An Attack Tree Based Risk Analysis Method for Investigating Attacks and Facilitating Their Mitigations in Self-Sovereign Identity

Self-Sovereign Identity (SSI) is a digital identity that is managed in a decentralized manner utilising an underlying blockchain. It allows identity owners to manage and store their digital identities without relying on centralised third-party providers. Providing full control of an identity to its owner seeks to enhance the security and privacy of the individual. The utilisation of the decentralised trust model provided by an underlying blockchain realises this user-centred control. However, this operational change towards greater control and responsibility placed upon identity owners poses new challenges and security threats to the SSI system. Heretofore, there have been no significant research studies performed to assess potential attacks on the SSI system. The SSI model is an emerging Identity Management model, and requires a meticulous study of its potential attack surfaces. Therefore, this paper proposes an attack tree based risk analysis method for investigating potential attacks on the SSI system and their associated risks in facilitating their mitigations. This proposed attack tree based risk analysis method presents a systematic and generalised model to generate attack trees that can be used to perform risk analysis. In this investigation, three potential attacks on the SSI system are focused: faking identity, identity theft and distributed denial of service attacks. For each attack, the attack tree based risk analysis is performed; and subsequently, their mitigations are proposed.