Trustworthy Attestable Decentralised Identity System (Tardis)

值得信赖的可证明去中心化身份系统（Tardis）

• 批准号: 2873098
• 金额: --
• 依托单位: University of Cambridge
• 依托单位国家: 英国
• 项目类别: Studentship
• 财政年份: 2023
• 资助国家: 英国
• 起止时间: 2023 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=studentship-2873098
• 关键词: Trustworthy; Attestable; Decentralised; Identity; System

Identity is an important concept, it is used to represent an entity in such a way that it can be identified from everything else in the same space. In the digital world we need identities for both human entities and virtual objects, typically used before they are permitted to carry out some action or obtain data. However, the internet is not a trusted system, identities formats are decided by the owners or designers of the systems that people or other systems interact with, and security control is inconsistent at best, inexistent at worst. Digital identity has become widely used in recent years for various purposes including legal verification, and this trend is rapidly increasing. It makes use of people's online records (e.g., online purchase history, social media profile) as well as their personal records (e.g., birth date, passport number) compiled together to form an identifier. However, majority of the identity systems are centralised and hence owned by an authority. The authoritative organisations have full control over all identification data used in their systems. When it comes to data being shared in a globalised system, for instance data gathered for climate change analysis, we simply cannot have a single source of authority. The next challenge is the measurement of trustworthiness. A trust system does not imply everything flows is trustworthy, equally even if something is trustworthy, it doesn't mean it should have the power to view or access everything. The main objective of this research is to identify the gaps in existing identity systems and to fix the security concerns. Data sharing is part of our everyday life and already so many problems such as the ones highlighted above are not being prioritised. In this research we will also look into a novel way to represent identities that allows communications and data sharing on a secure need-to-know basis, using multi-dimensional properties of digital identity and the dynamic nature of the context it is in. The owner would choose which subset of their personal data to be disclosed, form a sequence of bytes (e.g. encrypted) that can be transferred safely to a decentralised system where trust could be established and trustworthiness could be determined. The receiving end would have advertised what is the minimal set of data they need for their services and the authorit-y(-ies) they use for the trustworthiness validation. The research will be divided into three main stages:1. Existing design and identify gaps. During this initial stage the project will gather the requirements that define "trustworthiness", considering testability and explainability.2. Based on results from the previous step, this stage is to seek an end to end solution for the identity crisis in the modern digital world. The proposal is to make use of new representation using bigraph as the identity representation, which when combined with Macaroons mechanism we will have a decentralised trust system where (a) users have full control of their own identities; (b) trustworthiness could be measured and verified; and (c) risks associate with centralised system such as authority abuse and security vulnerabilities could be minimised.3. Test and verify the hypothesis. We will need a purposely built decentralised system to simulate the information flows with access control in place at all the servers. A set of scenarios will be provided for the evaluation, and for each scenario a list of use cases along with the expected results will be defined. All identities will be represented using Tardis bigraph notation, and we will test out the system using the Tardis to assess its accuracy, effectiveness, security and performance.

身份是一个重要的概念，它用于表示一个实体，以便可以将其与同一空间中的其他所有事物区分开来。在数字世界中，我们需要人类实体和虚拟对象的身份，通常在允许他们执行某些操作或获取数据之前使用。然而，互联网不是一个可信的系统，身份格式是由人们或其他系统交互的系统的所有者或设计者决定的，安全控制往好了说是不一致的，往坏了说是不存在的。近年来，数字身份已广泛用于包括法律验证在内的各种目的，并且这种趋势正在迅速增长。它利用人们的在线记录（例如，在线购买历史记录、社交媒体资料）以及他们的个人记录（例如，出生日期、护照号码）汇总在一起形成标识符。然而，大多数身份系统都是中心化的，因此由权威机构拥有。权威组织对其系统中使用的所有识别数据拥有完全控制权。当涉及到在全球化系统中共享的数据时，例如为气候变化分析收集的数据，我们根本无法拥有单一的权威来源。下一个挑战是可信度的衡量。信任系统并不意味着所有流动的东西都是值得信赖的，同样，即使某些东西值得信赖，也不意味着它应该有权查看或访问所有东西。这项研究的主要目的是找出现有身份系统的漏洞并解决安全问题。数据共享是我们日常生活的一部分，但诸如上述突出问题之类的许多问题尚未得到优先考虑。在这项研究中，我们还将研究一种新的身份表示方式，利用数字身份的多维属性及其所处环境的动态性质，允许在安全的需要知道的基础上进行通信和数据共享。所有者将选择要披露的个人数据的子集，形成字节序列（例如加密的），该字节序列可以安全地传输到可以建立信任并确定可信度的去中心化系统。接收端将公布他们的服务所需的最小数据集以及他们用于可信度验证的权威机构。 研究工作将分为三个主要阶段： 1．现有设计并找出差距。在这个初始阶段，项目将收集定义“可信度”的要求，同时考虑可测试性和可解释性。2．基于上一步的结果，此阶段是为现代数字世界的身份危机寻求端到端的解决方案。该提案是利用双图作为身份表示的新表示，当与马卡龙机制结合时，我们将拥有一个去中心化的信任系统，其中（a）用户可以完全控制自己的身份； (b) 可信度可以衡量和验证； (c) 可以最大限度地减少与中心化系统相关的风险，例如滥用权力和安全漏洞。3．测试并验证假设。我们需要一个专门构建的去中心化系统来模拟信息流，并在所有服务器上实施访问控制。将提供一组场景进行评估，并为每个场景定义用例列表以及预期结果。所有身份都将使用 Tardis bigraph 表示法表示，我们将使用 Tardis 测试系统，以评估其准确性、有效性、安全性和性能。