Blokzincirde Anonim ve Devredilemez Biyometrik Dijital Kimlik

2017 yılında Augot et al. tarafından Bitcoin Blokzinciri üzerinde ilk kullanıcı odaklı Kimlik Yönetimi sistemi tanımlanmıştır. Ancak Bitcoin kripto para birimi anonim değildir, dolayısıyla mahremiyeti saglamamaktadır. Bu nedenle, kimliği oluşturan unsurlardan biri olan biyometrik verilerin mahremiyeti sağlayan bir platformda ve şifreli olarak yönetilmesi gereklidir. Böylelikle hem devredilemezlik özelliği sağlanmış olacak, hem de kişisel verilerin en başında gelen hassas biyometrik veriler kriptografik yöntemler ile korunarak, anonim şekilde işlem görücektir. Esasen, bu özellikleri sağlayan ilk anonim biyometrik tanımlama sistemi, 2018 yılında Zerocoin blokzinciri üzerinde tasarlanmıştır. Bu sistemde biyometrik veriler (parmak izi, yüz, iris) şifreli olarak blokzincirde tutulmakta, kullanıcıdan bir servise erişim amaclı kimlik tanımlama talebi geldiğinde, biyometrik tanımlama madenciler tarafından şifreli alanda yapılmakta ve bir eşleşme bulunduğunda sonuç blokzincire kayıt edilir. Özetle, anonim transferler ile, servis saglayıcılar anonim biyometrik tanımlama işlemini tamamlayarak kullanıcının talep ettiği erişim iznini sağlarlar. Bu araştırma makalesinde, Zerocoin ile birlikte güncel diğer anonim kripto para birimleri olan Zerocash ve Monero analiz edilerek, biyometrik verilere dayalı dijital kimlik yönetim sistemlerinde performans ve mahremiyet açısından daha iyi çözümlerin mevcut olup olmadığı incelenecektir. Bu inceleme sırasında önce anonim kriptoparalara ait blokzincirler üzerinde biyometrik tanımlama uygulaması, akabinde bu uygulama üzerinde basit bir modifikasyon ile anonim dijital kimlik yönetimi sistemi elde edilecektir. Son olarak bu çözümlerden en az maliyetli olanı, analiz edilen anonim kripto para sistemleri karşılaştırılarak tespit edilecektir. İlk sonuçlara göre, Cryptonote tabanlı Monero en uygun sistem olup, gelecekte daha yüksek güvenlik sağlayan RingCT tabanlı sistemler de değerlendirilecektir.

Anahtar Kelimeler:

Blokzincir, Biyometri, Mahremiyet, Anonimlik, Dijital Kimlik, Bitcoin, Zerocoin, Zerocash, Monero

Anonymous and Non-transferable Biometric Digital ID on Blockchain

The first user centric Identity Management system on the Bitcoin Blockchain was introduced in 2017 by Augot et al. However, Bitcoin is not an anonymous cryptocurrency, therefore, privacy is not guaranteed. Hence, one aspect of the identity, namely biometrics should be processed in a privacy preserving manner and as encrypted. This way, non-transferability is guaranteed in addition to the anonymous processing of the most important personal identifier, namely sensitive biometric data. In fact, the first anonymous biometric identification system that guarantees these notions was described in 2018 on top of Zerocoin protocol. In this system, biometric data (fingerprint,face, iris), are stored as encrypted on the Blockchain. If there is an incoming identification request from the user to access a service, the biometric matching is performed by the nodes/miners in the encrypted domain and if a match is found, it is recorded on the Blockchain. In summary, through anonymous transfers, service providers complete the anonymous biometric identification procedure and provides the necessary access to the service. In this research article, we evalute recent privacy coins of Zerocash and Monero in addition to Zerocoin, and examine whether there exists better solutions in biometric based Identity Management systems with respect to efficiency and privacy. First, we describe anonymous biometric identification/authentication systems based on anonymous cryptocurrencies and then we modify them slightly to obtain anonymous Digital ID. Finally, we compare the analyzed privacy coins in order to find the cheapest solution. Initial results show that Cryptonote based Monero provides the most ideal system, leading to the evaluation of RingCT based systems guaranteeing a higher security level.

Keywords:

Blockchain, Biometrics, Privacy, Anonymity, Digital ID, Bitcoin, Zerocoin, Zerocash, Monero,

PDF

___

Augot, D., Chabanne, H., Chenevier, T., George, W., and Lambert, L. (2017a). A user-centric system for verified identities on the bitcoin blockchain. In CBT’17, volume 10436 of LNCS, pages 390–407. Springer.
Augot, D., Chabanne, H., Clémot, O., and George, W. (2017b). Transforming face-to-face identity proofing into anonymous digital identity using the bitcoin blockchain. In PST’17, pages 25–2509. IEEE.
Augot, D., Chabanne, H., and George, W. (2019). Practical solutions to save bitcoins applied to an identity system proposal. In ICISSP’19, pages 511–518. SciTePress.
BCTR (Retrieved on March, 2021). Blockchain tabanlı biyometrik doğrulama sistemi. https://bctr.org/blockchaintabanli- biyometrik-dogrulama-sistemi-4624/.
Bernabe, J. B., Canovas, J. L., Hernandez-Ramos, J. L., Torres Moreno, R., and Skarmeta, A. (2019). Privacy-preserving solutions for blockchain: Review and challenges. IEEE Access, 7:164908–164940.
BitDegree (Retrieved on March, 2021). Zcash vs monero - the complete guide. https://www.bitdegree.org/crypto/tutorials/zcash-vs-monero.
Blanton, M. and Hudelson, W. M. P. (2009). Biometric based non-transferable anonymous credentials. In ICICS’09, volume 5927 of LNCS, pages 165–180. Springer.
Brands, S. A. (2000). Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press.
BZLab (Retrieved on March, 2021). Blokzincir. http://blockchain.bilgem.tubitak.gov.tr/.
coindesk (Retrieved on March, 2021). Zcash zec average transaction fee (24h). https://www.coindesk.com/price/zcash.
CoinLore (Retrieved on March, 2021). Coinlore koinler/zcoin blockchain stats. https://www.coinlore.com/tr/coin/zcoin.
CryptID (Retrived on May, 2018). source code available at https://github:com/cryptidid/cryptid. http://cryptid:xyz/.
Dodis, Y., Reyzin, L., and Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In EUROCRYPT’04, volume 3027 of LNCS, pages 523–540. Springer.
Kumar, A., Fischer, C., Tople, S., and Saxena, P. (2017). A traceability analysis of monero’s blockchain. In ESORICS’17, volume 10493 of LNCS, pages 153–173. Springer.
Lesavre, L., Varin, P., Mell, P., Davidson, M., and Shook, J. (Accessed on: August, 2019). A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems. https://doi.org/10.6028/NIST.CSWP.07092019- draft.
Liu, Y., Sun, G., and Schuckers, S. (2019). Enabling secure and privacy preserving identity management via smart contract. In CNS’19, pages 1–8.
Miers, I., Garman, C., Green, M., and Rubin, A. D. (2013). Zerocoin: Anonymous distributed e-cash from bitcoin. In SP’13, pages 397–411. IEEE.
MONERO.HOW (Retrieved on March, 2021a). How long do monero transactions take? https://www.monero.how/howlong- do-monero-transactions-take.
MONERO.HOW (Retrieved on March, 2021b). How much are monero transaction fees? https://www.monero.how/monerotransaction- fees.
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.
Noether, S. (2015). Ring signature confidential transactions for monero. Cryptology ePrint Archive, Report 2015/1098.
Othman, A. and Callahan, J. (2018). The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity. In IJCNN’18, pages 1–7.
Paul, J., Xu, Q., Fei, S., Veeravalli, B., and Aung, K. (2019). Practically realisable anonymisation of bitcoin transactions with improved efficiency of the zerocoin protocol. In FICC’18, pages 108–130. Springer.
Ruffing, T., Thyagarajan, S. A. K., Ronge, V., and Schröder, D. (2018). Burning zerocoins for fun and for profit - A cryptographic denial-of-spending attack on the zerocoin protocol. In CVCBT’18, pages 116–119. IEEE.
Sarier, N. D. (2018). Privacy preserving biometric identification on the bitcoin blockchain. In CSS’18, volume 11161 of LNCS, pages 254–269. Springer.
Sarier, N. D. (2021). Comments on biometric-based nontransferable credentials and their application in blockchainbased identity management. Computers & Security, 105:102243.
Sasson, E. B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., and Virza, M. (2014). Zerocash: Decentralized anonymous payments from bitcoin. In 2014 IEEE Symposium on Security and Privacy, pages 459–474.
Toutara, F. and Spathoulas, G. (2020). A distributed biometric authentication scheme based on blockchain. In 2020 IEEE International Conference on Blockchain, pages 470–475. IEEE.
van Saberhagen, N. (2013). Cryptonote v 2.0. Available at https://cryptonote.org/whitepaper.pdf.
Wijaya, D. A., Liu, J. K., Steinfeld, R., Liu, D., and Yuen, T. H. (2018). Anonymity reduction attacks to monero. In Inscrypt’18, volume 11449 of LNCS, pages 86–100. Springer.
YCHARTS (Retrieved on March, 2021). Bitcoin average transaction fee. https://ycharts.com/indicators/bitcoin_average_transaction_fee.
Yuen, T. H., Sun, S., Liu, J. K., Au, M. H., Esgin, M. F., Zhang, Q., and Gu, D. (2020). Ringct 3.0 for blockchain confidential transaction: Shorter size and stronger security. In FC’20, volume 12059 of LNCS, pages 464–483. Springer.
Zhou, X., Hafedh, Y., Wang, Y., and Jesus, V. (2018). A simple auditable fingerprint authentication scheme using smart-contracts. In SmartBlock’18, volume 11373 of LNCS, pages 86–92. Springer.
Zhu, X. and Badr, Y. (2018). Identity management systems for the internet of things: A survey towards blockchain solutions. Sensors, 18(12):4215.