Trustworthy Attestable Decentralised Identity System (Tardis)

值得信赖的可证明去中心化身份系统（Tardis）

• 批准号: 2873098
• 金额: --
• 依托单位: University of Cambridge
• 依托单位国家: 英国
• 项目类别: Studentship
• 财政年份: 2023
• 资助国家: 英国
• 起止时间: 2023 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=studentship-2873098
• 关键词: Trustworthy; Attestable; Decentralised; Identity; System

Identity is an important concept, it is used to represent an entity in such a way that it can be identified from everything else in the same space. In the digital world we need identities for both human entities and virtual objects, typically used before they are permitted to carry out some action or obtain data. However, the internet is not a trusted system, identities formats are decided by the owners or designers of the systems that people or other systems interact with, and security control is inconsistent at best, inexistent at worst. Digital identity has become widely used in recent years for various purposes including legal verification, and this trend is rapidly increasing. It makes use of people's online records (e.g., online purchase history, social media profile) as well as their personal records (e.g., birth date, passport number) compiled together to form an identifier. However, majority of the identity systems are centralised and hence owned by an authority. The authoritative organisations have full control over all identification data used in their systems. When it comes to data being shared in a globalised system, for instance data gathered for climate change analysis, we simply cannot have a single source of authority. The next challenge is the measurement of trustworthiness. A trust system does not imply everything flows is trustworthy, equally even if something is trustworthy, it doesn't mean it should have the power to view or access everything. The main objective of this research is to identify the gaps in existing identity systems and to fix the security concerns. Data sharing is part of our everyday life and already so many problems such as the ones highlighted above are not being prioritised. In this research we will also look into a novel way to represent identities that allows communications and data sharing on a secure need-to-know basis, using multi-dimensional properties of digital identity and the dynamic nature of the context it is in. The owner would choose which subset of their personal data to be disclosed, form a sequence of bytes (e.g. encrypted) that can be transferred safely to a decentralised system where trust could be established and trustworthiness could be determined. The receiving end would have advertised what is the minimal set of data they need for their services and the authorit-y(-ies) they use for the trustworthiness validation. The research will be divided into three main stages:1. Existing design and identify gaps. During this initial stage the project will gather the requirements that define "trustworthiness", considering testability and explainability.2. Based on results from the previous step, this stage is to seek an end to end solution for the identity crisis in the modern digital world. The proposal is to make use of new representation using bigraph as the identity representation, which when combined with Macaroons mechanism we will have a decentralised trust system where (a) users have full control of their own identities; (b) trustworthiness could be measured and verified; and (c) risks associate with centralised system such as authority abuse and security vulnerabilities could be minimised.3. Test and verify the hypothesis. We will need a purposely built decentralised system to simulate the information flows with access control in place at all the servers. A set of scenarios will be provided for the evaluation, and for each scenario a list of use cases along with the expected results will be defined. All identities will be represented using Tardis bigraph notation, and we will test out the system using the Tardis to assess its accuracy, effectiveness, security and performance.

同一性是一个重要的概念，它用来表示一个实体，使其能够与同一空间中的其他事物区分开来。在数字世界中，我们需要人类实体和虚拟物体的身份，通常在它们被允许执行某些操作或获取数据之前使用。然而，互联网不是一个可信的系统，身份格式是由人们或其他系统交互的系统的所有者或设计者决定的，安全控制充其量是不一致的，最坏的情况是不存在。近年来，数字身份已被广泛用于各种目的，包括法律验证，这一趋势正在迅速增长。它利用人们的在线记录（例如，在线购买历史，社交媒体简介）以及他们的个人记录（例如，出生日期，护照号码）汇编在一起形成一个标识符。然而，大多数身份系统都是集中的，因此由权威机构拥有。权威机构完全控制其系统中使用的所有识别数据。当涉及到在全球化系统中共享数据时，例如为气候变化分析收集的数据，我们根本无法拥有单一的权威来源。下一个挑战是衡量可信度。信任系统并不意味着所有流动的东西都是值得信赖的，同样，即使某些东西是值得信赖的，也不意味着它应该有权查看或访问所有东西。本研究的主要目的是确定现有身份系统的差距，并解决安全问题。数据共享是我们日常生活的一部分，已经有很多问题，如上面强调的问题，没有得到优先考虑。在这项研究中，我们还将研究一种新颖的方式来表示身份，利用数字身份的多维属性及其所处环境的动态特性，允许在安全的需要知道的基础上进行通信和数据共享。所有者将选择公开其个人数据的哪个子集，形成一个字节序列（例如加密），可以安全地转移到一个分散的系统，在那里可以建立信任并确定可信度。接收端会宣传他们的服务所需的最小数据集以及他们用于可信度验证的权威。研究将分为三个主要阶段：1。现有设计并找出差距。在这个初始阶段，项目将收集定义“可信度”的需求，考虑可测试性和可解释性。基于前一步的结果，这一阶段是寻求现代数字世界中身份危机的端到端解决方案。我们的建议是使用新的表示，使用graphh作为身份表示，当与macaroon机制结合使用时，我们将拥有一个分散的信任系统，其中(a)用户完全控制自己的身份；(b)可衡量和验证可信性；(c)与集中式系统相关的风险，如权力滥用和安全漏洞可以最小化。测试并验证假设。我们将需要一个专门建立的分散系统来模拟信息流，并在所有服务器上进行访问控制。将为评估提供一组场景，并且将为每个场景定义用例列表以及预期结果。所有身份都将使用塔迪斯图形符号表示，我们将使用塔迪斯对系统进行测试，以评估其准确性、有效性、安全性和性能。