Blokzincirde Anonim ve Devredilemez Biyometrik Dijital Kimlik
2017 yılında Augot et al. tarafından Bitcoin Blokzinciri üzerinde ilk kullanıcı odaklı Kimlik Yönetimi sistemi tanımlanmıştır. Ancak Bitcoin kripto para birimi anonim değildir, dolayısıyla mahremiyeti saglamamaktadır. Bu nedenle, kimliği oluşturan unsurlardan biri olan biyometrik verilerin mahremiyeti sağlayan bir platformda ve şifreli olarak yönetilmesi gereklidir. Böylelikle hem devredilemezlik özelliği sağlanmış olacak, hem de kişisel verilerin en başında gelen hassas biyometrik veriler kriptografik yöntemler ile korunarak, anonim şekilde işlem görücektir. Esasen, bu özellikleri sağlayan ilk anonim biyometrik tanımlama sistemi, 2018 yılında Zerocoin blokzinciri üzerinde tasarlanmıştır. Bu sistemde biyometrik veriler (parmak izi, yüz, iris) şifreli olarak blokzincirde tutulmakta, kullanıcıdan bir servise erişim amaclı kimlik tanımlama talebi geldiğinde, biyometrik tanımlama madenciler tarafından şifreli alanda yapılmakta ve bir eşleşme bulunduğunda sonuç blokzincire kayıt edilir. Özetle, anonim transferler ile, servis saglayıcılar anonim biyometrik tanımlama işlemini tamamlayarak kullanıcının talep ettiği erişim iznini sağlarlar. Bu araştırma makalesinde, Zerocoin ile birlikte güncel diğer anonim kripto para birimleri olan Zerocash ve Monero analiz edilerek, biyometrik verilere dayalı dijital kimlik yönetim sistemlerinde performans ve mahremiyet açısından daha iyi çözümlerin mevcut olup olmadığı incelenecektir. Bu inceleme sırasında önce anonim kriptoparalara ait blokzincirler üzerinde biyometrik tanımlama uygulaması, akabinde bu uygulama üzerinde basit bir modifikasyon ile anonim dijital kimlik yönetimi sistemi elde edilecektir. Son olarak bu çözümlerden en az maliyetli olanı, analiz edilen anonim kripto para sistemleri karşılaştırılarak tespit edilecektir. İlk sonuçlara göre, Cryptonote tabanlı Monero en uygun sistem olup, gelecekte daha yüksek güvenlik sağlayan RingCT tabanlı sistemler de değerlendirilecektir.
Anonymous and Non-transferable Biometric Digital ID on Blockchain
The first user centric Identity Management system on the Bitcoin Blockchain was introduced in 2017 by Augot et al. However, Bitcoin is not an anonymous cryptocurrency, therefore, privacy is not guaranteed. Hence, one aspect of the identity, namely biometrics should be processed in a privacy preserving manner and as encrypted. This way, non-transferability is guaranteed in addition to the anonymous processing of the most important personal identifier, namely sensitive biometric data. In fact, the first anonymous biometric identification system that guarantees these notions was described in 2018 on top of Zerocoin protocol. In this system, biometric data (fingerprint,face, iris), are stored as encrypted on the Blockchain. If there is an incoming identification request from the user to access a service, the biometric matching is performed by the nodes/miners in the encrypted domain and if a match is found, it is recorded on the Blockchain. In summary, through anonymous transfers, service providers complete the anonymous biometric identification procedure and provides the necessary access to the service. In this research article, we evalute recent privacy coins of Zerocash and Monero in addition to Zerocoin, and examine whether there exists better solutions in biometric based Identity Management systems with respect to efficiency and privacy. First, we describe anonymous biometric identification/authentication systems based on anonymous cryptocurrencies and then we modify them slightly to obtain anonymous Digital ID. Finally, we compare the analyzed privacy coins in order to find the cheapest solution. Initial results show that Cryptonote based Monero provides the most ideal system, leading to the evaluation of RingCT based systems guaranteeing a higher security level.
___
- Augot, D., Chabanne, H., Chenevier, T., George, W., and
Lambert, L. (2017a). A user-centric system for verified
identities on the bitcoin blockchain. In CBT’17, volume
10436 of LNCS, pages 390–407. Springer.
- Augot, D., Chabanne, H., Clémot, O., and George, W. (2017b).
Transforming face-to-face identity proofing into anonymous
digital identity using the bitcoin blockchain. In PST’17,
pages 25–2509. IEEE.
- Augot, D., Chabanne, H., and George, W. (2019). Practical
solutions to save bitcoins applied to an identity system
proposal. In ICISSP’19, pages 511–518. SciTePress.
- BCTR (Retrieved on March, 2021). Blockchain tabanlı
biyometrik doğrulama sistemi. https://bctr.org/blockchaintabanli-
biyometrik-dogrulama-sistemi-4624/.
- Bernabe, J. B., Canovas, J. L., Hernandez-Ramos, J. L., Torres
Moreno, R., and Skarmeta, A. (2019). Privacy-preserving
solutions for blockchain: Review and challenges. IEEE
Access, 7:164908–164940.
- BitDegree (Retrieved on March, 2021).
Zcash vs monero - the complete guide.
https://www.bitdegree.org/crypto/tutorials/zcash-vs-monero.
- Blanton, M. and Hudelson, W. M. P. (2009). Biometric based
non-transferable anonymous credentials. In ICICS’09,
volume 5927 of LNCS, pages 165–180. Springer.
- Brands, S. A. (2000). Rethinking Public Key Infrastructures
and Digital Certificates: Building in Privacy. MIT Press.
- BZLab (Retrieved on March, 2021). Blokzincir.
http://blockchain.bilgem.tubitak.gov.tr/.
- coindesk (Retrieved on March, 2021). Zcash zec average transaction
fee (24h). https://www.coindesk.com/price/zcash.
- CoinLore (Retrieved on March, 2021). Coinlore koinler/zcoin
blockchain stats. https://www.coinlore.com/tr/coin/zcoin.
- CryptID (Retrived on May, 2018). source code available at
https://github:com/cryptidid/cryptid. http://cryptid:xyz/.
- Dodis, Y., Reyzin, L., and Smith, A. (2004). Fuzzy extractors:
How to generate strong keys from biometrics and other
noisy data. In EUROCRYPT’04, volume 3027 of LNCS,
pages 523–540. Springer.
- Kumar, A., Fischer, C., Tople, S., and Saxena, P. (2017).
A traceability analysis of monero’s blockchain. In
ESORICS’17, volume 10493 of LNCS, pages 153–173.
Springer.
- Lesavre, L., Varin, P., Mell, P., Davidson, M., and Shook, J.
(Accessed on: August, 2019). A Taxonomic Approach to
Understanding Emerging Blockchain Identity Management
Systems. https://doi.org/10.6028/NIST.CSWP.07092019-
draft.
- Liu, Y., Sun, G., and Schuckers, S. (2019). Enabling secure
and privacy preserving identity management via smart contract.
In CNS’19, pages 1–8.
- Miers, I., Garman, C., Green, M., and Rubin, A. D. (2013).
Zerocoin: Anonymous distributed e-cash from bitcoin. In
SP’13, pages 397–411. IEEE.
- MONERO.HOW (Retrieved on March, 2021a). How long do
monero transactions take? https://www.monero.how/howlong-
do-monero-transactions-take.
- MONERO.HOW (Retrieved on March, 2021b). How much are
monero transaction fees? https://www.monero.how/monerotransaction-
fees.
- Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash
system.
- Noether, S. (2015). Ring signature confidential transactions
for monero. Cryptology ePrint Archive, Report 2015/1098.
- Othman, A. and Callahan, J. (2018). The Horcrux Protocol:
A Method for Decentralized Biometric-based Self-sovereign
Identity. In IJCNN’18, pages 1–7.
- Paul, J., Xu, Q., Fei, S., Veeravalli, B., and Aung, K. (2019).
Practically realisable anonymisation of bitcoin transactions
with improved efficiency of the zerocoin protocol. In
FICC’18, pages 108–130. Springer.
- Ruffing, T., Thyagarajan, S. A. K., Ronge, V., and Schröder,
D. (2018). Burning zerocoins for fun and for profit -
A cryptographic denial-of-spending attack on the zerocoin
protocol. In CVCBT’18, pages 116–119. IEEE.
- Sarier, N. D. (2018). Privacy preserving biometric identification
on the bitcoin blockchain. In CSS’18, volume 11161
of LNCS, pages 254–269. Springer.
- Sarier, N. D. (2021). Comments on biometric-based nontransferable
credentials and their application in blockchainbased
identity management. Computers & Security,
105:102243.
- Sasson, E. B., Chiesa, A., Garman, C., Green, M., Miers, I.,
Tromer, E., and Virza, M. (2014). Zerocash: Decentralized
anonymous payments from bitcoin. In 2014 IEEE Symposium
on Security and Privacy, pages 459–474.
- Toutara, F. and Spathoulas, G. (2020). A distributed biometric
authentication scheme based on blockchain. In 2020 IEEE
International Conference on Blockchain, pages 470–475.
IEEE.
- van Saberhagen, N. (2013). Cryptonote v 2.0. Available at
https://cryptonote.org/whitepaper.pdf.
- Wijaya, D. A., Liu, J. K., Steinfeld, R., Liu, D., and Yuen,
T. H. (2018). Anonymity reduction attacks to monero.
In Inscrypt’18, volume 11449 of LNCS, pages 86–100.
Springer.
- YCHARTS (Retrieved on March, 2021).
Bitcoin average transaction fee.
https://ycharts.com/indicators/bitcoin_average_transaction_fee.
- Yuen, T. H., Sun, S., Liu, J. K., Au, M. H., Esgin, M. F.,
Zhang, Q., and Gu, D. (2020). Ringct 3.0 for blockchain
confidential transaction: Shorter size and stronger security.
In FC’20, volume 12059 of LNCS, pages 464–483. Springer.
- Zhou, X., Hafedh, Y., Wang, Y., and Jesus, V. (2018). A
simple auditable fingerprint authentication scheme using
smart-contracts. In SmartBlock’18, volume 11373 of LNCS,
pages 86–92. Springer.
- Zhu, X. and Badr, Y. (2018). Identity management systems
for the internet of things: A survey towards blockchain
solutions. Sensors, 18(12):4215.