New Blockchain Architecture for Keeping Password Safe

Computer scientists at UNSW have created a new blockchain framework to help people who lose passwords to their cryptocurrency wallets.

Dr. Helen Paik and Prof. Salil Kanhere led a team from UNSW Engineering to create CredChain, a blockchain-based Self-Sovereign Identity (SSI) platform architecture which allows secure creation, sharing and verification of credentials.

The system could be used in real-time for academic and medical keeping of records and sharing of information, as well as keeping passwords safe.

The challenge of a lost password is extremely costly for those unable to get access to their digital Bitcoin wallets.

A German living in San Francisco cannot access his wallet worth about $457 million after forgetting his password.

Stefan Thomas created a complex passcode for a wallet when he was paid in Bitcoin for a project done in 2011, when it was only worth a few thousand dollars. He jotted down the password on a piece of paper which he lost, and now cannot remember or guess what the log-in credentials are.

The team from the School of Computer Science and Engineering at UNSW proposed ‘Key Sharding’ as a potential feature of their CredChain platform which could resolve this expensive challenge.

The basics is that a complex password can be divided into separate pieces (shards) which are meaningless individually, until a sufficient amount of the shards are assembled to validate the whole password.

‘In this case, we say the password is a key. We can “split the key”, so-to-speak, into multiple pieces and store each piece in different locations’, says Prof. Kanhere.

‘If or when the key is lost, the owner can present enough pieces of the keys to the system to prove his identity and recover the original key. Each piece on its own cannot be used to access the account.’

‘Managing important passwords is one of the big and ongoing challenges. In the case of a Bitcoin wallet, the system may only offer one way to connect the person’s identity to Bitcoin, so losing that single connection can have a very detrimental effect.’

A paper on the CredChain system won the Best Paper Award at the 2020 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).

According to Dr. Paik, their new architecture addresses the important issues of security and privacy.

‘At the center of this is the idea of decentralization of this identity authority. So, there are no central government or big ID service-providers that are controlling your identity. It’s now on the blockchain, decentralized. No one owns it, except the user, who has control and owns their own identity on the blockchain platform’, she says.

‘Most digital credential sharing schemes currently adopt centralized storage and management of credentials and associated keys, which could lead to a single point of failure and high security risks.’

The CredChain platform could be used for numerous applications where the establishment of trust in certain claimed information is essential to the delivery of services.

‘CredChain is a decentralized identity service and in the paper, we talk about micro-credentials in the education service— where the user can collect all the small bits of information about the courses completed and grade achieved and store that in a tamper-proof system and later be able to verify that to anyone who wanted or needed to know’, says Dr. Paik.

‘Our system also ensures that when a credential is shared, the user can redact parts of the credential to minimize the private data being shared, while maintaining the validity of the credential.’

‘This could also be applied for people collecting and controlling their own medical records and being able to decide precisely what personal information they share.’

Prof. Kanhere is the general chair and Dr Paik is part of the organizing committee for the 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) which will occur virtually from May 3rd to 6th.

The Conference is the basic forum where there is exchange of the latest research and innovation, regulation, policies and other relevant information in the fast-rising field of blockchain and cryptocurrency.

By Marvellous Iwendi.

Source: UNSW Sydney