Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kauri ID - A Self-Sovereign, Blockchain-based I...

Kauri ID - A Self-Sovereign, Blockchain-based Identity System

Presented on Friday, 13 July 2018 at the ITP Conference in Wellington, New Zealand

Kiwis can't express their identity digitally and securely across cultural backgrounds, across competitive boundaries. This is an ongoing, permanent problem so far. Yes, there are ways for it, e.g. using RealMe, Google federated identity, etc. But they all have their "warts". Some are expensive or cumbersome to use from an organisation's perspective. Others are leaking meta-data to corporates, whose goal is to use your information to be able to sell to you in a better way, thus making the end user The Product (TM). Yet others are lacking critical mass among the population to be successful.

A Bloomberg Intelligence's Report ("The year Ahead 2018") is quoting the cost for the US banking sector for KYC (Know Your Customer) or AML (Anty Money Laundering) breaches to total US$ 16.1 billion from 2008 to 2015. The same report cites the Royal Bank of Scotland to employ 2,000 staff (early 2017) exclusively to comply with KYC rules, with the expectation to lower this headcount by 95% given a viable digital solution.

Due to the magnitude of this problem, a local major bank has kicked off an initiative with the local community to venture into solution opportunities.

This paper presents the background to the problem statement, the goal definition and particularly the approach taken for the system. Design decisions and evaluations will be discussed for this system under the project title of "Kauri ID", a self-sovereign, blockchain-based identity infrastructure. It puts the user at the centre, and no company or organisation owns identity information or acts as a (formal) guardian.

Kauri ID employs privacy by design, enabling fine-granular, selective and confidential data sharing. Authenticity is implemented via a web of trust, attesting identity attribute claims.

Even though Kauri ID is inherently self-sovereign, sovereign aspects can be catered for via governmental attribute endorsements, thus building a bridge between New Zealand's RealMe system and Kauri ID.

Guy Kloss

July 13, 2018
Tweet

More Decks by Guy Kloss

Other Decks in Technology

Transcript

  1. Kauri ID A Self-Sovereign, Blockchain-based Identity System Guy Kloss (SingleSource)

    Paul Salisbury (BlockchainLabs.NZ) Vishnu Devarajan (ASB) ITP Conference Wellington, 13 July 2018
  2. Who am I? • (Cryptography and Computer Science) Geek •

    Working (now) for SingleSource: • KYC and AML focused services • Part of the “Centrality family” of companies • Building an underlying digital identity system • Lots of blockchain and underlying cross-company synergies 2/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  3. Mission Statement Solve this common problem: Kiwis can’t express their

    identity digitally and securely across cultural backgrounds and across competitive boundaries. 3/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  4. A Driving Economical Problem The cost of KYC and AML

    (e. g. to banks) Example: Royal Bank of Scotland • Employs approx. 2,000 staff (early 2017) for KYC rules • Expectats to reduce head-count by 95 % (given a viable digital solution) Source: Bloomberg Intelligence’s Report “The Year Ahead 2018” 4/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  5. Who Dunnit? Wynyard Innovation Neighbourhood 5/29 | Guy Kloss, Paul

    Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  6. Who Dunnit? Wynyard Innovation Neighbourhood 5/29 | Guy Kloss, Paul

    Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  7. Value Proposal • Secure & Trustworthy (enable fine-granular, selective, confidential

    data sharing) • Self-sovereign (privacy preserving, no third party custodian) • Tamper Resisatant . . . using blockchain (for us) 6/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  8. Why Blockchain? by Brendan (Jim) Boughen http://cartoonsbyjim.com 7/29 | Guy

    Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  9. Why Blockchain? • No custodianship • No tampering/immutability • Built-in

    security/reliability 8/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  10. Based on Distributed Consensus Whakaaro wh¯ anui: The beauty of

    thinking together, not thinking the same. (People in agreement.) Chris Cormack at OSOS 2015 10/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  11. What is Kauri ID? • Used to be: The project/vision

    I’m talking about • Now: Protocols, data structures, concepts • Allow for this to work in a decentralised environment • May be implemented using centralised systems • Based on a “Web of Trust” approach 11/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  12. What is Kauri ID? • Very different from traditional/centralised design

    • Easy to go one way, quite difficult for the reverse • A “standard” with a reference implementation, that allows for integration and federation of ID attributes 12/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  13. The Vision • For individuals Give power back to the

    individual to be in control of their Digital Identity. • For Organisations Take the pain out of compliance and enable risk free business. We leave traces of our digital self everywhere. Our data is harvested, mined, exposed, stolen and traded, which is used in cybercrime and financial fraud. This undermines the trust between individuals and organisations as we are more reluctant to share information and organisations are having to rely on a spaghetti of processes to screen customers and meet tougher regulations. 13/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  14. The Vision • For individuals Give power back to the

    individual to be in control of their Digital Identity. • For Organisations Take the pain out of compliance and enable risk free business. We leave traces of our digital self everywhere. Our data is harvested, mined, exposed, stolen and traded, which is used in cybercrime and financial fraud. This undermines the trust between individuals and organisations as we are more reluctant to share information and organisations are having to rely on a spaghetti of processes to screen customers and meet tougher regulations. 13/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  15. Privacy and Data Protection by Brendan (Jim) Boughen http://cartoonsbyjim.com 14/29

    | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  16. The Vision • Still along the lines of the original

    project • Standards-based, open, collaborative • But allows for (easier) federation/integration (e. g. with proprietary systems) • Using strong cryptographic assurances, and guarantees of tamper resistance 15/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  17. The Vision Identity (uPort) Provenance (PROV) Customer management contracts (B/C)

    uses uses uses controls uses B/C Storage IPFS 16/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  18. The Vision • De-couple tech from policy/governance • A robust/capable

    “core” → Can be used in various legislations (spill beyond the boundaries of NZ) • Keeps complementary aspects decoupled/separate (regulatory compliance, GDPR compliance, etc.) • But supports meeting these requirements • De-couple Kauri ID from ID/authentication → Can “bolt onto” various systems (such as uPort), to allow for better integration 17/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  19. Modular Design LEGO LEGO LEGO LEGO LEGO LEGO P =

    8.0 mm = 5/6 × H = 2.5 × h 3.0 mm 5.0 mm 1.7 mm H = 9.6 mm = 1.2 × P = 3 × h P - 0.2 mm = 7.8 mm 2 × P - 0.2 mm = 15.8 mm h = 3.2 mm = 0.4 × P = 1/3 × H 18/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  20. A User Journey 1. Onboarding for AA Membership, making a

    virgin KauriID (with DL and POA, extracting attributes & including photo) 2. Local Library Membership (with attested POA “basket” from step 1) 3. Purchase alcohol (with attested DOB and picture attribute only from step 1) 4. Onboarding for a Loan at ASB (with Passport and S&P Agreement) • ASB attests a stronger identity and updates POA “basket” • Updated POA “basket” → user’s choice to share updates 5. Connecting power from Mercury (online only, using latest from step 4) 6. Registering to vote in local election with KauriID records (with latest from step 4) 19/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  21. Data Structures It’s a bit too deep to go into

    data structures . . . , but the following shows what they’re supposed to achieve. 20/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  22. Data Structures The 10 Commandments :-) 1. The ability to

    make “self claims” by the subject (to be attested by another party). 2. The ability to make “foreign claims” (usually by the attester, usually attested immediately). 3. The ability to keep content of claims/attributes confidential. 4. The ability to decrypt every claim element/attribute independently (separate encryption key). 5. The ability to reference each claim element/attribute independently (tuple: claim set reference, attribute index). 6. The ability to verify the authenticity of every claim element/attribute independently. 7. Uphold opaqueness of the type of attribute (or named key) to an outside observer. 8. Uphold opaqueness of the attester (signer) of a claim to an outside observer. 9. A requester by default is only enabled to retrieve the attestation meta-data of a single attestation. 10. A requester can be enabled to recursively retrieve the attestation meta-data of the entire (backward facing) attestation provenance trail. 21/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  23. Data Structures A glimpse of the current work in progress

    (incomplete, not up-to-date) 22/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  24. Initial Technical Platform • uPort on Ethereum: Blockchain Authentication Framework

    • IPFS: Decentralised, Immutable Data Storage Framework • PROV: W3C standard system and grammar to express relationships and processes • JSON (RFC 4627): Storage structure for common data payloads • JOSE: IETF Javascript Object Signing and Encryption • ERC-780: (Emerging) Standard to reference on-chain claims in Ethereum 23/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  25. Current Status • NZ DIF • Industry-driven, government involved •

    Technical collaboration • On Kauri ID core matters • Adoption/implementation • Use case evaluation • Collaborators: SingleSource, Spark, BlockchainLabs.NZ and ASB 24/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  26. Are you interested? • Follow the KauriID project documentation https://kauriid.gitlab.io/kauriid_doc/

    • Get in touch! 25/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  27. Now, what’s Provenance? AA validates the address kauriid:provingAnAddress wasAssociatedWith nzta:dl/john_doe_0815

    used watercare:bills/customer/4711/month/201709.pdf used kauriid:persons/4242/attestation/0001 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code aa:Organisation aa:Bob actedOnBehalfOf water bill driver licence 26/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  28. Now, what’s Provenance? AA validates the address kauriid:provingAnAddress wasAssociatedWith nzta:dl/john_doe_0815

    used watercare:bills/customer/4711/month/201709.pdf used kauriid:persons/4242/attestation/0001 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code aa:Organisation aa:Bob actedOnBehalfOf Bob works for AA 26/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  29. Now, what’s Provenance? AA validates the address kauriid:provingAnAddress wasAssociatedWith nzta:dl/john_doe_0815

    used watercare:bills/customer/4711/month/201709.pdf used kauriid:persons/4242/attestation/0001 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code aa:Organisation aa:Bob actedOnBehalfOf new identity attestation 26/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  30. Now, what’s Provenance? ASB checks validity of the identity kauriid:provingAnIdentity

    wasAssociatedWith dia:passport/john_doe_0815 used kauriid:persons/4242/attestation/0001 used kauriid:persons/4242/attestation/0002 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code, place_of_birth, country, passport_type, passport_no, passport_issued_ts, passport_expires_ts kauriid:provingAnAddress used wasAssociatedWith harcourts:snp/house_47110666.pdf used kauriid:persons/4242/attestation/0003 wasGeneratedBy wasDerivedFrom wasDerivedFrom asb:Organisation asb:Ray actedOnBehalfOf New attestations joined with old graph * 27/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  31. Now, what’s Provenance? ASB checks validity of the identity kauriid:provingAnIdentity

    wasAssociatedWith dia:passport/john_doe_0815 used kauriid:persons/4242/attestation/0001 used kauriid:persons/4242/attestation/0002 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code, place_of_birth, country, passport_type, passport_no, passport_issued_ts, passport_expires_ts kauriid:provingAnAddress used wasAssociatedWith harcourts:snp/house_47110666.pdf used kauriid:persons/4242/attestation/0003 wasGeneratedBy wasDerivedFrom wasDerivedFrom asb:Organisation asb:Ray actedOnBehalfOf Can be stored in bank’s private system 27/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  32. Demo Time https://kauriid.herokuapp.com Look, mum . . . No password!

    28/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
  33. Questions? It’s all about trust! Guy Kloss [email protected] 29/29 |

    Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018