SoK: Trusting Self-Sovereign Identity

Authors: Evan Krul (University of New South Wales/Cyber Security Cooperative Research Centre), Hye-young Paik (University of New South Wales), Sushmita Ruj (University of New South Wales), Salil S. Kanhere (University of New South Wales)

Volume: 2024
Issue: 3
Pages: 297–313
DOI: https://doi.org/10.56553/popets-2024-0079

Download PDF

Abstract: Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities, eliminating reliance on third-party data custodians and reducing the risk of data breaches. However, the concept of trust in SSI remains complex and fragmented. This paper systematically analyzes trust in SSI in light of its components and threats posed by various actors in the system. As a result, we derive three distinct trust models that capture the threats and mitigations identified across SSI literature and implementations. Our work provides a foundational framework for future SSI research and development, including a comprehensive catalogue of SSI components and design requirements for trust, shortcomings in existing SSI systems and areas for further exploration.

Keywords: digital identity, self-sovereign identity, identity data privacy

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.