access up-to-date knowledge, and engage in self-directed learning. The paradigm shift in education has expanded learning horizons and empowered students to assume control over their educational paths. Consequently, the traditional identity management system cannot effectively manage student involvement and deliver services supporting valid identity claims.

3.3. Challenges in Traditional Education Credential Issuance and Verification

The nature of the education system results in data being scattered across various systems and platforms, which can create challenges regarding data management, access, sharing, and portability. In the traditional education system, issuing and verifying academic credentials are mostly through manual processes, paper-based records, and centralized databases. The challenges can be classified into three main categories: governance, technical, and economical, as shown in Figure 7.
I.
Governance and Adoption

3.3.1. Bureaucratic Process and Control

The traditional methods of verifying educational credentials often rely on physical presence or direct communication with the issuing institution, which can pose significant challenges for individuals who have relocated or are applying for opportunities internationally. This reliance on in-person interactions and bureaucratic processes can result in delays and red tape, particularly when credentials require attestation or recognition from specific authorities. In addition, the decentralized and rigid nature of educational institutions can create bureaucratic barriers to the efficient management and sharing of student data. The friction and inefficiencies inherent in these traditional verification methods can hinder the timely and seamless validation of qualifications, creating barriers for mobile and globally connected individuals seeking to leverage their educational achievements.

3.3.2. Inconsistent Standards

The absence of widely adopted standards and interoperability guidelines across different educational systems and platforms can hinder the seamless exchange of student data. Different organizations may follow varying standards and practices for recording and issuing credentials. This inconsistency complicates the verification process, as there is no uniform benchmark against which credentials can be assessed. Innovative solutions, such as blockchain-based SSI, can provide a standardized framework for managing and verifying educational credentials.

3.3.3. Fraud and Counterfeiting

Counterfeiting and falsification have long been concerns within the academic and education industry. One prominent consequence of these practices is the increased occurrence of counterfeiting and falsification of academic credentials. Ezell [88] and Marklein [89] have identified credential fraud, degree mills, and bogus accreditation agencies as current issues in the education system, categorizing them as forms of corruption that compromise the academic system. Counterfeit credentials are typically designed to closely resemble authentic documents, making them difficult to distinguish at first glance. Table 3 demonstrates a few types of counterfeiting in the academic domain.
Both counterfeiting and falsification also extend to academic work, such as research, academic publications, artwork, designs, dissertations, and theses. These deceptive practices can disseminate false information, leading to academic degradation and societal harm [90]. The potential for fraudulent activities, such as the misrepresentation of educational qualifications, can undermine the integrity of the education system as well. Credential fraud and misrepresentation are pervasive issues in the education sector, posing severe risks to the credibility of educational qualifications.
Fake diplomas, altered transcripts, and counterfeit certificates can be produced relatively easy, making it challenging for institutions and employers to distinguish between genuine and fraudulent credentials. This vulnerability undermines the trust in academic qualifications and can have severe implications for the integrity of educational systems. It has often been targeted by hackers and other malicious actors, which can lead to exposure to sensitive student information. There have been many high-profile data breaches involving education, including universities and schools.
In addition to their time-consuming nature, traditional methods of verifying educational credentials, such as degrees and certificates, can be vulnerable and prone to fraud. Manual verification processes are susceptible to human error, which can lead to incorrect or incomplete verifications. These errors can undermine the trust in the credential verification system and cause significant inconvenience to students and employers. The collected information is mostly highly detailed and can be used to perpetrate identity theft, financial fraud, and other forms of cybercrime [95]. Paper-based credentials and centralized databases are susceptible to fraud and forgery.
II.
Technical and Infrastructure

3.3.4. Lack of Interoperability

Existing systems mostly lack data integration and interoperability hindering efficient data-driven decision-making and policy implementation, limiting the opportunities for personalized learning and targeted support for individual students by educational institutions, government agencies, and other stakeholders. Such fragmentation by the default environment makes it challenging and handy for students, parents, and educators to access and integrate consistent and reliable data from multiple resources, especially cross-border integration and multi-disciplinary collaboration.

3.3.5. Technological Barriers

Many educational institutions, particularly in remote, underdeveloped areas, or developing regions, may lack the technological capabilities necessary to support modern, digital credential verification systems. This technological gap exacerbates the challenges of interoperability and efficient verification which may impede the adoption of advanced digital solutions. Leveraging emerging technologies, such as mobile-friendly applications, high-speed transmission, and low-cost computing devices, can help overcome these technological boundaries and improve access to educational resources.

3.3.6. Legacy Systems and Infrastructures

Many educational institutions still rely on legacy, on-premises information systems and databases to store and manipulate their records. These outdated systems can be incompatible with modern data-exchange protocols and always hinder different kinds of errors for data sharing across different entities.
III.
Data and Privacy

3.3.7. Data Fragmentation

Educational institutions, such as schools, colleges, and universities, often operate as independent entities with their customized data management systems. Such decentralization contributes to the creation of multiple isolated repositories of student records, academic transcripts, and other educational-related data, as it is often collected and managed by multiple parties and may not always capture the full range of information. The fragmented and decentralized nature of educational data poses significant challenges for the education system; hence, students often face difficulties in accessing and tracking their comprehensive academic records. This fragmentation creates barriers to seamless transitions between educational institutions, resulting in a lack of data granularity, as the verification and validation of credentials can become arduous.

3.3.8. Privacy and Security Concerns

Traditional methods of verifying educational credentials, such as degrees and certificates, are prone to fraud. The collected information is highly detailed and can be used to perpetrate identity theft, financial fraud, and other forms of cybercrime [96]. It has often been targeted by hackers and other malicious actors, which can lead to exposure to sensitive student information. Identity theft and data breaches continue to be a serious concern, and universities and higher education institutions also be part of the radar.
Identity theft poses significant threats to the academic domain, affecting students, education institutions, and employers alike. The consequences of identity theft can lead to financial loss, reputation damage, and the erosion of trust in academic credentials. Students are particularly vulnerable to identity theft. The severity impact may lead to students facing difficulties in securing jobs or internships, as employers may question the legitimacy of their qualifications. The consequences of data breaches may also lead to a loss of trust among students and parents to the institutions, resulting in reputation damage affecting enrollment in the following years.

3.3.9. Time-Consuming Processes

Verifying credentials through traditional means can be a lengthy and cumbersome process, primarily due to its reliance on manual checks and inter-institutional communications [86,97]. This often involves physical document submissions, phone or email exchanges, and cross-referencing records, all of which are time-consuming and prone to human error. For instance, a 2023 study by Tan et al. highlights that traditional credential verification methods can take weeks or even months, particularly when dealing with international institutions or outdated record-keeping systems [98]. This delay can significantly impact students and graduates, hindering their ability to secure admission to educational programs or employment opportunities in a timely manner.
Moreover, the inefficiencies of traditional verification processes are well-documented in recent research. A 2021 paper by Čučko et al. emphasizes that decentralized and blockchain-based systems can reduce verification times from weeks to mere minutes, underscoring the inefficacy of conventional methods [99]. Similarly, a 2023 study by Alsobhi et al. notes that manual verification processes in higher education often lead to bottlenecks, especially during peak admission periods, causing frustration for applicants and administrative staff alike [100].

3.3.10. High Administration Costs

High administrative costs in traditional education credential issuance and verification arise from the complex, labour-intensive processes involved in managing academic records. These costs include manual handling, where staff must enter, print, and mail certificates and transcripts, leading to increased labour expenses. Verification requests from employers or other institutions require contacting the issuing body, consuming time and resources. Additionally, maintaining secure databases and physical storage demands continuous investment in IT infrastructure and staff training, further driving up costs. Manual processes also introduce delays and errors, necessitating additional resources for correction. Ensuring compliance with data-protection regulations involves legal and technological expenditures to safeguard student information.

4. Ba-SSI Enhancing Security and Data Sovereignty in Education Management System

EMS has become pivotal for storing and managing student data in the digital age. However, securely storing and sharing this sensitive information poses significant challenges to educational institutions and individuals at another level.

4.1. Decentralised Identifiers (DIDs) in Education

Studies found that Ba-SSI could provide a secure and efficient way of verifying academic credentials while contributing solutions to trust, data leakage, and a single point of failure or vulnerabilities concerning high sensitivity and privacy records [101]. DIDs are pivotal in enhancing security and data sovereignty within the education management system from multiple intersections. The components mentioned below come together and form to authenticate and verify a user’s identity.

4.1.1. Verifiable Credentials

Credentials are typically stored as digital records or tokens that can be used to demonstrate a person’s identity, qualifications, or other attestation purposes [102]. A claim is an assertion about a person, while claims in education include identities such as biological information about someone, educational qualifications, employment history, achievements and awards, biometric data, etc. Verifiable credentials (VCs) in the education domain address numerous user needs by providing a secure, efficient, and user-centric method for managing and verifying academic achievements [103,104,105]. Compared with claims, VC is the entire digital document that contains one or more of these claims.
In an educational context, VCs enable students to receive digital proofs of their qualifications, such as diplomas, transcripts, and certificates, directly from academic institutions. These credentials are cryptographically signed by the issuing institution (authority), such as a government agency, employer, or educational institution, ensuring their authenticity and integrity. Unlike traditional paper-based documents, VCs can be easily stored in digital wallets and shared with potential employers, other educational institutions, or certification bodies, preventing inconsistency between records and facilitating seamless and instantaneous verification without intermediaries. This reduces administrative overhead and delays, which usually take about 3–5 working days to attest a user request, and minimizes the risk of fraud and forgery.
For students, VCs provide greater control over their data. They can selectively disclose specific information from their credentials, ensuring privacy and data minimisation, which is particularly important in an era of increasing digital surveillance and data breaches. Additionally, VCs enhance the portability of academic records, allowing students to present their credentials globally without the constraints of geographical boundaries. Educational institutions benefit from VCs by streamlining their credential issuance processes, reducing the costs associated with printing and mailing paper documents, and improving their operational efficiency. Employers and other verifiers gain confidence in the validity of the credentials presented to them, thanks to VCs’ cryptographic assurances. Overall, adopting VCs in the education sector fosters a more efficient, secure, and transparent ecosystem for academic credentialing, greatly enhancing the user experience for all stakeholders involved.

4.1.2. Trusted Peer-to-Peer Relationships

DIDs are the fundamental component of decentralised identity systems. They enable trusted peer-to-peer relationships, allowing users to establish trust without needing a centralised authority. In the educational context, students, educators, and institutions can interact directly and securely through the cryptographic verification of identity data.
Cryptographic methods create a decentralised environment to ensure trust between peers. Each participant holds cryptographic keys that verify their identity and authenticate their interactions. Students can securely share their verifiable credentials, stored on a blockchain, with employers or other institutions without the risk of tampering or fraud. The immutable and tamper-proof nature of these credentials reduces reliance on central authorities, minimising the risk of data breaches and enhancing overall security.
Peer-to-peer credential sharing and verification streamline the process, enabling students to share their academic achievements and qualifications directly with potential employers or other educational institutions. This direct interaction speeds up the process and reduces administrative overhead and costs associated with traditional verification methods. Institutions can verify credentials in real time, enabling faster decision-making in admissions or recruitment. It also provide protection in managing copyrights and intellectual properties with the capabilities to detect plagiarism and fraudulent in academic domain by increasing the reliability [106].
Students are empowered with control over their data by enabling trusted peer-to-peer relationships. They can decide what information to share, with whom, and for how long, ensuring their privacy is respected. This autonomy aligns with data-protection regulations, such as the GDPR and Data Privacy Law, which grant users the right to manage their data. Students become active participants in their educational journey, fostering a sense of ownership and responsibility.

4.2. Secure Storage of Student Data

The foundation of a secure EMS lies in the safe storage of student data, which is the blockchain network [107]. The blockchain network operates on a decentralised and distributed ledger architecture.

4.2.1. Create Backup and Redundancy

The decentralised approach eliminates the need for a centralised repository that could become a single point of failure. Transactions on the blockchain are recorded in an immutable, cryptographically linked manner, where each new block is chained to the previous one using hashing algorithms. This ensures that once student data are recorded on the blockchain, it cannot be altered or deleted without being detected, as any attempt to modify the data would break the cryptographic integrity of the chain [108]. Instead, student records are stored across multiple nodes in the network, with each node maintaining a copy of the ledger. This safeguards records from being misplaced, lost, or damaged, which always happens in traditional storage.

4.2.2. Protect Data Privacy and Security

Advanced encryption techniques are essential to protect sensitive data at rest and in transit. Blockchain networks leverage robust cryptographic methods, such as public-key cryptography and digital signatures, to enhance the security of student data. During the COVID-19 pandemic, when education institutions have shifted to online operations, various tools are used to collect and process individual information, including PII, to ensure the legitimacy of trainees or participants. Encryption ensures that even if data are intercepted or accessed without authorisation, it remains unreadable and unusable.
Additionally, institutions should employ secure access controls to minimise the risk of data breaches. This includes the use of multi-factor authentication (MFA), attribute-based access control (ABAC) and role-based access control (RBAC), which restrict access to sensitive information based on the user’s role and privileges. By implementing these access-control and data-protection measures (such as regular auditing and data masking), educational institutions can create a robust and multi-layered security framework to safeguard the confidentiality, integrity, and accessibility of student data, aligning with data privacy regulations and best practices.

4.2.3. Enhance Storage Scalability

To address the scalability limitations of on-chain storage, educational institutions can integrate off-chain storage solutions with the blockchain network. This hybrid approach allows for managing large datasets, such as student multimedia files and transcripts, while maintaining the records’ overall security, transparency, and immutability. By storing only essential metadata pseudonymous on-chain, which is more expensive to operate, and utilising off-chain databases for large datasets, educational institutions can achieve better performance and scalability while ensuring student data’s overall integrity and traceability.
Furthermore, blockchain-based identity management systems can enable fine-grained access control and permissions management for student data. Educational institutions can define and enforce access policies, determining which individuals or entities (e.g., students, teachers, administrators, external parties) can view, modify, or share specific student records. This access control mechanism, facilitated by the blockchain’s innovative contract capabilities, ensures that student data are only accessible to authorised parties, further enhancing educational records’ overall security and privacy.

4.3. Energy Consumption and Cost Implications of Blockchain

The adoption of blockchain technology in educational systems introduces significant concerns regarding energy consumption. This issue is predominantly attributed to the consensus mechanisms employed by various blockchain networks. The most widely known consensus mechanism, proof-of-work (PoW), used by networks such as Bitcoin, requires vast computational resources. PoW operates on the principle of miners competing to solve complex cryptographic puzzles to validate transactions and create new blocks. This process is inherently energy-intensive, involving numerous computers continuously performing extensive calculations. For instance, the Bitcoin network’s energy consumption has been compared to that of entire countries, raising substantial environmental concerns. If educational institutions were to adopt public blockchains that rely on PoW, they would face high operational costs and potential backlash due to the environmental impact. As academic institutions increasingly prioritise sustainability, the high energy demands of PoW could be a significant barrier to adopting blockchain technology.
Alternative consensus mechanisms, such as proof-of-stake (PoS), have been developed to address these concerns. PoS significantly reduces energy consumption by eliminating the need for extensive computational work. Instead of miners competing through computational power, validators are chosen based on the amount of cryptocurrency they hold and are willing to “stake” as collateral. This method drastically reduces the energy required to maintain the network. Educational institutions could consider blockchain platforms that utilise PoS or other energy-efficient mechanisms to mitigate environmental impact and reduce operational costs. Additionally, hybrid consensus mechanisms and layer-two solutions are emerging as viable options to enhance the energy efficiency of blockchain networks. These solutions combine the security and decentralisation benefits of PoW with the energy efficiency of PoS. Furthermore, educational institutions could explore off-chain transactions, where only essential data are recorded on the blockchain. In contrast, the majority of transactions are processed off-chain, thereby reducing the overall energy footprint.

4.3.1. Infrastructure Costs

Implementing blockchain technology in education requires significant initial investments in infrastructure. This includes purchasing specialised hardware, acquiring blockchain software, and upgrading network capabilities to support the increased data flow. Unlike traditional database systems, blockchain networks require robust, decentralised infrastructure to ensure security and reliability. The initial setup costs can be substantial, particularly for smaller educational institutions with limited budgets. For instance, establishing a private blockchain network involves setting up multiple nodes, each requiring powerful servers to handle the computational load. Additionally, educational institutions must invest in secure storage solutions to protect the cryptographic keys essential for accessing blockchain data.
Beyond the initial setup, ongoing maintenance and upgrade costs must also be considered. Blockchain technology is rapidly evolving, with new protocols and security features continuously developing. Educational institutions must allocate resources for regular updates and patches to ensure the network remains secure and efficient. This includes upgrading hardware to meet the increasing demands of blockchain operations and implementing the latest security protocols to protect against emerging threats. In addition, educational institutions need to invest in training for IT staff to manage and maintain blockchain systems effectively. This includes understanding the intricacies of blockchain technology, troubleshooting issues, and ensuring that the system operates smoothly. The cost of training and retaining skilled personnel can add to the overall expenses of implementing blockchain technology.

4.3.2. Transaction Fees

Transaction fees are another critical consideration when evaluating the cost implications of blockchain technology in education. Although blockchain networks omit intermediaries when maintaining a system, the networks typically impose transaction fees to incentivize validators or miners to process and confirm transactions [109]. These fees can vary significantly depending on the blockchain platform and the current demand for transaction processing. In the educational context, numerous transactions may occur daily, such as issuing credentials, verifying student identities, and recording academic achievements. Educational institutions must carefully evaluate the transaction fee structures of different blockchain platforms and choose those that offer lower or more predictable fees. Some blockchain networks, like EOS, have adopted fee-less models, where transaction costs are covered by the inflation of the native cryptocurrency, providing a more stable and predictable cost structure.
Educational institutions can also explore batch processing to manage transaction costs effectively. By grouping multiple transactions into a single batch, institutions can reduce the frequency of transactions and, consequently, the total fees incurred. Additionally, Layer 2 solutions, such as state channels or sidechains, can help offload transactions from the main blockchain, reducing the overall transaction fees.

4.3.3. Cost–Benefit Analysis

A comprehensive cost–benefit analysis is crucial for educational institutions considering the adoption of blockchain technology. While the initial and ongoing costs can be significant, the long-term benefits may outweigh these expenses, providing substantial value to students and institutions. One of the primary benefits of blockchain technology is enhanced data security and integrity. Blockchain’s decentralized and immutable nature protects student records against tampering and unauthorized access. This can significantly reduce the risk of data breaches, which can be costly in terms of financial losses, legal liabilities, and reputational damage. Moreover, blockchain can streamline administrative processes, reducing operational inefficiencies and associated costs. For example, automating the issuance and verification of academic credentials can save time and resources that would otherwise be spent on manual verification processes. This can free up administrative staff to focus on more strategic tasks, improving overall productivity.
Blockchain technology also offers improved transparency and accountability. Educational institutions can give students real-time access to their records, enhancing trust and empowering students with greater control over their data. This can lead to improved student satisfaction and engagement, which are critical factors in student retention and success. Furthermore, blockchain can facilitate seamless collaboration between educational institutions, employers, and other stakeholders. Verifiable credentials stored on the blockchain can be easily shared and verified, simplifying transferring credits, applying for jobs, or enrolling in further education. This can enhance the overall efficiency and effectiveness of the education ecosystem.
To illustrate the potential cost savings and benefits, educational institutions can look at case studies or pilot projects that successfully implement blockchain technology. For example, the University of Nicosia in Cyprus was one of the first institutions to issue academic certificates on the blockchain, demonstrating significant improvements in security and efficiency. Similarly, the Massachusetts Institute of Technology (MIT) has explored blockchain-based solutions for credential verification, showcasing the practical benefits of this technology.

4.4. Blockchain-Assisted SSI Systems

Blockchain’s inherent characteristics, including its distributed nature, cryptographic security, consensus mechanism, tamper resistance, robustness, and ability to be automated through smart contracts, have significantly enhanced the potential for innovation as a solution to the challenges faced by the current identity management systems. Research on blockchain-based identity solutions has also surged, with a few of the prominent implementations emerging, such as IDchainz [92], Microsoft DID [110], WeIdentity [110], Uport [111], Sovrin [112], Shocard [113] and EverID [30,113,114,115,116]. We compare them from different perspectives in Table 4, focusing on their suitability for the education/academic domain. A brief explanation for each principle is given in Table 5. We also analysed them based on ten SSI principles, as discussed by Christopher Allen in Table 6. The evaluation aimed to identify strengths and weaknesses across different components by reviewing the design and implementation of each popular product to determine how well they meet the criteria. This process highlighted perceived effectiveness and shortcomings and included a technical assessment of the underlying technology, focusing on the architecture and protocols used. Each system offers unique features and future enhancements that cater to different aspects of identity management, providing a range of options for secure and efficient identity verification and credential management.

4.5. Balancing Privacy Protection and Data-Sharing Transparency

Integrating Ba-SSI in the education domain presents both opportunities and challenges regarding the delicate balance between privacy protection and data-sharing transparency. This is one of the most complex challenges in managing student data. The core principles of self-sovereign identity empower individuals, such as students and educators, to have greater control over their data and decide how they are shared. This aligns with the increasing emphasis on data privacy and regulatory frameworks like the GDPR. On the other hand, educational institutions and regulatory bodies often require access to specific data for administrative, research, and compliance purposes, creating a need for controlled data sharing and transparency.
One of the critical advantages of Ba-SSI is the ability to implement selective disclosure of information. Students can be granted the autonomy to control the sharing of their academic records, transcripts, and other personal data. They can decide what information to share, with whom, and for what purpose without compromising their privacy. This is achieved through zero-knowledge proofs, allowing individuals to prove their claims’ validity without revealing the underlying data. For example, a student can demonstrate their academic qualifications to a potential employer without disclosing the details of their entire educational history. For instance, a student’s academic transcript may be accessible to authorized school administrators and faculty members. At the same time, prospective employers or other external parties may only be granted access to a verified credential that confirms the student’s qualifications without exposing the entire record. This selective data sharing can be automated through smart contracts, which can enforce predefined rules and policies governing the access and usage of student data.
Meanwhile, educational institutions must develop clear policies and protocols prioritizing student privacy while enabling data sharing. This involves implementing data minimization principles, where only the essential data required for a specific purpose are collected and shared. Additionally, employing anonymity and pseudonymity techniques can protect student identities while allowing for data analysis and reporting. Designing and implementing robust processes and patterns within the EMS is crucial to guiding existing practices effectively. This includes developing comprehensive data governance frameworks that outline the responsibilities and procedures for data management. Regular audits and compliance checks should be conducted to ensure adherence to these frameworks. Moreover, institutions should foster a culture of data security and privacy awareness among staff and students through continuous education and training.

5. Ba-SSI Deployment Challenges and Risk

While the deployment of Ba-SSI frameworks in education has the potential to address many of the security and administrative issues associated with traditional identity management systems, it also presents a variety of serious risks and challenges that span across system architecture and technical design. Understanding and proactively addressing these risks are essential to ensuring the development of a secure, scalable, interoperable, and compliant identity management system for the education sector.

5.1. Cyberthreats Impact

Adopting Ba-SSI systems in the educational domain introduces potential cybersecurity risks that warrant careful consideration. While blockchain technology offers enhanced security features, such as decentralization and immutability, it is not immune to threats. The endpoints used to access the system, such as user devices, can be vulnerable to various cyberattacks. Attackers may be trying to steal private keys, compromising the integrity of digital identities. Threats like phishing, malware, and social engineering can compromise user credentials, leading to unauthorized access and potential data breaches within the Ba-SSI ecosystem. Furthermore, a well-coordinated 51% attack, in which a group of malicious actors gain control of the majority of the network’s computing power, could potentially allow them to alter transaction records and compromise the integrity of the education data stored on the blockchain. These risks must be carefully addressed to ensure the overall security and trustworthiness of Ba-SSI deployments in the academic domain.
Another key critical issue in deploying an SSI system is that the security of identities and credentials relies heavily on the proper handling of cryptographic keys. If students or institutions lose their private keys, they risk losing access to their identities and credentials. To mitigate this, robust key-management solutions should be implemented, along with key-recovery mechanisms like social recovery or decentralized key-recovery services.
Smart contract vulnerabilities pose a significant risk in deploying Ba-SSI solutions within the education domain. Smart contracts are the fundamental building blocks that manage various SSI functionalities, such as credential issuance, verification, and revocation. However, smart contracts used in SSI systems can have coding flaws that attackers might exploit, resulting in unintended data exposure or manipulation. If these bugs or security vulnerabilities persist in the smart contract, malicious actors could exploit them to compromise the integrity of the system, gain unauthorized access to sensitive student data, or disrupt the overall operation of the BA-SSI ecosystem. To mitigate these risks and ensure the long-term reliability and security of BA-SSI, robust security measures, such as multi-factor authentication, regular security audits, and secure key-management practices, security audits, using formal verification methods, and implementing upgradeable contract patterns are crucial steps when deployed in the academic sector.
Sybil attacks, where attackers create multiple fake identities to manipulate the system, are also a threat [120]. Robust identity verification processes during DID registration, coupled with reputation systems and proof of personhood mechanisms, can help detect and mitigate these attacks. Phishing and social engineering attacks are another concern, as users might be tricked into sharing their private keys or other sensitive information. Educating users about security best practices, implementing two-factor authentication (2FA), and using secure, user-friendly interfaces are essential measures to reduce these risks.

5.2. Scalability Issues

Scalability is a crucial aspect, especially given the high transaction volumes that educational systems might need to handle, particularly during peak times such as enrollment periods. High transaction volumes can overwhelm the blockchain network, leading to slow transaction processing and high fees.
Blockchain networks, particularly those using proof-of-work consensus mechanisms, often face scalability challenges. As more data are added, the network can become congested, leading to slower transaction speeds and higher costs. In an educational context, where large volumes of student records and credentials need to be processed quickly, these limitations can hinder efficiency. Transitioning to more scalable blockchain solutions, like those using proof-of-stake consensus, can help mitigate these issues. Additionally, institutions can implement hybrid models that store only essential data on-chain while keeping larger datasets off-chain to improve performance without compromising security and integrity. Utilizing Layer 2 scaling solutions like sidechains and state channels, implementing sharding to distribute the load across multiple shards, and choosing blockchain platforms known for high throughput and scalability are effective ways to address these concerns [121].
In addition, storing large amounts of educational data on the blockchain can lead to bloating and inefficiencies. A practical approach is to store only essential data on-chain, such as hashes of credentials, and use off-chain storage solutions like an InterPlanetary File System (IPFS) or decentralized storage networks for larger data [122]. Ensuring seamless integration between on-chain and off-chain storage is crucial for maintaining efficiency and performance.

5.3. Privacy Risks

Privacy risks are significant in SSI implementations. Data leakage, even though the blockchain is secure, can occur due to improper handling or design flaws, compromising student privacy [123]. Privacy-preserving technologies such as zero-knowledge proofs (ZKPs) and selective disclosure methods can help mitigate this risk. Implementing access control mechanisms to ensure that only authorized parties can access sensitive information is also vital. Correlation attacks are another privacy concern. If multiple transactions or interactions can be correlated, it might lead to the re-identification of pseudonymous users [124]. Techniques to minimize linkability, such as using different DIDs for different interactions (pseudonymization) and employing mixers or CoinJoin-like protocols to obfuscate transaction trails, can help protect user privacy.

5.4. Data Retention Risks

Deploying Ba-SSI in the education domain introduces data retention risks due to the immutable nature of blockchain [125]. Once data are written to the blockchain, it cannot be altered or deleted, which can conflict with data-protection regulations like GDPR that require the ability to erase personal data. This immutability poses challenges in managing outdated or incorrect information, potentially leading to privacy concerns. To mitigate these risks, institutions can use off-chain storage for sensitive data, storing only essential metadata or cryptographic hashes on-chain. This approach allows for data modification or deletion off-chain while maintaining the integrity and verification capabilities of the blockchain. Additionally, implementing robust encryption techniques ensures that even if data are retained, they remain inaccessible without proper authorization. Research into privacy-preserving technologies like zero-knowledge proofs and homomorphic encryption can further enhance data protection.

5.5. Interoperability Issues

Interoperability is critical for ensuring that various educational institutions and systems can seamlessly interact and share data. Protocol fragmentation, where different institutions adopt different blockchain platforms and SSI protocols, can lead to fragmentation and interoperability issues. Adhering to widely accepted standards such as the W3C’s DID and verifiable credentials (VC) specifications and using cross-chain interoperability solutions and bridges can facilitate communication between different blockchain networks. Vendor lock-in is another risk, where reliance on proprietary solutions or specific blockchain platforms can reduce flexibility and increase long-term costs. Preferring open source, standards-based solutions and ensuring the architecture supports easy migration and integration with other systems can help mitigate this risk.

5.6. Governance and Compliance Issues

Governance challenges are inherent in managing a decentralized identity system. Decentralized governance involves coordinating updates, resolving disputes, and making collective decisions, all of which can be complex. Establishing clear governance frameworks and processes and using decentralized autonomous organizations (DAOs) or multi-stakeholder governance models can ensure fair and efficient decision-making. Regulatory compliance is also a significant concern. Compliance with data-protection regulations (e.g., GDPR, FERPA (Family Education Rights and Protection Act (FERPA), https://studentprivacy.ed.gov/ferpa, accessed on 11 December 2024)) can be challenging in a decentralized environment. Designing the system with privacy by design and privacy by default principles, ensuring necessary controls, and obtaining legal advice are essential for regulatory compliance.

5.7. Staff Malfeasance

Digital ID systems can be vulnerable to malfeasance by the employees of ID providers and requesting parties. This risk arises when individuals with access to sensitive information misuse their privileges. Employees might exploit their access to alter, steal, or sell personal data for financial gain or other malicious purposes. Insider threats are particularly concerning because these individuals often have legitimate access to sensitive systems, making their actions harder to detect. Additionally, requesting parties might misuse data by accessing more information than necessary or sharing it without consent. Implementing strict access controls, conducting regular audits, and fostering a culture of accountability and ethics within organizations are essential to mitigate these risks. Moreover, employing advanced monitoring systems to detect unusual access patterns can help identify and prevent potential malfeasance.

5.8. Technical Complexities Risks

Implementing and maintaining blockchain infrastructure in education involves navigating significant technical complexities. Blockchain technology, while secure, demands advanced infrastructure, including secure networks, cryptographic protocols, and interoperability layers. Educational institutions face challenges such as high deployment and maintenance costs, integration with legacy systems, and a shortage of skilled professionals. Misconfigurations or errors can lead to vulnerabilities, exposing systems to attacks. Additionally, blockchain networks must ensure scalability and performance to handle high transaction volumes, as issues like network congestion and latency can hinder operations, as seen in public blockchains like Ethereum.
The choice of consensus mechanisms, such as PoW or PoS, also impacts security and efficiency. PoW is energy-intensive, while PoS may pose centralization risks. Hybrid or novel mechanisms can help balance these trade-offs. Integration complexity is another challenge, as combining SSI with existing systems like student information systems requires middleware, APIs, and thorough testing to ensure interoperability and reduce errors.
Despite these challenges, adopting best practices in security, scalability, privacy, interoperability, and governance can mitigate risks. By addressing these technical and design issues, educational institutions can leverage Ba-SSI to create secure, scalable, and interoperable identity management systems, enhancing the educational experience while minimizing potential risks.

5.9. Ethical Considerations Beyond Technical Safeguards

Deploying Ba-SSI in education requires ethical considerations, requiring a holistic approach to ensure fairness, transparency, and accountability. Data privacy is addressed through informed consent, data minimization, and empowering users to control their data, alongside compliance with regulations like GDPR or FERPA. Transparency mechanisms, such as audit trails, ensure accountability in data usage. To tackle biases in models, diverse and representative datasets are used, complemented by regular bias audits, stakeholder involvement, and explainable algorithms to ensure fairness and inclusive. Continuous monitoring and feedback help identify and correct biases over time.
Broader ethical frameworks emphasize equity and accessibility, ensuring the technology is inclusive and avoids surveillance or overreach. Promoting trust and fairness fosters a culture of inclusivity, while ethical governance structures, such as ethics committees, align technology deployment with societal values. Education and awareness initiatives are also critical, providing training for developers on ethical principles and educating users about their rights and responsibilities. Encouraging ethical literacy among stakeholders helps them understand the risks and benefits of the technology.
By integrating technical safeguards with ethical policies, stakeholder engagement, and education, Ba-SSI can be deployed responsibly in education. This approach ensures the technology not only addresses technical challenges but also aligns with societal values, promoting equity, transparency, and the well-being of all users.

6. Future Work

To effectively deploy Ba-SSI in the academic domain, a few key future developments have been outlined and must be addressed as part of future research and implementation efforts.

6.1. Establish of Supervision

Establishing a supervisory mechanism to monitor and check compliance with smart contracts and privacy protection measures is essential. This would involve the creating of an independent oversight body or a consortium of stakeholders, including educational institutions, regulatory agencies, and technology providers. This supervisory entity would review and approve the smart contract code used in the Ba-SSI system, ensuring that embedded rules and policies align with data privacy regulations, such as the GDPR and the principles of SSI. Additionally, the supervisory body would periodically audit the implementation of privacy protection measures, such as zero-knowledge proofs, differential privacy techniques, and access-control mechanisms, to verify their effectiveness and adherence to best practices. This layer of supervision would help build trust among all the parties involved: students, academia, and educational institutions, assuring them that their sensitive data is handled securely and in compliance with relevant regulations.

6.2. Establish of Standardization

The development of global DIDs and standardizations is essential for facilitating seamless credential management and verification across different educational institutions and jurisdictions. The lack of interoperability and standardization poses a significant challenge to the widespread adoption of blockchain-assisted SSI in the academic domain. By establishing globally recognized DID standards and protocols, educational institutions can ensure that student credentials and academic records are easily transferable and verifiable, regardless of the specific Ba-SSI platform or solution. This would enable students to maintain a portable, self-sovereign digital identity that can be used to access educational services, apply for jobs, or pursue further education opportunities across different organizations. Standardization efforts should also address the revocation and lifecycle management of these digital credentials, ensuring that the system remains secure and responsive to changes in a student’s educational status or personal circumstances.

6.3. Integration with Other Technologies

Integrating IoT devices can facilitate real-time data exchange and verification within the SSI ecosystem. For example, IoT-enabled sensors in educational environments can automatically track attendance and achievements, securely transmitting these data to a blockchain, streamlining record-keeping and ensuring accuracy. Artificial Intelligence also plays a crucial role in enhancing the efficiency of SSI systems. AI algorithms can analyze user behaviour and identity data, enabling predictive analytics for personalized learning experiences and proactive fraud detection. By automating verification processes, AI can significantly reduce the time and resources required for credential validation, while simultaneously building trust and increasing efficiency within the educational system. This integration paves the way for a more innovative and secure learning landscape.
Furthermore, Augmented Reality (AR) and Virtual Reality (VR) offer innovative ways to interact with digital identities in educational settings. AR/VR can create immersive environments where learners engage with their digital identities meaningfully, enhancing collaboration and engagement and fostering personalized learning experiences with other players.

6.4. Enhance User Experience and Adoption

Notwithstanding, the successful implementation of Ba-SSI in education ultimately depends on the seamless integration and adoption by students, educators, and administrative staff. Future research should prioritize the user experience (UX) design and interface development of SSI applications and wallets, ensuring they are intuitive, accessible, and tailored to the specific needs of the education community. This includes investigating user-centric approaches to credential management, data sharing, and identity verification that empower individuals and minimize the learning curve. Additionally, research should explore effective adoption strategies and change management protocols to facilitate the transition from traditional identity management systems to Ba-SSI, addressing the concerns and resistance that may arise within the education ecosystem.

6.5. Improve Interoperability

The education sector comprises a diverse array of institutions, from primary schools to universities, each with its systems and data management practices. The condition gets more complicated when multiple institutions from cross-regions or countries. Achieving true interoperability between these disparate systems is crucial for the widespread adoption of Ba-SSI. Future research should focus on developing standardized protocols, APIs, and data models that enable seamless data exchange and credential recognition across different educational institutions and jurisdictions. This would allow students to easily transfer their academic records and qualifications between schools, universities, and even potential employers, without the need for manual verification or data reconciliation. Additionally, research should explore governance models and incentive structures that foster cross-institutional or cross-regional collaboration and the development of shared SSI ecosystems within the education domain.

6.6. Fostering Governance and Regulatory Alignment

The deployment of Ba-SSI in education must consider the evolving regulatory landscape and the need for robust governance frameworks. Future research should examine the alignment of SSI solutions with data privacy regulations, such as the GDPR and regional data protection laws. This includes investigating the use of verifiable credentials, DIDs, and other SSI components to ensure compliance with data subject rights, consent management, and data portability requirements. Additionally, research should explore the development of governance models that involve key stakeholders, including educational institutions, students, regulatory bodies, and technology providers, to establish clear rules, policies, and accountability measures for the effective and responsible management of the SSI ecosystem in the education sector.
By addressing these key research directions, the education sector can leverage the synergies between blockchain and self-sovereign identity (SSI) to achieve the following: establish robust supervisory mechanisms to ensure compliance and privacy protection; develop global standards and interoperability protocols to enable seamless credential management and verification across institutions; integrate Ba-SSI solutions seamlessly with existing educational management systems and technologies; enhance the user experience and drive widespread adoption among students, educators, and administrative staff; and foster effective governance frameworks and regulatory alignment to build trust and accountability within the ecosystem. The overarching goal is to transform the way digital identities are managed, data are secured, and learning experiences are personalized, ultimately empowering students, educators, and the entire educational community through the innovative application of blockchain technology.

7. Conclusions

Blockchain-assisted Self-Sovereign Identity (Ba-SSI) represents a transformative approach to digital identity management, offering enhanced security, privacy, and user control. By leveraging blockchain technology, SSI enables individuals to own and manage their identities independently without relying on centralized authorities. However, several challenges and risks must be addressed to realize the full potential of SSI, including interoperability, scalability, security, and regulatory compliance.
This paper offers a comprehensive survey of Ba-SSI, exploring its fundamental principles, existing frameworks, and future directions. By synthesizing insights from academic literature, it aims to guide researchers and practitioners in developing secure, scalable, and user-centric identity solutions. As the digital identity landscape evolves, Ba-SSI promises to empower individuals and transform how identities are managed and verified in the digital age.
The integration of blockchain and SSI has shown substantial potential across various domains, including finance, healthcare, supply-chain, and education. It enhances data privacy, portability, transparency, integrity, and establishes a secure and trustworthy decentralized framework. Additionally, blockchain technology often converges with other advanced technologies like machine learning and IoT, which have substantial transformative capabilities in academia. Consolidation of blockchain and SSI within the educational system is crucial to ensure decentralization, privacy, integrity, consistency, and immutability. Nonetheless, several challenges associated with blockchain and SSI have been identified, highlighting the need for further developments before comprehensive deployment in the academic sector. This survey aims to provide education researchers and stakeholders with a clear perspective on the implications of blockchain-enabled SSI in education, thus fostering further research efforts in this emerging field.

Author Contributions

Conceptualization, W.C. and K.G.; methodology, W.C.; software, W.C.; validation, W.C. and K.G.; formal analysis, W.C.; investigation, W.C.; resources, W.C.; data curation, W.C.; writing—original draft preparation, W.C.; writing—review and editing, W.C.; visualization, W.C.; supervision, K.G., J.Y. and L.Z.; project administration, J.Y. and L.Z.; funding acquisition, K.G. and L.Z. All authors have read and agreed to the published version of the manuscript.

Funding

This work is supported by the National Natural Science Foundation of China (Grant No. U24B200674 and Grant No. 62372044), China Scholarship Council (CSC), and the Public Service Department of Malaysia (PSD) for their support.

Data Availability Statement

Information presented in this article was obtained from articles published by various publishers and databases.

Conflicts of Interest

The authors declare no conflicts of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript; or in the decision to publish the results.

References

  1. Liu, H.; Li, K.; Chen, Y.; Luo, X.R. Is personally identifiable information really more valuable? Evidence from consumers’ willingness-to-accept valuation of their privacy information. Decis. Support Syst. 2023, 173, 114010. [Google Scholar] [CrossRef]
  2. Ulven, J.B.; Wangen, G. A systematic review of cybersecurity risks in higher education. Future Internet 2021, 13, 39. [Google Scholar] [CrossRef]
  3. Sudrastawa, I.P.A.; Ayanto, K.Y.E. Sensitive Personal Data Publication on Higher Education Information System Websites in Indonesia. In Proceedings of the 2019 2nd International Conference of Computer and Informatics Engineering (IC2IE), Banyuwangi, Indonesia, 10–11 September 2019; pp. 93–98. [Google Scholar]
  4. Liu, S.; Ba, L. Blockchain technology and its application prospect in higher education. In Proceedings of the 13th International Conference on Education Technology and Computers, Wuhan, China, 22–25 October 2021; pp. 237–242. [Google Scholar]
  5. Shrestha, A.; Graham, D.M.; Dumaru, P.; Paudel, R.; Searle, K.A.; Al-Ameen, M.N. Understanding the Behavior, Challenges, and Privacy Risks in Digital Technology Use by Nursing Professionals. Proc. ACM-Hum.-Comput. Interact. 2022, 6, 1–22. [Google Scholar] [CrossRef]
  6. Cheesman, M. Self-sovereignty for refugees? The contested horizons of digital identity. Geopolitics 2022, 27, 134–159. [Google Scholar] [CrossRef]
  7. Ishmaev, G. Sovereignty, privacy, and ethics in blockchain-based identity management systems. Ethics Inf. Technol. 2021, 23, 239–252. [Google Scholar] [CrossRef] [PubMed]
  8. Gai, K.; Wang, S.; Zhao, H.; She, Y.; Zhang, Z.; Zhu, L. Blockchain-Based Multisignature Lock for UAC in Metaverse. IEEE Trans. Comput. Soc. Syst. 2023, 10, 2201–2213. [Google Scholar] [CrossRef]
  9. Alzahrani, S.; Daim, T.; Choo, K.K.R. Assessment of the blockchain technology adoption for the management of the electronic health record systems. IEEE Trans. Eng. Manag. 2022, 70, 2846–2863. [Google Scholar] [CrossRef]
  10. Gai, K.; She, Y.; Zhu, L.; Choo, K.K.R.; Wan, Z. A blockchain-based access control scheme for zero trust cross-organizational data sharing. ACM Trans. Internet Technol. 2023, 23, 1–25. [Google Scholar] [CrossRef]
  11. Gai, K.; Zhang, Y.; Qiu, M.; Thuraisingham, B. Blockchain-enabled service optimizations in supply chain digital twin. IEEE Trans. Serv. Comput. 2022, 16, 1673–1685. [Google Scholar] [CrossRef]
  12. Truong, V.T.; Le, L.B.; Niyato, D. Blockchain meets metaverse and digital asset management: A comprehensive survey. IEEE Access 2023, 11, 26258–26288. [Google Scholar] [CrossRef]
  13. Schlatt, V.; Sedlmeir, J.; Feulner, S.; Urbach, N. Designing a framework for digital KYC processes built on blockchain-based self-sovereign identity. Inf. Manag. 2022, 59, 103553. [Google Scholar] [CrossRef]
  14. Adamyk, B.; Benson, V.; Adamyk, O.; Liashenko, O. Risk Management in DeFi: Analyses of the Innovative Tools and Platforms for Tracking DeFi Transactions. J. Risk Financ. Manag. 2025, 18, 38. [Google Scholar] [CrossRef]
  15. Tan, E.; Mahula, S.; Crompvoets, J. Blockchain governance in the public sector: A conceptual framework for public management. Gov. Inf. Q. 2022, 39, 101625. [Google Scholar] [CrossRef]
  16. Das, D.; Banerjee, S.; Chatterjee, P.; Ghosh, U.; Biswas, U. Blockchain for intelligent transportation systems: Applications, challenges, and opportunities. IEEE Internet Things J. 2023, 10, 18961–18970. [Google Scholar] [CrossRef]
  17. Trequattrini, R.; Palmaccio, M.; Turco, M.; Manzari, A. The contribution of blockchain technologies to anti-corruption practices: A systematic literature review. Bus. Strategy Environ. 2022, 33, 4–18. [Google Scholar] [CrossRef]
  18. Amith, K.; Sanjay, H.; Mahadevan, A.; Harshita, K.; Eshwar, D.; Shastry, K.A. Performance driven Hyperledger Fabric-based blockchain framework for mass e-voting in India. Int. J. Inf. Comput. Secur. 2023, 21, 109–134. [Google Scholar] [CrossRef]
  19. Alamri, B.; Crowley, K.; Richardson, I. Blockchain-based identity management systems in health IoT: A systematic review. IEEE Access 2022, 10, 59612–59629. [Google Scholar] [CrossRef]
  20. Kapadiya, K.; Patel, U.; Gupta, R.; Alshehri, M.D.; Tanwar, S.; Sharma, G.; Bokoro, P.N. Blockchain and AI-Empowered Healthcare Insurance Fraud Detection: An Analysis, Architecture, and Future Prospects. IEEE Access 2022, 10, 79606–79627. [Google Scholar] [CrossRef]
  21. Kiania, K.; Jameii, S.M.; Rahmani, A.M. Blockchain-based privacy and security preserving in electronic health: A systematic review. Multimed. Tools Appl. 2023, 82, 28493–28519. [Google Scholar] [CrossRef] [PubMed]
  22. ITU-T FG DLT. Distributed Ledger Technology Terms and Definitions. Tech. Specif. FG DLT D1.1 2019. Available online: https://www.itu.int/en/ITU-T/focusgroups/dlt/Documents/d11.pdf (accessed on 11 December 2024).
  23. Queiruga-Dios, A.; Pérez, J.J.B.; Encinas, L.H. Self-Sovereign Identity in University Context. In Proceedings of the 2022 31st Conference of Open Innovations Association (FRUCT), Helsinki, Finland, 27–29 April 2022; pp. 259–264. [Google Scholar]
  24. Shuaib, M.; Hassan, N.H.; Usman, S.; Alam, S.; Bhatia, S.; Mashat, A.; Kumar, A.; Kumar, M. Self-sovereign identity solution for blockchain-based land registry system: A comparison. Mob. Inf. Syst. 2022, 2022, 8930472. [Google Scholar] [CrossRef]
  25. Große-Bölting, G.; Gerstenberger, D.; Gildehaus, L.; Mühling, A.; Schulte, C. Identity in higher computer education research: A systematic literature review. ACM Trans. Comput. Educ. 2023, 23, 1–35. [Google Scholar] [CrossRef]
  26. Satybaldy, A.; Ferdous, M.S.; Nowostawski, M. A taxonomy of challenges for self-sovereign identity systems. IEEE Access 2024, 12, 16151–16177. [Google Scholar] [CrossRef]
  27. Ye, T.; Luo, M.; Yang, Y.; Choo, K.K.R.; He, D. A Survey on Redactable Blockchain: Challenges and Opportunities. IEEE Trans. Netw. Sci. Eng. 2023, 10, 1669–1683. [Google Scholar] [CrossRef]
  28. Olivia, W.; Owen, S.; Anu, M.; James, M.; Jacqques, B.; Deepa, M.; Jacques, B.; Michael, M. Digital Identification: A Key to Inclusive Growth. 2019. McKinsey Global Institute. Available online: https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/digital-identification-a-key-to-inclusive-growth (accessed on 16 October 2024).
  29. Zhou, L.; Diro, A.; Saini, A.; Kaisar, S.; Hiep, P.C. Leveraging zero knowledge proofs for blockchain-based identity sharing: A survey of advancements, challenges and opportunities. J. Inf. Secur. Appl. 2024, 80, 103678. [Google Scholar] [CrossRef]
  30. Alizadeh, M.; Andersson, K.; Schelén, O. Comparative analysis of decentralized identity approaches. IEEE Access 2022, 10, 92273–92283. [Google Scholar] [CrossRef]
  31. Guo, Y.; Liang, H.; Zhu, L.; Gai, K. Zk-SNARKs-Based Anonymous Payment Channel in Blockchain. Blockchains 2024, 2, 20–39. [Google Scholar] [CrossRef]
  32. Yildiz, H.; Ritter, C.; Nguyen, L.T.; Frech, B.; Martinez, M.M.; Küpper, A. Connecting self-sovereign identity with federated and user-centric identities via saml integration. In Proceedings of the 2021 IEEE Symposium on Computers and Communications (ISCC), Athens, Greece, 5–8 September 2021; pp. 1–7. [Google Scholar]
  33. Mahnamfar, A.; Bicakci, K.; Uzunay, Y. ROSTAM: A passwordless web single sign-on solution mitigating server breaches and integrating credential manager and federated identity systems. Comput. Secur. 2024, 139, 103739. [Google Scholar] [CrossRef]
  34. Glöckler, J.; Sedlmeir, J.; Frank, M.; Fridgen, G. A systematic review of identity and access management requirements in enterprises and potential contributions of self-sovereign identity. Bus. Inf. Syst. Eng. 2024, 66, 421–440. [Google Scholar] [CrossRef]
  35. Sousa, P.R.; Resende, J.S.; Martins, R.; Antunes, L. The case for blockchain in IoT identity management. J. Enterp. Inf. Manag. 2022, 35, 1477–1505. [Google Scholar] [CrossRef]
  36. Van Delft, B.; Oostdijk, M. A security analysis of OpenID. In Proceedings of the IFIP Working Conference on Policies and Research in Identity Management, Oslo, Norway, 18–19 November 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 73–84. [Google Scholar]
  37. Recordon, D.; Reed, D. OpenID 2.0: A platform for user-centric identity management. In Proceedings of the Second ACM workshop on Digital Identity Management, Alexandria, VA, USA, 3 November 2006; ACM: New York, NY, USA, 2006; pp. 11–16. [Google Scholar]
  38. Sucasas, V.; Mantas, G.; Radwan, A.; Rodriguez, J. An OAuth2-based protocol with strong user privacy preservation for smart city mobile e-Health apps. In Proceedings of the 2016 IEEE International Conference on Communications (ICC), Kuala Lumpur, Malaysia, 22–27 May 2016; pp. 1–6. [Google Scholar]
  39. Johnson, A.D.; Alom, I.; Xiao, Y. Rethinking Single Sign-On: A Reliable and Privacy-Preserving Alternative with Verifiable Credentials. In Proceedings of the 10th ACM Workshop on Moving Target Defense, Copenhagen, Denmark, 26 November 2023; ACM: New York, NY, USA, 2023; pp. 25–28. [Google Scholar]
  40. Wilson, Y.; Hingnikar, A. Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0; Springer: Berlin/Heidelberg, Germany, 2019. [Google Scholar]
  41. Lyastani, S.G.; Schilling, M.; Neumayr, M.; Backes, M.; Bugiel, S. Is FIDO2 the kingslayer of user authentication? A comparative usability study of FIDO2 passwordless authentication. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 18–21 May 2020; pp. 268–285. [Google Scholar]
  42. Mahdad, A.T.; Jubur, M.; Saxena, N. Breaching Security Keys without Root: FIDO2 Deception Attacks via Overlays exploiting Limited Display Authenticators. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, USA, 14–18 October 2024; pp. 1686–1700. [Google Scholar]
  43. Kumar, A.; Saha, R.; Conti, M.; Kumar, G.; Buchanan, W.J.; Kim, T.H. A comprehensive survey of authentication methods in Internet-of-Things and its conjunctions. J. Netw. Comput. Appl. 2022, 204, 103414. [Google Scholar] [CrossRef]
  44. Bendiab, G.; Shiaeles, S.; Boucherkha, S.; Ghita, B. FCMDT: A novel fuzzy cognitive maps dynamic trust model for cloud federated identity management. Comput. Secur. 2019, 86, 270–290. [Google Scholar] [CrossRef]
  45. Golla, M.; Ho, G.; Lohmus, M.; Pulluri, M.; Redmiles, E.M. Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns. In Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Virtual Event, 11–13 August 2021; pp. 109–126. [Google Scholar]
  46. Lewis, K.D. Web single sign-on authentication using SAML. arXiv 2009, arXiv:0909.2368. [Google Scholar]
  47. Gai, K.; Wu, Y.; Zhu, L.; Qiu, M.; Shen, M. Privacy-preserving energy trading using consortium blockchain in smart grid. IEEE Trans. Ind. Inform. 2019, 15, 3548–3558. [Google Scholar] [CrossRef]
  48. Grüner, A.; Mühle, A.; Meinel, C. An integration architecture to enable service providers for self-sovereign identity. In Proceedings of the 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), Cambridge, MA, USA, 26–28 September 2019; pp. 1–5. [Google Scholar]
  49. Moreno, R.T.; García-Rodríguez, J.; Bernabé, J.B.; Skarmeta, A. A Trusted Approach for Decentralised and Privacy-Preserving Identity Management. IEEE Access 2021, 9, 105788–105804. [Google Scholar] [CrossRef]
  50. Schardong, F.; Custódio, R. Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy. Sensors 2022, 22, 5641. [Google Scholar] [CrossRef]
  51. Zeydan, E.; Blanco, L.; Mangues-Bafalluy, J.; Arslan, S.S.; Turk, Y.; Yadav, A.K.; Liyanage, M. Blockchain-based self-sovereign identity: Taking control of identity in federated learning. IEEE Open J. Commun. Soc. 2024, 5, 5764–5781. [Google Scholar] [CrossRef]
  52. Sporny, M.; Longley, D.; Sabadello, M.; Reed, D.; Steele, O.; Allen, A. Decentralized Identifiers (DIDs) v1.0: Core Architecture, Data Model, and Representations. 2022. Available online: https://www.w3.org/TR/did-1.0/ (accessed on 16 May 2023).
  53. Xie, T.; Zhang, Y.; Gai, K.; Xu, L. Cross-chain-based decentralized identity for mortgage loans. In Proceedings of the Knowledge Science, Engineering and Management: 14th International Conference, KSEM 2021, Tokyo, Japan, 14–16 August 2021; Proceedings, Part III 14. Springer: Berlin/Heidelberg, Germany, 2021; pp. 619–633. [Google Scholar]
  54. Sober, M.; Scaffino, G.; Schulte, S. Cross-blockchain communication using Oracles with an off-chain aggregation mechanism based on zk-SNARKs. Distrib. Ledger Technol. Res. Pract. 2024, 3, 1–24. [Google Scholar] [CrossRef]
  55. Lin, C.; Luo, M.; Huang, X.; Choo, K.K.R.; He, D. An efficient privacy-preserving credit score system based on noninteractive zero-knowledge proof. IEEE Syst. J. 2021, 16, 1592–1601. [Google Scholar] [CrossRef]
  56. Athalye, A.; Kaashoek, M.F.; Zeldovich, N. Verifying hardware security modules with Information-Preserving refinement. In Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22), Carlsbad, CA, USA, 11–13 July 2022; pp. 503–519. [Google Scholar]
  57. Tessaro, S.; Zhu, C. Threshold and multi-signature schemes from linear hash functions. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Cham, Switzerland, 2023; pp. 628–658. [Google Scholar]
  58. Daniel, E.; Tschorsch, F. IPFS and friends: A qualitative comparison of next generation peer-to-peer data networks. IEEE Commun. Surv. Tutor. 2022, 24, 31–52. [Google Scholar] [CrossRef]
  59. Zhang, Y.; Gai, K.; Xiao, J.; Zhu, L.; Choo, K.K.R. Blockchain-empowered efficient data sharing in Internet of Things settings. IEEE J. Sel. Areas Commun. 2022, 40, 3422–3436. [Google Scholar] [CrossRef]
  60. Gai, K.; Guo, J.; Zhu, L.; Yu, S. Blockchain Meets Cloud Computing: A Survey. IEEE Commun. Surv. Tutor. 2020, 22, 2009–2030. [Google Scholar] [CrossRef]
  61. Merkle, R.C. A digital signature based on a conventional encryption function. In Conference on the Theory and Application of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 1987; pp. 369–378. [Google Scholar]
  62. Xiao, J.; Chang, J.; Lin, L.; Li, B.; Dai, X.; Xiong, Z.; Choo, K.K.R.; Gai, K.; Jin, H. Cloak: Hiding Retrieval Information in Blockchain Systems via Distributed Query Requests. IEEE Trans. Serv. Comput. 2024, 17, 3213–3226. [Google Scholar] [CrossRef]
  63. Gai, K.; Hu, Z.; Zhu, L.; Wang, R.; Zhang, Z. Blockchain meets DAG: A BlockDAG consensus mechanism. In Proceedings of the Algorithms and Architectures for Parallel Processing: 20th International Conference, ICA3PP 2020, New York City, NY, USA, 2–4 October 2020; Proceedings, Part III 20. Springer: Berlin/Heidelberg, Germany, 2020; pp. 110–125. [Google Scholar]
  64. Malakhov, I.; Marin, A.; Rossi, S. Analysis of the confirmation time in proof-of-work blockchains. Future Gener. Comput. Syst. 2023, 147, 275–291. [Google Scholar] [CrossRef]
  65. Li, A.; Wei, X.; He, Z. Robust proof of stake: A new consensus protocol for sustainable blockchain systems. Sustainability 2020, 12, 2824. [Google Scholar] [CrossRef]
  66. Castro, M.; Liskov, B. Practical byzantine fault tolerance. In Proceedings of the 3rd Symposium on Operting Systems Design and Implementation, OSDI ’99, New Orleans, LA, USA, 22–25 February 1999; Volume 99, pp. 173–186. [Google Scholar]
  67. Castro, M.; Liskov, B. Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. (TOCS) 2002, 20, 398–461. [Google Scholar] [CrossRef]
  68. Rajasekaran, A.S.; Azees, M.; Al-Turjman, F. A comprehensive survey on blockchain technology. Sustain. Energy Technol. Assess. 2022, 52, 102039. [Google Scholar] [CrossRef]
  69. Zhou, X.; Xu, Z.; Wang, C.; Gao, M. PPMLAC: High performance chipset architecture for secure multi-party computation. In Proceedings of the 49th Annual International Symposium on Computer Architecture, New York, NY, USA, 18–22 June 2022; pp. 87–101. [Google Scholar]
  70. Escudero, D.; Goyal, V.; Polychroniadou, A.; Song, Y. Turbopack: Honest majority MPC with constant online communication. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA, 7–11 November 2022; pp. 951–964. [Google Scholar]
  71. Brakerski, Z.; Yuen, H. Quantum garbled circuits. In Proceedings of the 54th Annual ACM SIGACT Symposium on Theory of Computing, Rome, Italy, 20–24 June 2022; pp. 804–817. [Google Scholar]
  72. Zhang, J.; Cheng, X.; Yang, L.; Hu, J.; Liu, X.; Chen, K. Sok: Fully homomorphic encryption accelerators. ACM Comput. Surv. 2024, 56, 1–32. [Google Scholar] [CrossRef]
  73. Abram, D.; Roy, L.; Scholl, P. Succinct homomorphic secret sharing. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zurich, Switzerland, 26–30 May 2024; Springer: Cham, Switzerland, 2024; pp. 301–330. [Google Scholar]
  74. Shamir, A. How to share a secret. Commun. ACM 1979, 22, 612–613. [Google Scholar] [CrossRef]
  75. Bethencourt, J.; Sahai, A.; Waters, B. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07), Berkeley, CA, USA, 20–23 May 2007; pp. 321–334. [Google Scholar]
  76. Abbaszadeh, K.; Pappas, C.; Katz, J.; Papadopoulos, D. Zero-knowledge proofs of training for deep neural networks. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, USA, 14–18 October 2024; pp. 4316–4330. [Google Scholar]
  77. Pedersen, T.P. Non-interactive and information-theoretic secure verifiable secret sharing. In Proceedings of the Annual International Cryptology Conference, Barbara, CA, USA, 11–15 August 1991; Springer: Berlin/Heidelberg, Germany, 1991; pp. 129–140. [Google Scholar]
  78. Schnorr, C.P. Efficient signature generation by smart cards. J. Cryptol. 1991, 4, 161–174. [Google Scholar] [CrossRef]
  79. Canetti, R.; Chen, Y.; Holmgren, J.; Lombardi, A.; Rothblum, G.N.; Rothblum, R.D.; Wichs, D. Fiat-Shamir: From practice to theory. In Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing, Phoenix, AZ, USA, 23–26 June 2019; ACM: New York, NY, USA, 2019; pp. 1082–1090. [Google Scholar]
  80. Bünz, B.; Bootle, J.; Boneh, D.; Poelstra, A.; Wuille, P.; Maxwell, G. Bulletproofs: Short proofs for confidential transactions and more. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 20–24 May 2018; pp. 315–334. [Google Scholar]
  81. Ben-Sasson, E.; Chiesa, A.; Genkin, D.; Tromer, E.; Virza, M. SNARKs for C: Verifying program executions succinctly and in zero knowledge. In Proceedings of the Advances in Cryptology–CRYPTO 2013: 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, 18–22 August 2013; Proceedings, Part II. Springer: Berlin/Heidelberg, Germany, 2013; pp. 90–108. [Google Scholar]
  82. Wei, L.; Wu, J.; Long, C. Facilitating Development of Higher Education Informatization Using Blockchain Technology. In Proceedings of the The 2022 4th International Conference on Blockchain Technology, ICBCT’22, New York, NY, USA, 25–27 March 2022; pp. 131–136. [Google Scholar] [CrossRef]
  83. Guillén-Gámez, F.D.; Cabero-Almenara, J.; Llorente-Cejudo, C.; Palacios-Rodríguez, A. Differential analysis of the years of experience of higher education teachers, their digital competence and use of digital resources: Comparative research methods. Technol. Knowl. Learn. 2022, 27, 1193–1213. [Google Scholar] [CrossRef]
  84. Chen, X.; Zou, D.; Cheng, G.; Xie, H.; Jong, M. Blockchain in smart education: Contributors, collaborations, applications and research topics. Educ. Inf. Technol. 2023, 28, 4597–4627. [Google Scholar] [CrossRef]
  85. Khaldi, A.; Bouzidi, R.; Nader, F. Gamification of e-learning in higher education: A systematic literature review. Smart Learn. Environ. 2023, 10, 10. [Google Scholar] [CrossRef]
  86. El Koshiry, A.; Eliwa, E.; Abd El-Hafeez, T.; Shams, M.Y. Unlocking the power of blockchain in education: An overview of innovations and outcomes. Blockchain Res. Appl. 2023, 4, 100165. [Google Scholar] [CrossRef]
  87. Rawas, S. ChatGPT: Empowering lifelong learning in the digital age of higher education. Educ. Inf. Technol. 2024, 29, 6895–6908. [Google Scholar] [CrossRef]
  88. Ezell, A. Degree Mills: The Billion-Dollar Industry That Has Sold Over a Million Fake Diplomas; Prometheus Books: Buffalo, NY, USA, 2012. [Google Scholar]
  89. Marklein, M.B. Credentials Fraud Now a Global Threat for Universities. 2016. Available online: https://www.universityworldnews.com/post.php?story=20160603175611493 (accessed on 16 September 2024).
  90. Haque, M.M.; Adnan, M.N.; Kabir, M.A.; Ahmmad Rashid, M.R.; Mohammad Yasin, A.S.; Pervez, M.S. An innovative approach of verification mechanism for both electronic and printed documents. Int. J. Adv. Comput. Sci. Appl. 2020, 11, 623–627. [Google Scholar] [CrossRef]
  91. Eaton, S.E.; Carmichael, J.J. Fake degrees and credential fraud, contract cheating, and paper mills: Overview and historical perspectives. In Fake Degrees and Fraudulent Credentials in Higher Education; Springer: Berlin/Heidelberg, Germany, 2023; pp. 1–22. [Google Scholar]
  92. Ahmed, M.R.; Islam, A.M.; Shatabda, S.; Islam, S. Blockchain-Based Identity Management System and Self-Sovereign Identity Ecosystem: A Comprehensive Survey. IEEE Access 2022, 10, 113436–113481. [Google Scholar] [CrossRef]
  93. Sozon, M.; Alkharabsheh, O.H.M.; Fong, P.W.; Chuan, S.B. Cheating and plagiarism in higher education institutions (HEIs): A literature review. F1000Research 2024, 13, 788. [Google Scholar] [CrossRef]
  94. Padillah, R. Ghostwriting: A reflection of academic dishonesty in the artificial intelligence era. J. Public Health 2024, 46, e193–e194. [Google Scholar] [CrossRef] [PubMed]
  95. Dempere, J.; Modugu, K.; Hesham, A.; Ramasamy, L.K. The impact of ChatGPT on higher education. Front. Educ. 2023, 8, 1206936. [Google Scholar] [CrossRef]
  96. Hammi, B.; Zeadally, S.; Adja, Y.C.E.; Del Giudice, M.; Nebhen, J. Blockchain-based solution for detecting and preventing fake check scams. IEEE Trans. Eng. Manag. 2021, 69, 3710–3725. [Google Scholar] [CrossRef]
  97. Rustemi, A.; Dalipi, F.; Atanasovski, V.; Risteski, A. A systematic literature review on blockchain-based systems for academic certificate verification. IEEE Access 2023, 11, 64679–64696. [Google Scholar] [CrossRef]
  98. Tan, E.; Lerouge, E.; Du Caju, J.; Du Seuil, D. Verification of education credentials on European Blockchain Services Infrastructure (EBSI): Action research in a cross-border use case between Belgium and Italy. Big Data Cogn. Comput. 2023, 7, 79. [Google Scholar] [CrossRef]
  99. Čučko, Š.; Turkanović, M. Decentralized and self-sovereign identity: Systematic mapping study. IEEE Access 2021, 9, 139009–139027. [Google Scholar] [CrossRef]
  100. Alsobhi, H.A.; Alakhtar, R.A.; Ubaid, A.; Hussain, O.K.; Hussain, F.K. Blockchain-based micro-credentialing system in higher education institutions: Systematic literature review. Knowl.-Based Syst. 2023, 265, 110238. [Google Scholar] [CrossRef]
  101. Jayabalan, J.; Jeyanthi, N. Scalable blockchain model using off-chain IPFS storage for healthcare data security and privacy. J. Parallel Distrib. Comput. 2022, 164, 152–167. [Google Scholar] [CrossRef]
  102. Nadeem, N.; Hayat, M.F.; Qureshi, M.A.; Majid, M.; Nadeem, M.; Janjua, J. Hybrid Blockchain-based Academic Credential Verification System (B-ACVS). Multimed. Tools Appl. 2023, 82, 43991–44019. [Google Scholar] [CrossRef]
  103. Sporny, M.; Zundel, B.; Noble, G.; Burnett, D.; Longley, D. Verifiable Credentials Data Model 1.0. W3C Recommendation, W3C. 2019. Available online: https://www.w3.org/TR/2019/REC-vc-data-model-20191119/ (accessed on 11 October 2024).
  104. Sporny, M.; Zundel, B.; Hartog, K.D.; Noble, G.; Longley, D.; Burnett, D. Verifiable Credentials Data Model v1.1. W3C Recommendation, W3C. 2022. Available online: https://www.w3.org/TR/2022/REC-vc-data-model-20220303/ (accessed on 11 October 2024).
  105. Burnett, D.; Longley, D.; Noble, G.; Sporny, M.; Zundel, B.; Hartog, K.D. Verifiable Credentials Data Model v1.1. W3C Recommendation, W3C. 2021. Available online: https://www.w3.org/TR/2021/REC-vc-data-model-20211109/ (accessed on 11 October 2024).
  106. Al-Tawara, F.; Qasaimeh, M.; Jarad, D.; Al-Qassas, R.S. Utilizing the Blockchain Technology for Higher Education in the Era of Pandemics: A Systematic Review. In Proceedings of the 2023 14th International Conference on Information and Communication Systems (ICICS), Irbid, Jordan, 21–23 November 2023; pp. 1–6. [Google Scholar]
  107. Yin, W. Zero-knowledge proof intelligent recommendation system to protect students’ data privacy in the digital age. Appl. Artif. Intell. 2023, 37, 2222495. [Google Scholar] [CrossRef]
  108. Li, H.; Han, D. EduRSS: A blockchain-based educational records secure storage and sharing scheme. IEEE Access 2019, 7, 179273–179289. [Google Scholar] [CrossRef]
  109. Sunny, F.A.; Hajek, P.; Munk, M.; Abedin, M.Z.; Satu, M.S.; Efat, M.I.A.; Islam, M.J. A systematic review of blockchain applications. IEEE Access 2022, 10, 59155–59177. [Google Scholar] [CrossRef]
  110. Bai, Y.; Lei, H.; Li, S.; Gao, H.; Li, J.; Li, L. Decentralized and self-sovereign identity in the era of blockchain: A survey. In Proceedings of the 2022 IEEE International Conference on Blockchain (Blockchain), Espoo, Finland, 22–25 August 2022; pp. 500–507. [Google Scholar]
  111. Naik, N.; Jenkins, P. uPort open-source identity management system: An assessment of self-sovereign identity and user-centric data platform built on blockchain. In Proceedings of the 2020 IEEE International Symposium on Systems Engineering (ISSE), Vienna, Austria, 12 October–12 November 2020; pp. 1–7. [Google Scholar]
  112. Tobin, A.; Reed, D. The inevitable Rise of Self-Sovereign Identity. Sovrin Found. 2016, 29, 18. [Google Scholar]
  113. Dunphy, P.; Petitcolas, F.A. A first look at identity management schemes on the blockchain. IEEE Secur. Priv. 2018, 16, 20–29. [Google Scholar] [CrossRef]
  114. Weigl, L.; Barbereau, T.; Fridgen, G. The construction of self-sovereign identity: Extending the interpretive flexibility of technology towards institutions. Gov. Inf. Q. 2023, 40, 101873. [Google Scholar] [CrossRef]
  115. Dąbrowski, M.; Pacyna, P. Blockchain-based identity discovery between heterogenous identity management systems. In Proceedings of the 2022 6th International Conference on Cryptography, Security and Privacy (CSP), Tianjin, China, 14–16 January 2022; pp. 131–137. [Google Scholar]
  116. Preukschat, A.; Reed, D. Self-Sovereign Identity; Manning Publications: Shelter Island, NY, USA, 2021. [Google Scholar]
  117. Takemiya, M.; Vanieiev, B. Sora identity: Secure, digital identity on the blockchain. In Proceedings of the 2018 IEEE 42nd Annual Computer Software and Applications Conference (Compsac), Tokyo, Japan, 23–27 July 2018; Volume 2, pp. 582–587. [Google Scholar]
  118. Kassen, M. Understanding decentralized civic engagement: Focus on peer-to-peer and blockchain-driven perspectives on e-participation. Technol. Soc. 2021, 66, 101650. [Google Scholar] [CrossRef]
  119. Ali, M.; Nelson, J.; Shea, R.; Freedman, M.J. Blockstack: A global naming and storage system secured by blockchains. In Proceedings of the 2016 USENIX Annual Technical Conference (USENIX ATC 16), Denver, CO, USA, 22–24 June 2016; pp. 181–194. [Google Scholar]
  120. Otte, P.; de Vos, M.; Pouwelse, J. TrustChain: A Sybil-resistant scalable blockchain. Future Gener. Comput. Syst. 2020, 107, 770–780. [Google Scholar] [CrossRef]
  121. Sguanci, C.; Spatafora, R.; Vergani, A.M. Layer 2 blockchain scaling: A survey. arXiv 2021, arXiv:2107.10881. [Google Scholar]
  122. Dewangan, N.K.; Chandrakar, P.; Kumari, S.; Rodrigues, J.J. Enhanced privacy-preserving in student certificate management in blockchain and interplanetary file system. Multimed. Tools Appl. 2023, 82, 12595–12614. [Google Scholar] [CrossRef]
  123. Wu, T.; Wang, W.; Zhang, C.; Zhang, W.; Zhu, L.; Gai, K.; Wang, H. Blockchain-based anonymous data sharing with accountability for Internet of Things. IEEE Internet Things J. 2022, 10, 5461–5475. [Google Scholar] [CrossRef]
  124. Cheng, W.; Ming, J.; Guilley, S.; Danger, J.L. Statistical higher-order correlation attacks against code-based masking. IEEE Trans. Comput. 2024, 73, 2364–2377. [Google Scholar] [CrossRef]
  125. Zhang, J.; Zha, C.; Zhang, Q.; Ma, S. A Denial-of-Service Attack Based on Selfish Mining and Sybil Attack in Blockchain Systems. IEEE Access 2024, 12, 170309–170320. [Google Scholar] [CrossRef]
Blockchains 03 00003 g001
Figure 1. Architecture of educational digital identity.
Figure 1. Architecture of educational digital identity.
Blockchains 03 00003 g001
Blockchains 03 00003 g002
Figure 2. The evolution of identity management models.
Figure 2. The evolution of identity management models.
Blockchains 03 00003 g002
Blockchains 03 00003 g003
Figure 3. Different identity management model comparisons.
Figure 3. Different identity management model comparisons.
Blockchains 03 00003 g003
Blockchains 03 00003 g004
Figure 4. Verifiable credentials.
Figure 4. Verifiable credentials.
Blockchains 03 00003 g004
Blockchains 03 00003 g005
Figure 5. Decentralized ID architecture.
Figure 5. Decentralized ID architecture.
Blockchains 03 00003 g005
Blockchains 03 00003 g006
Figure 6. Cryptographic techniques.
Figure 6. Cryptographic techniques.
Blockchains 03 00003 g006
Blockchains 03 00003 g007
Figure 7. Main challenges in educational domain.
Figure 7. Main challenges in educational domain.
Blockchains 03 00003 g007
Table 1. A comparison of the contributions between related surveys and our survey.
Table 1. A comparison of the contributions between related surveys and our survey.
AreaDecentralizedTransparencySecurityInteroperabilityImmunityIntegrityAccountabilityPrivacySelf-Governing
[12]Look into managing digital assets in the metaverse.
[13,14]Leverage KYC to regulate and govern customers’ verification
activities to reduce risk due to money laundering.
[15]Deploying blockchain-based identity management in the
South Korean public sector.
[16]Deploy SSI for public transportation, especially in ticketing
issuance for travelling in Europe.
[17]Using blockchain to fight against corruption in nurturing
the business, management, and financial domains.
[18]Supply-chain management, voting, and government
procurement.
[19]Looking into the potential of decentralized technology in
healthcare to give patients control over their identity and
health records while finding the balance of privacy and
portability.
[20,21]Leverage on artificial intelligence to combat healthcare
insurance fraud.
Our workSurvey into applying blockchain and with digital identities
into modernizing and innovating education information
systems based on the challenges encountered. Aims to fill in the
gap of missing surveys that approached the feasibility and
potential benefits of a blockchain-assisted SSI system in
education governance
Table 2. Abbreviations and full forms.
Table 2. Abbreviations and full forms.
AbbreviationFull Forms
SSISelf-Sovereign Identity
PIIPersonal Identifiable Information
ITUInternational Telecommunication Union
IDIdentity
IdMIdentity Management Model
SSOSingle Sign-On
SAMLSecurity Assertion Markup Language
AAAAuthentication, Authorization, and Auditing
DIDDecentralized Identifiers
VCVerifiable Credentials
ZKPsZero-Knowledge Proofs
HSMsHardware Security Modules
IPFSInterPlanetary File System
PoSProof of Stake
PBFTPractical Byzantine Fault Tolerance
NFTsNon-Fungible Tokens
MPCMulti-Party Computation
SSSShamir’s Secret Sharing
ABEAttribute-based Encryption
zk-SNARKZero-Knowledge Succinct Non-Interactive Argument of Knowledge
IoTInternet of Things
Table 3. Counterfeiting types in education domain.
Table 3. Counterfeiting types in education domain.
TypeImpact
Forgery of documentsPaper-based documents can be forged or altered, fake diplomas, transcripts, and certificates can be created with relative ease; advanced technology, difficult for institutions and employers to distinguish between genuine and fraudulent credentials [88].
Misrepresentation of InformationMisrepresent someone’s academic achievements by altering grades, claiming unearned degrees, or providing false information about their educational background, which may lead to unqualified individuals obtaining positions or opportunities they are not entitled to [90].
Credential mills/diploma mills/bogus qualificationsSome unregulated, unrecognised or unlicensed institutions, known as credential mills, produce and sell counterfeit degrees and certificates. They exploit the weaknesses in traditional verification systems, flooding the market with fake credentials and undermining the integrity of legitimate educational qualifications [91,92].
PlagiarismPresenting someone else’s work, ideas, or words as one’s own without proper attribution [93], direct copying and pasting without citation, paraphrasing, or submitting someone’s work as original.
GhostwritingPractice of hiring someone to assist in writing a book, scripts, research papers, or publications without giving credit to the actual writer, but rather submitting the work as one’s own [94], encompasses the use of AI models like OpenAI’s ChatGPT and Baidu’s Ernie.
Table 4. Comparing SSI projects.
Table 4. Comparing SSI projects.
ProjectOpen SourceBlockchain TypeStorageFuture EnhancementsSecurity FeaturesFit for Academic Domain
Sovrin [112]YesPublic Permissioned (Hyperledger Indy)Distributed ledger, on/off-chain storage (e.g., encrypted cloud storage)Integration with other decentralised networks, enhance privacy featuresDecentralised identity ledger, zero-knowledge proofs, strong cryptographyExcellent: Strong focus on privacy and verifiable credentials, suitable for academic certificates and transcripts
uPort [111]YesPublic (Ethereum)On-chain for identifiers, off-chain for data (IPFS, encrypted cloud storage)Enhanced interoperability, scalability solutionsDecentralised identifiers (DIDs), verifiable credentials, smart contractsGood: Ethereum’s smart contracts can manage academic credentials, but scalability may be an issue
EverID [92]No, proprietaryPrivate, proprietaryOff-chain (secure cloud storage)Expansion into financial services and healthcareBiometric verification, secure document storage, multi-factor authenticationModerate: Focus is more on financial services and healthcare
LifeID [92]YesPublic (Ethereum)On-chain for identifiers, off-chain for data (IPFS, encrypted cloud storage)Improved privacy protocols, wider adoptionDecentralised identifiers (DIDs), verifiable credentials, smart contractsGood: Ethereum-based solution with strong security, suitable for academic credentials
Sora [117]YesPublic (Polkadot)On-chain for identifiers, off-chain for data (IPFS, encrypted cloud storage)Integration with Polkadot ecosystem, more DeFi applicationsDecentralised identifiers (DIDs), verifiable credentials, cross-chain identityGood: Decentralised IDs and verifiable credentials suitable for academic records
SelfKey [92]YesPublic (Ethereum)On-chain for identifiers, off-chain for data (IPFS, encrypted cloud storage)Cross-chain interoperability enhanced KYC solutionsDecentralised identifiers (DIDs), verifiable credentials, hardware wallet integrationGood: Ethereum-based solution with strong identity verification features suitable for academic use
ShoCard [110,113]No, proprietaryPublic (Ethereum)Off-chain (encrypted cloud storage)Expansion into more industries, enhanced biometric authenticationBiometric verification, secure document storage, multi-factor authenticationModerate: Primarily focused on financial services and enterprise use cases
WeIdentity [110]No, proprietaryPublic (Consortium, FISCO-BCOS)On-/off-chain (consortium-managed storage)Greater integration within the consortium blockchain, enhanced privacy, and security featuresDecentralised identifiers (DIDs), verifiable credentials, consortium blockchain securityGood: Consortium blockchain offers strong security and privacy, suitable for academic records
Microsoft DID [110]No, partiallyMulti-chain ledger (Azure Cloud)Off-chainDriven by Microsoft’s roadmapAdvanced cryptographic protocolsModerate: Strong integration but non-interoperability
IDchainz [92]YesProprietaryOn-chainCommunity-driven enhancementsDecentralised and cryptographic methodsExcellent: Customizable, flexible, and user-controlled
Civic [118]No, partiallyEthereumOff-chain with on-chain verificationDriven by Civic’s roadmapIdentity theft protection, biometricsModerate: Partially open source nature limits flexibility to expand
Blockstack [119]YesBitcoin or stacks blockchain (Ethereum)Off-chain with on-chain verificationCommunity-driven integrates Web 3.0Strong encryption decentralised IDsGood: Strong privacy and data sovereignty features
Table 5. Ten SSI principles.
Table 5. Ten SSI principles.
PrincipleImpacts
ExistenceUsers have a digital presence of their identities without depending on third parties
ControlUsers have ultimate control over their identity and data, including the ability to manage personal information
AccessUsers can access their data and gain benefits from the solutions
TransparencySystems are open, allowing users to understand how their data are managed and used
PersistenceIdentities are long lasting and not tied to any single provider. Data must be resilient to changes in technology or service providers
PortabilityIdentities can be easily transferred across different platforms and systems
InteroperabilitySystems can work together seamlessly, allowing identities to be widely available and recognized across different platforms
ConsentUsers give explicit permission and have the right to grant or revoke it for data sharing and transactions. It is handled with ethics and trust in digital identity systems
MinimizationOnly necessary data are collected, stored and shared, reducing exposure and protecting the data, which aligns closely with the applicable privacy and international or regional data-protection standards
ProtectionData are secured against unauthorized access and breaches
Table 6. SSI projects’ analysis.
Table 6. SSI projects’ analysis.
ProductExistenceControlAccessTransparencyPersistencePortabilityInteroperabilityConsentMinimizationProtection
SovrinHHHMHHHHHH
uPortHHHHHHHHHH
EverIDHHHMMMMHHM
LifeIDHHHMHMMHHH
SoraMMMMMMMMMM
SelfKeyHHHMHHHHHH
ShocardHHHMMMMMHM
WeIdentityHHHMMMMHHM
Microsoft DIDHHHMHHHHHH
IDchainzHHHMHHHHHH
CivicHHHMHMMHHM
BlockstackHHHHHHHHHH
Note: H—high; M—medium.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Chan, W.; Gai, K.; Yu, J.; Zhu, L. Blockchain-Assisted Self-Sovereign Identities on Education: A Survey. Blockchains 2025, 3, 3. https://doi.org/10.3390/blockchains3010003

AMA Style

Chan W, Gai K, Yu J, Zhu L. Blockchain-Assisted Self-Sovereign Identities on Education: A Survey. Blockchains. 2025; 3(1):3. https://doi.org/10.3390/blockchains3010003

Chicago/Turabian Style

Chan, Weilin, Keke Gai, Jing Yu, and Liehuang Zhu. 2025. "Blockchain-Assisted Self-Sovereign Identities on Education: A Survey" Blockchains 3, no. 1: 3. https://doi.org/10.3390/blockchains3010003

APA Style

Chan, W., Gai, K., Yu, J., & Zhu, L. (2025). Blockchain-Assisted Self-Sovereign Identities on Education: A Survey. Blockchains, 3(1), 3. https://doi.org/10.3390/blockchains3010003

Article Metrics

Back to TopTop