Safeguarding a formalized Blockchain-enabled identity-authentication protocol by applying security risk-oriented patterns

摘要

Designing government independent and secure identification- and authentication protocols is a challenging task. Design flaws and missing specifications as well as security- and privacy issues of such protocols pose considerable user risks. Formal methods, such as Colored Petri Nets (CPN), are utilised for the design, development and analysis of such new protocols in order to detect flaws and mitigate identified security risks before deployment. This paper fills the gap, by applying in a novel way a set of security risk-oriented patterns (SRP) to the so-called Authcoin protocol that we formalise using CPN. The initial formal model of Authcoin facilitates the detection and elimination of design flaws, missing specifications as well as security- and privacy issues. The additional risk- and threat analysis based on the Information Systems Security Risk Management (ISSRM) domain model we perform on the formal CPN models of the protocol. The identified risks are mitigated by applying SRPs to the formal model of the Authcoin protocol. SRPs are a means to mitigate common security- and privacy risks in a business-process context by applying thoroughly tested and proven best-practice solutions. The goal of this work is to test the utility of SRPs outside of the the usual application domain, to reduce the risks and vulnerabilities of the Authcoin protocol. (C) 2019 Elsevier Ltd. All rights reserved.