Authors: Wenting Li, Javier Vicente
Organization: NEC
A B5G blockchain radio access network like NANCY is a system built on decentralized, secure and efficient mechanisms able to manage network access and authentication among inherently trustless B5G network entities. Privacy is one of the key requirements for such a system. Digital privacy prevents the illegitimate use of users’ personal data and automatically improves the reputation of the blockchain owner. One of the approaches we use to guarantee privacy in NANCY is Self-Sovereign Identity (SSI).
Self-Sovereign Identity
SSI is an approach that allows individual users to manage and control their own identities through a decentralized identity management system. In contrast to existing traditional identity management systems, where a centralized issuing party manages all the identities and credentials of a user and provides requested authentication services for the user to other application services (i.e., verifiers), SSI allows users to generate their own identities and keep the corresponding credentials locally, e.g., in a digital wallet, and handle the authentication or authorization processes directly with any application services. In this way, credential issuers will not be involved in every authentication process, thus improving efficiency as well as user privacy.
W3C has proposed corresponding standards for SSI systems: Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). DID provides a standardized approach to uniquely identifying users or subjects in decentralized systems, and VC describes a way to manage credentials, i.e., digitally signed attestations regarding a subject’s attributes or affiliations, by leveraging decentralized identifiers (DIDs) for trust and interoperability. The standards propose an architecture where a user (holder) holds DIDs and VCs in his own digital wallet, requests issuers to acquire VCs, and interacts with verifiers to get authenticated by presenting Verifiable Presentations (VPs) derived from his VCs without disclosing his credentials. Meanwhile, all parties upload the public part of their identifiers and schemas in a verifiable data registry for other parties to look for information. This verifiable data registry is the NANCY blockchain.
Figure 1. SSI Architecture with the NANCY wallet and NANCY blockchain
Implementation
The NANCY wallet is a Kotlin gRPC server which exposes calls for working with the NANCY blockchain, the PQC component and also the SSI infrastructure. So, the NANCY wallets feature different SSI methods that enable them to interact with our SSI infrastructure by possessing one or more verifiable credentials and generating verifiable presentations from them. Here, the “verifiable” objects are secured in a way that is cryptographically verifiable. These wallets become holders which feature “selective disclosure” (the ability of a holder to make fine-grained decisions about what information to share), which largely improves privacy in NANCY.
Users can interact with the wallet gateway service with any gRPC implementation, for example, grpcurl. To improve the usability, we also provide a wallet client implementation walletClient so that users can talk to the wallet with command line options. As mentioned earlier, there are three key roles in the SSI system: holders, verifiers and issuers. The NANCY wallets offer methods for all three of them, from CreateCredential (an “issuer” method) to CreatePresentation (a “holder” method) and VerifyCredential (a “verifier” method). Once deployed in the NANCY demonstrators, this scheme can, for instance, help a user maintain privacy while requesting access to a certain service in NANCY (e.g. a VR application or a secure communication application like those in the Greek and Italian Massive Scenario use cases, respectively).
Benefits of SSI in NANCY
SSI improves security by reducing risks associated with data breaches and identity theft. It also increases interoperability, enabling seamless authentication across different actors, while fostering trust in NANCY through the use of verifiable credentials that minimize fraud. An SSI-based system like this also enhances user convenience by eliminating the need for repetitive identity verification.
If you are interested, deliverable D5.2 offers a more thorough technical breakdown of the NANCY Wallet and the SSI infrastructure.
