NSF grant supports development of hack-proof digital identities

Behind most mass data breaches are the shortcomings of current systems for storing internet users' digital identities. A more secure framework already exists, but it lacks usability, according to Nikolay "Nick" Ivanov, Ph.D.

"These cumbersome protocols require such a degree of technical savviness that they are not yet ready for the general public," said the assistant professor in the Department of Computer Science at Rowan University's College of Science & Mathematics.

Ivanov hopes to address this problem in his research on self-sovereign digital identities (SSDIs). Backed by a two-year, $173,852 National Science Foundation grant, Ivanov will conduct the first systematic study of the usability of SSDI interactions and develop the first comprehensive inventory of these protocols.

Digital identity is not one account but multiple records used to access servers, websites and platforms, all tied to users' personal data.

"If the databases where all these records are stored together are attacked, the result is something we see in the news almost every day: massive data breaches," Ivanov said. "Digital identity management is such an intrinsic part of our daily life that we don't think much about what we are risking when we register accounts or share information."

Security issues are only one of the problems with existing ways of handling digital identities that Ivanov hopes to address.

"When we store our data under third-party servers, we are at the mercy of those services," Ivanov said. "Even our personal security is now more dependent on our digital accounts, so allowing third-party companies to handle such important things is becoming riskier."

Through SSDIs, "we're trying to bring digital identities back on the user side," Ivanov said. Self-sovereign digital identities, by design, effectively prevent mass-scale data breaches.

But there are drawbacks. Features users are accustomed to having, like restoring accounts, require protocols that are not yet well developed under this technology. Instead of usernames and passwords, SSDIs use private keys too long to memorize.

"We cannot expect billions of people to memorize an 80-digit private key," Ivanov said.

Ivanov is exploring the possibility of using non-alphanumeric representations as private keys by having users memorize a set of pictures or locations on a map instead. His team will also develop protocols to achieve the same features current technologies offer through this new paradigm.

The six student researchers in Ivanov's Research Laboratory for Advanced Cyber Systems and Usable Security (ACSUS Lab) will assist with this project. Some, like Maryam Massoud Ahmed, who is in the second semester of the Ph.D. in data science program, have already made contributions to the ACSUS Lab.

"I am currently working with Professor Ivanov to clarify the meaning behind the term 'cyber system,'" said Ahmed. "By studying its roots and usage across disciplines, we hope to become the first researchers to officially define the term."

To Ivanov, SSDIs represent more than a new data storage system that is hack-proof by design.

"SSDIs can facilitate more digital equity so that, regardless of their background, people have equal access and opportunities when it comes to using digital resources," Ivanov said.

Public link

Please use the above public link if you want to share this noodl on another website.