Our website uses cookies. By continuing to use this site, you agree to our use of cookies in accordance with this notice and the Terms of Use.
Journals
Books
Monographies Textbooks
Submit manuscript
Home / Journals / Scientific and analytical journal «Vestnik Saint-Petersburg university of State fire service of EMERCOM of Russia» / Volume 2024 Issue 4 / ZERO-KNOWLEDGE CREDENTIALS AS A WAY TO MINIMIZE DATA LEAKS
ZERO-KNOWLEDGE CREDENTIALS AS A WAY TO MINIMIZE DATA LEAKS
Submit manuscript Download PDF
Text
To cite
Citations:

ZERO-KNOWLEDGE CREDENTIALS AS A WAY TO MINIMIZE DATA LEAKS
Deshevov Pavel 1
Ukustov Sergey 2
Authors:
1.  MIREA – Russian technological university (department of KB-4 «Intelligent information security systems department», lecturer)

Russian Federation
2.  Volgograd state technological university (Systems of computer-aided design and exploratory construction department, senior lecturer)

Russian Federation
Type:
Article
DOI:
https://doi.org/10.61260/2218-130X-2025-2024-4-120-129
Pages:
from 120 to 129
Status:
Published
Received:
20.10.2024
Accepted:
17.11.2024
Published:
04.02.2025
Subject area:
004.056.53
Language:
Russian
Keywords:
authentication, authorization, digital credentials, zero-knowledge proofs, zero-knowledge credentials
Abstract and keywords
Abstract (English):
Identification, authentication, and authorization processes can be conducted in various ways. Particular attention is given to the processes implemented within the self-sovereign identity paradigm. This paper analyses the processes from a data leak perspective. A comparison is made between self-sovereign identity and a centralized identity provider scheme. An overview of the relevant implementations for these processes is provided: in both the self-sovereign and non-sovereign paradigms. It has been found that, from the data leaks perspective, the self-sovereign identity scheme could only provide superior security if zero-knowledge proof technology is applied.

Keywords:
authentication, authorization, digital credentials, zero-knowledge proofs, zero-knowledge credentials
Text
Text (PDF): Read Download
References

1. Otchet ob issledovanii utechek informacii ogranichennogo dostupa v I polovine 2022 g. // INFOWATCH: razrabotchik reshenij dlya obespecheniya informacionnoj bezopasnosti. URL: https://www.infowatch.ru/sites/default/files/analytics/files/otchyot-ob-utechkakh-dannykh-za-1-polugodie-2022-goda_1.pdf (data obrashcheniya: 05.02.24).

2. Utechki informacii ogranichennogo dostupa v mire i v Rossii, pervoe polugodie 2023 g. // INFOWATCH: razrabotchik reshenij dlya obespecheniya informacionnoj bezopasnosti. URL: https://www.infowatch.ru/sites/default/files/analytics/files/utechki-informatsii-ogranichennogo-dostupa-v-mire-i-rossii-za-pervoe-polugodie-2023-goda.pdf (data obrashcheniya: 05.02.24).

3. Gajsina A.R., Filatova T.A. Osobennosti utechek informacii ogranichennogo dostupa v Rossijskoj Federacii // Nacional'naya bezopasnost' i strategicheskoe planirovanie. 2024. № 1 (45). S. 46–59. DOI:https://doi.org/10.37468/2307-1400-2024-1-46-59. EDN MQEZZF.

4. Varzin S.A., Matveev V.V. Obespechenie informacionnoj bezopasnosti v sisteme zdravoohraneniya // Nacional'naya bezopasnost' i strategicheskoe planirovanie. 2023. № 3 (43). S. 19–56. DOIhttps://doi.org/10.37468/2307-1400-2024-2023-3-19-56. EDN ONKEFE.

5. Denis @denis-19. V svobodnom dostupe vylozhili arhiv servisa «Yandeks.Eda» s dannymi zakazov klientov, «Yandeks» ranee podtverdil utechku // Habr. 2022. 2 marta. URL: https://habr.com/ru/news/654039/ (data obrashcheniya: 05.02.2024).

6. O personal'nyh dannyh: Feder. zakon ot 27 iyulya 2006 g. № 152-FZ. URL: https://www.consultant.ru/document/cons_doc_LAW_61801/ (data obrashcheniya: 31.07.2024).

7. Shugaev V.A., Alekseenko S.P. Klassifikaciya insajderskih ugroz informacii // Vestnik Voronezhskogo instituta MVD Rossii. 2020. № 2. S. 143–153.

8. Palmer M. Data is the New Oil. 2006. 3 noyab. URL: https://ana.blogs.com/maestros/2006/11/data_is_the_new.html (data obrashcheniya: 31.07.2024).

9. Buterin V. Control as Liability. 2019. 9 maya. URL: https://vitalik.eth.limo/general/2019/05/09/control_as_liability.html (data obrashcheniya: 31.07.2024).

10. Goldreich O., Oren Y. Definitions and properties of zero-knowledge proof systems // Journal of Cryptology. 1994. Vol. 7. № 1. P. 1–32.

11. Kuz'min A.M., Svichkar' D.A., Henkin P.V. Moshennichestvo s ispol'zovaniem sinteticheskih cifrovyh lichnostej // Sovremennye informacionnye tekhnologii i IT-obrazovanie. 2023. T. 19. № 2. S. 251–261.

12. Kondakov A.M., Kostyleva A.A. Cifrovaya identichnost', cifrovaya samoidentifikaciya, cifrovoĭ profil': postanovka problemy // Vestnik Rossiĭskogo universiteta druzhby narodov. Ser.: Informatizaciya obrazovaniya. 2019. T. 16. № 3. S. 207–218. DOI:https://doi.org/10.22363/2312-8631-2019-16-3-207-218

13. Preukschat A., Reed D. Self-Sovereign Identity: Decentralized digital identity and verifiable credential. Maning, 2021. 504 p.

14. OpenID Connect Core 1.0. Specifikaciya. URL: https://openid.net/specs/openid-connect-core-1_0.html (data obrashcheniya: 31.07.2024).

15. SAML 2.0 Core. Specifikaciya. URL: https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf (data obrashcheniya: 31.07.2024).

16. Decentralized Identifiers (DIDs) v1.0 // The World Web Wibe Consortium (W3C). URL: https://www.w3.org/TR/did-core (data obrashcheniay: 05.02.24).

17. Verifiable credentials Data Model v2.0 // The World Web Wibe Consortium (W3C). URL: https://www.w3.org/TR/vc-data-model-2.0 (data obrashcheniya: 05.02.24)

18. Selective disclosure of claims from multiple digital credentials / Š.B. Ramić [et al.] // University of Sarajevo Faculty of Electrical Engineering Sarajevo Bosnia and Herzegovina, 2024. 13 p.

19. The BBS Signature Scheme // Identity Foundation DIF. URL: https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html (data obrashcheniya: 02.05.24).

20. Selective Disclosure for JWTs (SD-JWT) // IETF Datatracker. URL: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt (data obrashcheniya: 02.05.2024).

21. Par'ev S.E., Pravikov D.I., Karantaev V.G. Osobennosti primeneniya risk-orientirovannogo podhoda dlya obespecheniya kiberbezopasnosti promyshlennyh ob"ektov // Bezopasnost' informacionnyh tekhnologij. 2020. T. 27. № 4. S. 37–52. ISSN 2074-7136.

22. Vereshchagin N.K., Shchepin E.V. Informaciya, kodirovanie i predskazanie. M.: FMOP, MCNMO, 2012. 236 s.

23. Ziller A., Mueller T.T., Braren R., Rueckert D., Kaissis G. Privacy: An Axiomatic Approach // Entropy. 2022. T. 24. № 5. St. 714. ISSN 1099-4300. DOI:https://doi.org/10.3390/e24050714.

24. Rost chislennosti gosudarstv – chlenov OON // Organizaciya Ob"edinennyh Nacij. URL: https://www.un.org/ru/about-us/growth-in-un-membership (data obrashcheniya: 31.07.2024)

© journals.igps.ru
Agreement Personal data protection and processing policy Support Powered by Editorum, 2025 Instructions
Login or Create
* Forgot password?