Design Considerations for Protection of Blockchain based Digital Identity Ecosystem

Digital identity provides mechanisms for personally identifying information (PII) to be asserted and verified in digital services and transactions. Self-sovereign identities (SSI) are digital identities that allow users to self-manage their digital identities and have full control over it without depending on third-party providers to store and centrally manage the data. To utilize the full potential of digital identity to enable personalized services and efficient transactions, blockchain technology is being proposed to manage digital identity in a decentralized manner as the means to achieve the holy grail. While it certainly has promise, the growing number of threats on the blockchain ecosystem and traditional identity management system call for a systematic approach towards securing the identity management on based on blockchain. In this work, we study the existing attacks and vulnerabilities and present possible hypothetical attack scenarios which may get executed in future by these vulnerabilities. We have analyzed the attacks scenarios with comparison of attack cost and benefits of the attacker and comparison of mitigation cost and damage cost of each attack. We focus on the different attacks and usecases on the blockchain based digital identity systems which would help developers to secure their designs. We describe each attack with its mechanism, usecase(s), benefits and requirements of the attacker for successful attack with the possible damage scenarios and consequences, comparison of attack cost and benefits, comparison of mitigation cost and damage cost, possible mitigation and some security measures for each attack.