Skip to main content

Research Repository

Advanced Search

Secretation: Toward a Decentralised Identity and Verifiable Credentials Based Scalable and Decentralised Secret Management Solution

Jaroucheh, Zakwan; �lvarez, Iv�n Abell�n

Authors

Iv�n Abell�n �lvarez



Abstract

Secrets such as passwords, encryption keys, and certificates are used to assist in protecting access to resources such as computing devices, customer data and other information. Unauthorised access to resources can cause significant disruption and/or disastrous consequences. Given the importance of protecting these secrets to the security and privacy of many software systems, many solutions have been proposed. These solutions take two main directions: either securely store the secret and implement an access control mechanism, or divide the secret into a set of shares and distribute them in different machines (such as the Shamir's secret sharing approach or multi-party computation MPC). However, apart from the MPC approach, they all share the same limitation: once the consumer receives the secret, it can be leaked and be used by any malicious actor. We believe that the secret management should not be centralised and that the secret should never be sent to the receiver. Therefore, in this paper we propose, Secretation, a new approach for managing the secrets in a decentralised way by leveraging decentralised identity concepts such as verifiable credential technologies, password-authenticated key exchange protocols and multi-party computation. The result is a more scalable and secure solution that significantly reduces the risk of leaking the secrets.

Citation

Jaroucheh, Z., & Álvarez, I. A. (2021, May). Secretation: Toward a Decentralised Identity and Verifiable Credentials Based Scalable and Decentralised Secret Management Solution. Presented at 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Sydney, Australia

Presentation Conference Type Conference Paper (published)
Conference Name 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)
Start Date May 3, 2021
End Date May 6, 2021
Online Publication Date Jun 24, 2021
Publication Date 2021
Deposit Date Sep 17, 2021
Publicly Available Date Sep 17, 2021
Publisher Institute of Electrical and Electronics Engineers
Book Title 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)
DOI https://doi.org/10.1109/icbc51069.2021.9461144
Public URL http://researchrepository.napier.ac.uk/Output/2802109

Files

Toward A Decentralised Identity And Verifiable Credentials Based Scalable And Decentralised Secret Management Solution (accepted version) (264 Kb)
PDF





You might also like



Downloadable Citations