Analyzing and comparing the security of self-sovereign identity management systems through threat modeling

The concept of Self-Sovereign Identity (SSI) promises to strengthen the security and user-centricity of identity management. Since any secure online service relies on secure identity management, we comparatively analyze the intrinsic security of SSI. Thus, we adopt a hybrid threat modeling approach comprising STRIDE, attack trees, and ratings towards this unique context. Data flow diagrams of the isolated, centralized and the SSI model serve as the foundation for the assessment. The evolution of the paradigms shows an increasing complexity in security zones and communication paths between the components. We identified 35 threats to all SSI components and 15 protection measures that reduce the threats' criticality. As a result, our research shows that the SSI paradigm's threat surface is significantly higher compared to the traditional models. Besides the threat assessment on model level, the adapted methodology can evaluate a specific implementation. We analyzed uPort with a restricted scope to its user agent. Thus, 2 out of 10 threats were not properly addressed, leading to potential spoofing, denial, or repudiation of identity actions.