Journal of Network and Computer Applications 166 (2020) 102731

Contents lists available at ScienceDirect

Journal of Network and Computer Applications

journal homepage: www.elsevier.com/locate/jnca

Review

Blockchain-based identity management systems: A review

Yang Liu a, b, Debiao He a, b, ∗, Mohammad S. Obaidat, Fellow of IEEE c, d, e, Neeraj Kumar f,i,
Muhammad Khurram Khan g, Kim-Kwang Raymond Choo h
a School of Cyber Science and Engineering, Wuhan University, Wuhan, China
b
Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology, Guilin, China
c College of Computing and Informatics, University of Sharjah, United Arab Emirates
d
KASIT, University of Jordan, Amman, Jordan
e
University of Science and Technology Beijing, Beijing, China
f Department of Computer Science and Engineering, Thapar University, Patiala, India
g
Center of Excellence in Information Assurance, King Saud University, Saudi Arabia
h Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, USA
i
Department of Computer Science and Information Engineering, Asia University, Taiwan

A R T I C L E I N F O A B S T R A C T

Keywords: Identity management solutions are generally designed to facilitate the management of digital identities and
Identity management system operations such as authentication, and have been widely used in real-world applications. In recent years, there
Blockchain
have been attempts to introduce blockchain-based identity management solutions, which allow the user to take
Blockchain-based identity management
over control of his/her own identity (i.e. self-sovereign identity). In this paper, we provide an in-depth review of
Self-sovereign
existing blockchain-based identity management papers and patents published between May 2017 and January
2020. Based on the analysis of the literature, we identify potential research gaps and opportunities, which will
hopefully help inform future research agenda.

1. Introduction devices/nodes (in the new blockchain-based paradigm). This facilitates

self-sovereign identity(SSI), since the users will now have the capability
Digital identity plays an increasingly important role in our intercon- to regain control of their own identity. Consequently, this minimizes
nected, digitalized society. For example, most of us have a number various risks inherent of conventional identity management solutions
of digital identities, associated with our workplace, our personal life, (e.g. user identity abuse) (El Haddouti and El Kettani, 2019; Kuperberg;
and other professional-related activity(ies). This partly contributes to Jindal et al., 2019).
the growing reliance on identity information management (also Given the relatively recent trend in designing blockchain-based
referred to as identity management, identity management and access identity management solutions, it is not surprising that a number of
control, etc, in the literature), designed to manage and secure our challenges remain. For example, how can users convince
identity infor- mation and to provide relevant services. Building on organizations to willingly accept attributes of pseudonymous
the success of blockchain, there have also been attempts to individuals of uncertain reputation? There are also potentially legal
integrate blockchain in the design of the next generation of identity and financial implications, if a transaction is subsequently found to
management solutions (El Haddouti and El Kettani, 2019; Kuperberg; be fraudulent or criminal and the organizations have not conducted
Chaudhary et al., 2019). their due diligence in verifying the identity of the users involved in
In a typical blockchain-based identity management system, there the transaction. We observe that self-sovereign identity is a topic that
are a large number of distributed nodes (Lim et al., 2018). Such has been explored in the literature (Lim et al., 2018; Schäffner; Zhu and
nodes can be utilized to provide distributed storage, reliable access Badr, 2018).
and com- putation capabilities. The user in such a system acts as a Therefore, in this paper we focus on the study of blockchain-
node in the network; thus, allowing the storage of sensitive user data based identity management systems, by reviewing recent state-of-the-
to shift from servers (in the conventional identity management art advances on the topic. Specifically, we search for relevant English-
solutions) to user

∗ Corresponding author. School of Cyber Science and Engineering, Wuhan University, Wuhan, China.
E-mail address: [email protected] (D. He).

https://doi.org/10.1016/j.jnca.2020.102731
Received 13 February 2020; Received in revised form 8 April 2020; Accepted 26 May 2020
Available online 3 June 2020
1084-8045/© 2020 Elsevier Ltd. All rights reserved.
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

language articles and patent documents published between May 2017

and January 2020 on the various academic databases (e.g.
ACM Digital Library, IEEE Explore, ScienceDirect, and Springer
Link) and Google Scholar, using keywords such as (“blockchain”
AND “identity management”). Of the sixty articles found, we only
include 50 articles for discussion in this paper.
In Section 2, we will introduce relevant concepts of identity man-
agement and the building blocks in blockchain. Then, in Section 3,
we will first introduce three existing blockchain-based identity
manage- ment systems, prior to reviewing the related literature. In
Section 4, we will identify and discuss potential research challenges
and opportuni- ties. We conclude this paper in the last section.

2. Preliminaries

1. Identity management

As previously discussed, identity management (IdM) is also known

as identity and access management (IAM) in the literature. Broadly Fig. 1. A typical operation of an identity management system.
speaking, IdM refers to a framework of policies and technologies
for ensuring that only authorized individuals can access the
associated resources in an organization (Stroud, 2019; Manohar and
Briggs). IdM is a relatively mature topic, given the large number of
standards and frameworks (ShangGuan, 2012), such as the Security
Assertion Markup Language (SAML) (Hughes et al.,), the Web Services
Federation (WS- Fed) (Goodner and Nadalin), the Identity Federation
Framework (ID- FF) (Cantor et al., ), and the Identity Web Services
Framework (ID-WSF) (Cahill et al., 2007). Examples of IdM criteria
include the CoSign Pro- tocol (Cosign), the Open Authentication
(OAuth) citehardt2012oauth, and the OpenID Connect (OIDC) (
Openidconnect).
However, as our society becomes more interconnected and digital-
ized, with a significant increase in the number and types of systems and
identities that need to be managed, there is also a need to revisit our
conventional IdM paradigms. For example, as discussed earlier,
there have been attempts to leverage the characteristics of blockchain
(e.g. decentralization, openness, trustworthiness, and security) in the
next generation IdM design (Dunphy and Petitcolas, 2018; Zambrano et
al., 2018; Wadhwa, 2019; Lesavre et al., 2019; Grüner et al., 1807).
1. Building blocks
For simplicity, let’s consider the scenario where a user requests for
proof of identity from an identity provider, and the identity provider
responds to the token. In this simplistic setting, there is exchange of Fig. 2. Identity management architecture: An overview.
information between both entities (e.g. real individual or some enti-

•
ties). If the identity providers are separate entities, then this becomes
a three-party identity management model of comprising users, identity In order to enjoy the desired service, a user must submit a request
providers and identity dependents. In such a model, since the identity for an identity from the identity manager. The identity manager
provider is a separate entity, the identity resource used for authenti- then generates a unique identity based on the information provided
by the user and replies to the user.
•
cation only stores in the identity provider, and the identity dependent
can only verify the authentication of the user’s identity by querying The user requests a specific service from the service provider, and
the identity provider. In addition to providing user identities, identity the service provider requests for identity information from the user.
providers should also have identity management, identity reset, identity The user receives the request and replies with the corresponding
data.
•
revoke, and other related functions.

•
The service provider requests the identity provider to verify the
User. Users are the primary enablers of the system, enjoying the var- validity of user’s identity. The identity provider returns the authen-
ious services offered by the service provider and identity provider. tication results, and the service provider provides the service based
Not all users have the same privilege.
•
on the received validation results.
Identity provider. Identity provider, the core of the system, is
tasked with providing users with identity services (e.g. registra-
tion, authentication and management). This entity also provides 2.1.2. Architecture
user authentication. There are many different identity management systems and archi-
•
Service provider. Service provider is an important part of the sys- tectures in the literature (Mohamad et al., 2016; Rowden; Caldwell;
tem, and is mainly responsible for providing services for users (once Martinez et al., 2016; Pavalanathan and De), which can be broadly
they are successfully authenticated). categorized into independent identity management architecture
(IMA), federated identity management architecture, and centralized
The flow-chart of the system is presented in Fig. 1, and explained
identity management architecture (see Fig. 2).
below:

2
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

Table 1
Independent, federated, and centralized identity management architectures: A
comparative summary.
Standard System Architecture
IIMA CIMA FIMA

Complexity Low Medium High

Implementation Simple Medium Hard
Scalability High Medium Low
Users’ requirements Significant (e.g. storage) Light Medium
SSO Not supported Supported Supported

•
Independent IMA. In this architecture, each service provider has mechanisms offering protection against identity attacks (Cameron, 2005
its own user identity data. In other words, the identities of different ).
•
service providers are not interoperable. Although the structure Consistent Experience Across Contexts. The unifying identity
is simple, it is not scalable as the number of service providers metasystem must guarantee its users a simple, consistent experience
increases (e.g. implications for storage requirements at the service while enabling separation of contexts through multiple operators
providers). Also, it is not practical for the users to remember their and technologies (Cameron, 2005).
identity infor- mation for every single service provider, without
The Cameron’s law of identity plays an important role in the imple-
reusing or recy- cling their user credentials.

•
mentation of IdM systems, as its seven laws regulate the behavior of IdM
Centralized IMA. The centralized IMA has only one identifier and
systems. Specifically, the “User Control and Consent” law guarantees
identity provider in the trusted domain. This means that all service
the user’s control to his/her identity information, the “Minimal Disclo-
providers in the same trusted domain will share the users’ identity.
sure for a Constrained Use” law guarantees the use of identity informa-
Hence, the identifier should be carefully selected, and the unique
tion on demand, the “Justifiable Parties” law guarantees that the third
identity in the trusted domain is a typical choice.
•
parties would not access more identity information than needed, the
Federated IMA. The federated IMA establishes a trusted domain
“Directed Identity” law guarantees that the user can connect and access
and comprises multiple identity providers in the federation.
the desired service(s), the “Pluralism of Operators and Technologies”
A trusted domain consists of multiple service providers within the
law provides convenience for both developer and cooperator and guar-
fed- eration that recognizes users’ identity from other service
antees the system’s scalability, the “Human Integration” law provides
providers. For example, a U.S.-based academic can choose to
some prestore hints like guide and emergency manual for all users, and
sign in to
the “Consistent Experience Across Contexts” law guarantees a certain
Research.gov using either their National Science Foundation (NSF)
quality of experience for the users.
identity information or their organization credentials.

A comparative
where summary
IIMA denotes of the IMA,
independent three IMAs
FIMA isdenotes
presented in Table
federated 1,
IMA, 2.2. Blockchain
and CIMA denotes centralized IMA.
2.2.1. Architecture
Ethereum, the first platform to run Turing complete smart contract,
2.1.3. Laws of identity is currently one of the most preferred platforms for blockchain appli-
We will now revisit the Cameron’s law of identity (Cameron, 2005), cations. Therefore, we will use Ethereum as an example to explain the
which is used in the later part of this paper. blockchain architecture. An overview of Ethereum’s structure is pre-

•
User Control and Consent. Technical identity systems must only sented in Fig. 3.
reveal information identifying a user with the user’s consent The data layer is the foundation of all functions, including data stor-
(Cameron, 2005). age and security assurance. The data storage is realized through the

•
Minimal Disclosure for a Constrained Use. The solution which
discloses the least amount of identifying information and best limits
its use is the most stable long term solution (Cameron, 2005).
•
Justifiable Parties. Digital identity systems must be designed
so the disclosure of identifying information is limited to parties
hav-
ing a necessary and justifiable place in a given identity relationship
(Cameron, 2005).
•
Directed Identity. A universal identity system must support
both “omni-directional” identifiers for use by public entities and
“unidirectional” identifiers for use by private entities, thus facili-
tating discovery while preventing unnecessary release of correlation
handles (Cameron, 2005). Facilitating electronic discovery (e.g. in a
civil litigation) and forensic investigations (e.g. in a criminal investi-
gation) (Manral et al., 2020), while preventing unnecessary release
of correlation handles.
•
Pluralism of Operators and Technologies. A universal identity
system must channel and enable the inter-working of multiple
identity technologies run by multiple identity providers (Cameron, 2005
).
•
Human Integration. The universal identity metasystem must define
the human user to be a component of the distributed system Fig. 3. Structure of ethereum.
integrated through unambiguous human-machine communication
3
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

blocks and the chain. The storage is based on the Merkle tree to ensure
data persistence. Security guarantee relies on the data layer’s hash func-
tion, digital signature and other cryptography technology, which col-
lectively guarantee the security of the account and the transaction.
The underlying signature and hash adopt the Elliptic Curve Digital
Signa- ture Algorithm (ECDSA) signature algorithm and SHA3 hash
algorithm (Feng et al., 2019; Aggarwal et al., 2019).
The network layer is a layer implemented using peer-to-peer (P2P)
technology. In a P2P network, there is no centralized server, and each
user is a node with server functionality. This layer embodies decentral-
ization and network robustness.
The consensus layer is responsible for network nodes agreeing on
transactions and data, and includes two consensus mechanisms. At
Fig. 5. An overview of a smart contract.
the beginning, there are few ethers (ETHs), and the proof of work
(PoW) consensus mechanism is adopted to encourage the rapid
exploration of ETHs. When the number of ETHs is su fficiently large,
The Merkle tree makes it possible to relieve nodes from the signifi-
the proof of stake (PoS) mechanism will be adopted. Such an
cant storage burden, and new nodes may be a light node to participate
approach can effectively avoid the partial distribution of a single node.
in this blockchain. Without transaction details, the space occupied by
The incentive layer is responsible for the issuance and distribution
blockchain data is significantly reduced. Although the heavy node (that
of ETHs. ETHs can be used to pay for fuel to run smart contracts, etc,
holds all blockchain data including transaction details) will still exist,
and are produced by mining, with a bonus of some ETHs per block.
such nodes are minorities.
In the smart contract layer, the running smart contract must have a
corre- sponding virtual machine, for example, ethereum has ethereum
virtual machine (EVM) to support the underlying smart contract. At 2.2.3. Smart contract
the same time, the decentralized application (DAPP) has an interactive A smart contract is a computer protocol designed to digitally facili-
interface, which facilitates the use of smart contracts by users (Aggarwal et tate, validate, or enforce the negotiation or performance of a contract.
al., 2019; Mistry et al., 2020). Smart contracts allow the execution of contract code without third par-
ties – see also Fig. 5.
Smart contract inherits three features of blockchain, namely:
2.2.2. Merkle tree tamper-proof, permanent operation and data transparency. The
The Merkle tree acts as a representative role in the blockchain, and data in blockchain are permanent. Therefore, the deployed smart
contains all transactions in a block. Such a container leaves all transac- contract cannot be modified (i.e. contract execution cannot be modified) (
tion details in the body, and the relatively light block header can only Lin et al., 2020; Zhang et al., 2018).
hold a Merkle root of these transactions and other configured attributes. The blockchain has a large number of nodes, and some nodes keep
Fig. 4 presents an overview of the Merkle tree (Lin et al., 2018a; Wang et a complete data copy. Theoretically, as long as there are nodes, the
al., 2020). contract will not stop. The data are transparent, with code and
The Merkle tree includes a root node, a group of internal nodes, and data available to any party at any time. In a public blockchain, data
a group of leaf nodes. Each leaf node represents the hash of a corre- and data processing of smart contracts are publicly available.
sponding transaction in this block. The value in a internal node is pro- Smart contracts are codes deployed on a blockchain which need
duced by computing the hash of two child nodes, and if there is to be executed on the node’s EVM. The EVM is just like the Java
only one child, its hash will be copied. In this way, root node virtual machine (JVM), which is a Java runtime environment. EVM
represents all transactions. The hash of root node will be the identifier interprets
of this block, which will participate in either PoW or PoS. smart contracts as running bytecode, which is encapsulated so that
the internals of virtual machine are not affected by external
networks or other processes. In other words, the smart contract can
only make lim- ited invocations to the virtual machine’s interface.
Smart contracts run on the Ethereum. After obtaining the contract
code, each Ethereum node can be carried in the local EVM and get
their results. Then, the result will be compared with other nodes, and
the result is written to the blockchain after confirmation.
2.3. Challenges in identity
management
There are a number of challenges underpinning an IdM system, and
here we will only focus on the following. First, the level of trust require-
ment varies between different real application scenarios. Hence, the
practical requirements in the design of IdM systems should be taken
into consideration.

•
Access and resource. The system should predefine several lev-
els of access, say for different roles or for different resources. For
example, an IdM system in an education institution, the system
may include identities such as faculty members (tenured and non-
tenured track), administrative staff (i.e. non-faculty members), and
students. In such a system, the faculty members have certain roles
and accesses (e.g. read/edit access to assignments, examinations
and course materials), and similarly a student has different roles
Fig. 4. An overview of the Merkle tree in a block. and accesses (e.g. to upload the assignment and view the marked

4
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

Table 2
How do sovrin, uport, shocard relate to Cameron’s Laws of Identity (Dunphy and Petitcolas, 2018)?
Law Item
Sovrin ShoCard

1.User Control and Users

uPort can choose ID to use and attributes Creation and disclosure of uPortIDs are Users control creation and disclosure of
Consent to reveal. Potential to use web of trust to fully controlled by users, and users can ShoCardIDs. Only party invited by
prevent users from deception prove their ownership. Potential for ShoCardIDs’ owner can access the
leakage of attributes in registry. attributes, and all attributes will be
validated by ShoCard servers.
2.Minimal Disclosure for Anonymous credentials based on There is no need to disclose personal The trusted identity document is used to
a Constrained Use zero-knowledge proofs guarantee the attributes when attaining an uPort bootstrap ShoCardIDs.
principle of “least amount of identifying identifier.
information” disclosure.
3.Justifiable Parties Only authorized parties and agencies can Everyone can access the attributes in the Only party invited by ShoCardIDs’ owner
access the attributes. registry. Potential for encrypted data to can access the attributes, and the ShoCard
be leaked. servers can also access the attributes
without invitation.
4.Directed Identity Supports omnidirectional identifiers. Supports unidirectional sharing of Supports unidirectional sharing of
identifiers between parties. identifiers between parties.
5.Pluralism of Operators Builds a platform for intermediaries Allows for customization of types, Parties can parse existing trusted
and Technologies between users and its network, and although using a specific data format will credentials after integrations with
interface for other identity system is also be preferred. ShoCard centralized servers.
supported.
6.Human Integration Not clear about the usability and user Mobile application is provided but Mobile application is provided but
understanding of privacy in Sovrin usability and user understanding of usability and user understanding of
privacy are not clear. privacy are not clear.
7.Consistent Experience Hard to say, as it depends whether Sovrin Users interact with mobile application Users interact with mobile application
Across Contexts will choose multiple platforms or not. and QR code scanning is accessible. and QR code scanning is accessible.

assignments and grades). An administrator should also have differ-

ent accesses, for example, to help students enroll in certain courses
or remove a hold on the student’s record, after the approval from
the relevant faculty member has been obtained.
•
Trust. There are two key trusted elements, namely: the user trusts
the identity provider, and the service provider trusts the identity
provider. For example, a corrupted identity provider can potentially
access the service, using the user’s identity without his/her consent.
Such unauthorized access may not be known to the users. There-
fore, a developer should consider mitigating such a scenario in the
design of the system. The service provider should also ensure that
the identity provider will notify them when a new provider is added
to the trusted domain. This will allow the service provider to obtain
the relevant user attributes from the identity provider, in order to
determine whether a user can enjoy its service. With a new iden-
Fig. 6. Sovrin architecture (Alsayed Kassem et al., 2019).
tity provider subitem joining the trusted domain, the true decider of
access is the identity provider, rather than the service provider. In
other words, the trusted relation in system will be at risk. For each tity is the Ethereum account address on which users interact, and the
trusted relation, there is always a situation that a trusted part can identity is permanent. uPort table is the smart contract for all uPort
potentially violate the security policy of the other part. identities and is the basis for authentication and o ffl ine data
The above discussion reinforces the importance of clearly under- access sharing. From the user’s perspective, uPort optimizes
standing and stating the types of resources, their access requirements, Ethereum- based applications, so that users interact with real
people instead of dealing with hexadecimal addresses.
•
the trust levels, etc.
ShoCard. ShoCard (Shocard) is a blockchain-based IdM system,
where users can keep and protect their own digital identities. User’s
3. Blockchain-based identity management systems
identity information will always be used together with the user’s
key to ensure privacy. This elimiates the need for a third-party
In this section, we will review three existing blockchain-based IdM
database. ShoCard keeps the authentication code of user data on the
systems.
blockchain, which can guarantee the legitimacy of personal identity

•
Sovrin. Sovrin (Tobin and Reed) is designed to use digital creden- and facilitate third-party verification. ShoCard also issues SFN coins
tials in the offline world. Sovrin has a self-sovereign identity that for payments.
does not depend on any centralized authority and cannot be elimi-
We will now use Cameron’s law of identity (Cameron, 2005) to help
nated. Characteristics of Sovrin include governance, scalability and
us compare Sovrin, uPort, and ShoCard – see Table 2. The structures of
accessibility. More importantly, Sovrin is a worldwide public chain
Sovrin, uPort, and ShoCard are respectively shown in Fig. 6, Fig. 7 and
based on Hyperledger that enables design privacy, such as identify-
Fig. 8.
ing private customers under pseudonyms. It adopts zero-knowledge
proof encryption to selectively ensure privacy.
•
uPort. uPort (Lundkvist et al., 2017) is a system of self-sovereign
identity. It depends on Ethereum, so the essence of the uPort iden-

5
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

tem, where smart contract is used to enable authentication on the

blockchain. In their system, there is no credential service provider. The
Horcrux protocol (Othman and Callahan, 2018) is designed to facilitate
user-controlled biometric authentication.
In settings where users are anonymous, IdM systems need to be
able to adequately authenticate and authorize these unknown identi-
ties (Benjumea et al., 2007). For example, Zhao et al. (Zhao and Liu
) proposed a self-sovereign IdM system and a reputation model, both
for attribute reputation. Other approaches include those of Jamal et al.
(2019) and Amujo et al. (Amujo et al. Hammawa). The latter system is
designed to mitigate Sybil attacks and facilitate identity attribute
disclosure. In a separate work, Fan et al. (2019) introduced an iden-
tity security authentication system based on blockchain. The system
is designed to achieve fault-tolerance and significantly increase the
Fig. 7. uPort architecture (Alsayed Kassem et al., 2019). hard- ness of compromising half of the nodes in the network.
Hamer et al. (Hamer et al., ) combined both cancelable biometrics
protocol and W3C verifiable claims in their proposed scheme, which
is designed to achieve self-sovereign identity. In addition to non-
linkable
identification and privacy preservation, double enrollment is
disal- lowed in this system. Raju et al. (2017) considered both
anonymity and attribute in their proposed blockchain-based privacy-
enhancing system, which also supports end-to-end management.
Pass-closed undirected graph validation can also be used in IdM sys-
tems to facilitate authorization, as demonstrated in the encrypted mem-
ber authentication scheme of (Lin et al., 2018b). In the scheme, it
com- prises a new transitively closed undirected graph validation
mechanism that only requires the appearance of node signatures (e.g.
certificates used to identity nodes). The trapdoor hash function makes it
sufficiently lightweight for the signer to effectively update the
certificate, as there is no need to re-sign the node. The scheme also
Fig. 8. ShoCard architecture (Alsayed Kassem et al., 2019). allows the dynamic adding and removing of nodes and edges.
There are also a number of patents on blockchain-based IdM systems
for authentication (Hyun et al., 2018; Madisetti and Bahga, 2018a). For
There are clearly many other blockchain-based IdM systems, includ- example, Ebrahimi (2017) designed a service using blockchain to
ing those proposed in the literature. provide certifying transactions between devices. This scheme allows
In the remaining of this section, we will review the existing litera- devices to transfer related public key and signature. In this way,
ture (see Table 3). the device could receive data from others.
3.2. Privacy
3.1. Authentication
There have been a number of privacy-preserving schemes proposed
The distributed nature of blockchain-based IdM systems shifts the in the literature, such as those presented in Table 5. For example, Faber
paradigm of having a central storage location to peer node storage, et al. (2019) proposed a blockchain-based personal data and identity
as previously discussed. There are many other defining features and management system, which is designed to facilitate transfer of control
requirements of blockchain-based IdM systems, including those sur- over personal data to edge users. The emphasis is on providing trans-
veyed by Nabi et al. (Nabi). For example, in addition to distributed parency and control over the use of personal data.
storage, blockchain-based IdM systems also support improved efficiency To achieve self-sovereign identity, zero-knowledge proof is be a
and enhanced security (Mikula and Jacobsen, 2018). There have also viable approach, such as the approach presented by Borse et al. (Borse et
been attempts to introduce blockchain-based IdM systems to include al., 2370). The scheme of Borse et al. (Borse et al., 2370) allows
Internet of Things (IoT) device and edge computing (Ren et al., 2019; one to achieve selective anonymity for the user’s properties on
Pularikkal et al.,). Mell et al. (1906) presented a federated IdM sys- the blockchain. The IdM system is a scheme with zero-knowledge
proof

Table 3
Comparative summary of existing blockchain-based works.
Works

Authentication Nabi et al. (Nabi), Mikula et al. (Mikula and Jacobsen, 2018), Pularikkal et al. (Pularikkal et al.,), Lin et al. (Lin et al., 2018b), Ren et al.
(Ren et al., 2019), Mell et al. (Mell et al., 1906), Othman et al. (Othman and Callahan, 2018), Ebrahimi (Ebrahimi, 2017), HYUN et al. (
Hyun et al., 2018), Madisetti et al. (Madisetti and Bahga, 2018a), Zheng Zhao et al. (Zhao and Liu), Arshad Jamal et al. (Jamal et al., 2019),
Oluyemi Amujo et al. (Amujo et al., ), Pengfei Fan et al. (Fan et al., 2019), Saravanan Raju et al. (Raju et al., 2017), Tom Hamer et al. (Hamer
et al., )
Privacy Santos et al. (Santos, 2018), Faber et al. (Faber et al., 2019), Borse et al. (Borse et al., 2370), Kassem et al. (Alsayed Kassem et al.,
2019), Nágy et al. (Nyante, 2018), Liang et al. (Liang et al., 2017), Gao et al. (Gao et al., 2018), Wack et al. (Wack and Scheidt, 2018), Madisetti et
al. (Madisetti and Bahga, 2018b), CHARI et al. (Chari et al., 2019a, 2019b), Saravanan Raju et al. (Raju et al., 2017), Yue Zheng et al. (
Zheng et al., 2019), Martin Schanzenbach et al. (Schanzenbach et al., 2018), Jeonghyuk Lee et al. (Leea et al., 2019) Baars et al. (Baars,
Trust 2016), Manohar et al. (Manohar and Briggs), Grüner et al. (Grüner et al., 2018), Takemiya et al. (Takemiya and Vanieiev, 2018), Ji m St. et al. (St
Clair et al.,),

6
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

Table 4
Features in existing schemes and patents: A comparative summary.
works SC Scalability ZKP Time

Grüner et al. (Grüner et al., 2018) ✓ 2018

Abraham et al. (Abraham et al., 2018) ✓ 2018
Othman et al. (Othman and Callahan, 2018) ✓ 2018
Soltani et al. (Soltani et al., 2018) ✓ 2018
Lesavre et al. (Lesavre et al., 2019) ✓ ✓ 2019
Borse et al. (Borse et al., 2370) ✓ ✓ 2019
Kassem et al. (Alsayed Kassem et al., 2019) ✓ 2019
Stokkink et al. (Stokkink and Pouwelse, 2018) ✓ 2018
Mell et al. (Mell et al., 1906) ✓ 2019
Ren et al. (Ren et al., 2019) ✓ 2019
Lin et al. (Lin et al., 2018b) ✓ ✓ 2018
CHARI et al. (Madisetti and Bahga, 2018a) ✓ ✓ 2018
Mikula et al. (Mikula and Jacobsen, 2018) ✓ 2018
Westerkamp et al. (Westerkamp et al., 2019) ✓ 2019
Faber et al. (Faber et al., 2019) ✓ 2019
Kikitamara et al. (Kikitamara et al.,) ✓ ✓ 2017
Baars et al. (Baars, 2016) ✓ 2016
Santos et al. (Santos, 2018) ✓ 2018
Liang et al. (Liang et al., 2017) ✓ 2017
Takemiya et al. (Takemiya and Vanieiev, 2018) ✓ 2018
Zheng Zhao et al. (Zhao and Liu) ✓ ✓ –
Jim St. et al. (StClair et al.,) ✓ 2020
Arshad Jamal et al. (Jamal et al., 2019) ✓ 2019
Yue Zheng et al. (Zheng et al., 2019) ✓ 2019
Oluyemi Amujo et al. (Amujo et al. Hammawa) ✓ ✓ 2019
Pengfei Fan et al. (Fan et al., 2019) ✓ 2019
Saravanan Raju et al. (Raju et al., 2017) ✓ 2017
Tom Hamer et al. (Hamer et al., ) ✓ 2019
Martin Schanzenbach et al. (Schanzenbach et al., 2018) ✓ ✓ 2018
Jeonghyuk Lee et al. (Leea et al., 2019) ✓ 2019

Table 5
Examples of privacy-preserving schemes.
works privacy criteria remote admin anonymity data minimization user empowering

Grüner et al. (Grüner et al., 2018) ✓ ✓

Abraham et al. (Abraham et al., 2018) ✓ ✓
Othman et al. (Othman and Callahan, 2018) ✓ ✓ ✓
Soltani et al. (Soltani et al., 2018) ✓ ✓ ✓
Lesavre et al. (Lesavre et al., 2019) ✓ ✓ ✓
Borse et al. (Borse et al., 2370) ✓ ✓
Kassem et al. (Alsayed Kassem et al., 2019) ✓ ✓
Stokkink et al. (Stokkink and Pouwelse, 2018) ✓ ✓ ✓
Mell et al. (Mell et al., 1906) ✓ ✓
Ren et al. (Ren et al., 2019) ✓
Lin et al. (Lin et al., 2018b) ✓ ✓ ✓
CHARI et al. (Madisetti and Bahga, 2018a) ✓ ✓
Mikula et al. (Mikula and Jacobsen, 2018) ✓
Westerkamp et al. (Westerkamp et al., 2019) ✓ ✓ ✓
Faber et al. (Faber et al., 2019) ✓ ✓
Kikitamara et al. (Kikitamara et al.,) ✓ ✓ ✓ ✓ ✓
Baars et al. (Baars, 2016) ✓ ✓ ✓
Santos et al. (Santos, 2018) ✓ ✓ ✓ ✓
Liang et al. (Liang et al., 2017) ✓ ✓
Takemiya et al. (Takemiya and Vanieiev, 2018) ✓ ✓
Zheng Zhao et al. (Zhao and Liu) ✓ ✓ ✓
Jim St. et al. (StClair et al.,) ✓
Arshad Jamal et al. (Jamal et al., 2019) ✓
Yue Zheng et al. (Zheng et al., 2019) ✓ ✓ ✓
Oluyemi Amujo et al. (Amujo et al. Hammawa) ✓ ✓ ✓
Pengfei Fan et al. (Fan et al., 2019) ✓ ✓
Saravanan Raju et al. (Raju et al., 2017) ✓ ✓
Tom Hamer et al. (Hamer et al., ) ✓ ✓ ✓ ✓
Martin Schanzenbach et al. (Schanzenbach et al., 2018) ✓ ✓
Jeonghyuk Lee et al. (Leea et al., 2019) ✓ ✓ ✓

of membership combined with the Pedersen commitment, and the zero- Other approaches include those of Kassem et al. (Alsayed Kassem et al.,
knowledge proof is used to keep details secret from the public ledger. 2019), who proposed a smart contract-based identity management system.
Thus, this creates a secure self-sovereign identity system. In a separate The latter is designed to overcome the limitations of exist- ing
work, Chari et al. (2019b) designed the ownership of assets based on decentralized system and mitigate security threats by leveraging
collaborative strenthened by commitment and zero-knowledge proofs. Blockchain’s decentralized nature. In another separate work, a user-

7
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

Table 6
Examples of trust-based systems.
Solution Items
Development Description Weakness Strength

Borse et al. (Borse et simulation a system for self-sovereign identity economic cost for large-scale commitment and zero-knowledge
al., 2370) combining Pedersen’s commitment to implementation protocol, the selective anonymity of the
Interval membership’s zero-knowledge user ’s properties on the blockchain
protocol to provide privacy for certain
attributes of a user ’s identity
Faber et al. (Faber et scheme The Blockchain-based Personal Data and No a detailed specification that describes provide transparency and control over the
al., 2019) Identity Management System(BPDIMS) is various interactions between different use of users’ personal data
a human-centered and GDPR based stakeholders of the system in an
personal data and identity management unambiguous manner
system
Kikitamara et al. scheme a system for self-sovereign identity using the possibility for those sectors with great mixture of federated and user-centric
(Kikitamara et al.,) hybrid digital identity scale need to be discussed, limitations and identities, extensibility, Hybrid IT and
uncertainties in advanced authentication interoperability
mechanism
Ren et al. (Ren et al., simulation an identity management portfolio access no key agreement protocol, performance bind the generated implicit certificate to
2019) control mechanism based on blockchain need to be optimized identity, secure communication in the
and edge computing with self-sovereign edge of the resource-constrained devices
Mell et al. (Mell et scheme a Federated identity management system narrow available range(suitable for a authentication is only through RP
al., 1906) to enable users to perform RP large organization) communication by user without third
authentication and property transfer parties, no need to maintain a public key
directly without the involvement of third infrastructure
parties
Lin et al. (Lin et al., simulation encrypted member authentication scheme requestors may be utilized to trick other more effective in the ability to
2018b) to support blockchain-based identity users by receiving several certificates of dynamically add or remove nodes and
management system one node edges, demonstrate the security of
proposed TCUGA in the standard model
and evaluate its performance to
demonstrate its feasibility against BIMS

Table 7
Examples of trust-based systems (Cont’d).
Solution Items
Development Description Weakness Strength

Baars et al. (Baars, product a new DIMS design solution based on legislation questions arose when decentralized exchange, centralized
2016) blockchain after investigating and discussing especially the exchange of issuance, no storage of sensitive
combining the principle of self-sovereign more sensitive data attributes, scalability information on blockchain, no address
identity with the design motivation of problem reuse, identity verification of acquirers
IRMA project
Kassem et al. ( simulation a smart contract-based identity the facilitators and barriers for overcome the limitations and weaknesses
Alsayed Kassem et management system called DNSIdM that blockchain-based identity management of identity attributes: persistence, request,
al., 2019) enables users to maintain their identities services in developing compliance with and verification, amicable overhead and
associated with certain attributes, digital standards need to be identified security
accomplishing the self-sovereign concept
Mikula et al. (Mikula simulation a system for identity and access poor scalability, performance doesn’t A simulation based on Hyperledger Fabric
and Jacobsen, 2018) management using blockchain technology meet requirement was made, achieved in a decentralized,
to support authentication and e ffi cient, and secure manner
authorization of entities in a digital
system
Nágy et al. (Nyante, scheme a hybrid solution to deal with issues the incentive misalignment between a secure and privacy friendly middle
2018) caused by trusted centralize Subject, Authentication agent, and ground between the blockchain and the
organizations. The solution is a Authorization agent caused by conflicting mundane world using a hybrid solution
blockchain gateway solution, which interests and responsibilities
supports legal compliance and traditional
Identity Management features that require
strong authentication, and it is a general
blockchain Identity Framework too
Santos et al. (Santos, simulation a Blockchain system based on malicious parties may use potential flaws data transparency, immutability of data
2018) Hyperledger Fabric is suitable for to threat security of the Healthcare and decentralization.
managing patients identity in Healthcare industry

centric health data sharing solution was presented in (Liang et al., 2017). allows a user to reclaim digital identities in a sharing identity attribute
The solution also includes a proof of integrity to guarantee data approach. The user is able to selectively authorize and the attributes are
integrity. encrypted using ABE. They also proposed a system with type-1 pairings
Anonymity and unlinkability are two other significant design con- in ABE. Besides, a number of researchers have leveraged biometrics to
siderations, as demonstrated in the schemes of Zheng et al. (2019) design blockchain-based IdM systems. For example, Gao et al. (2018)
and Jeonghyuk Lee et al. (Leea et al., 2019). There have also been proposed an IdM framework, which integrates biometric authentica-
efforts to design approaches based on attribute-based encryption tion and trusted computing. Other hybrid approaches include those
(ABE). For example, Schanzenbach et al. (2018) presented an of
architecture, which
8
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

(Nyante, 2018). 5. Conclusion

In addition to academic articles, there have been a number of patent
applications filed (Madisetti and Bahga, 2018b; Chari et al., 2019a). For In this paper, we provided an in-depth review of blockchain-based
example, Wack et al. (Wack and Scheidt, 2018) designed a method to identity management systems.
provide a cryptographic platform for information exchange. A compar- As part of the review, we identified a number of challenges, such
ative summary is presented in Table 4. as those related to block data storage. For example, the user’s stor-
age requirement will increase with the increase of number of users
3.3. Trust and the subscribed services. Hence, how do we design a scalable
mechanism that also takes into consideration the differing storage
Trust is important in the design of IdM systems. Existing literature capability of different users? Another challenge is associated with the
has focused on trust, consensus, etc. For example, Baars et al. (Baars, 2016) de-authorization classifi- cation in blockchain. Some nodes can
created a new DIMS design solution based on blockchain. In this scheme, participate in book-keeping while others can only view the block data.
each person needs to implement and customize modular build- ing This can potentially result in the boundary division of the chain, due
blocks based on their own trust needs. Tables 6 and 7 summarize some to the existence of node identity.
of these existing approaches. Blockchain-based IdM systems overcome a number of limitations
inherent of conventional IdM systems. Such blockchain-based systems
4. Discussion might be described as an identity revolution. For example, the user
becomes the owner of the identity, and it does not require users to
While identity management has been extensively studied and sacrifice safety for convenience. In addition, one potential future exten-
adopted in practice, a number of limitations and challenges remain sion is to adopt some unique factor in reality as a mainly evidence
(Dhamija and Dusseault, 2008). While blockchain may be able to miti- for account reset.
gate some of these limitations, there are a number of issues and impli- Declaration of competing interest
cations remaining.
The authors declare that they have no conflicts of interest.
4.1. Identity-related
challenges Acknowledgements
There is potential risk that identity information kept at the user’s
side may be subject to risk and exploitation. Examples include the fol- We thank the anonymous reviewers for their invaluable feedback.
lowing: The work was supported by the National Natural Science Foundation of

•
China (Nos. 61932016, 61972294) and the Opening Project of Guangxi
Identity “wallet” leakage. If the identity “wallet” is successfully Key Laboratory of Trusted Software (No. kx202001). Prof. Obaidat
compromised, then information could be leaked or useful informa- is supported by the Chinese Ministry of Education Distinguished
tion about the user could be obtained. Consequently, such leaked Posses- sor Grant (No. MS2017BJKJ003). K.-K. R. Choo was
information can be used to facilitate other nefarious activities.
•
supported in part by the Cloud Technology Endowed Professorship and
Identity changes. In reality, the user’s identity is not permanent National Science Foundation CREST (No. HRD-1736209).
and can be changed. Traditional, centralized identity providers can
revoke or renew identity status in a timely manner, for exam- References
ple during promotions, or driver license suspension. However,
in blockchain-based identity system, due to the persistence of Abraham, A., Theuermann, K., Kirchengast, E., 2018. Qualified eid derivation into a
blockchain and the SSI, any modification of user identity informa- distributed ledger based idm system. In: 2018 17th IEEE International Conference on Trust,
Security and Privacy in Computing and Communications/12th IEEE International
tion requires user participation. Hence, identity change can be chal- Conference on Big Data Science and Engineering (TrustCom/BigDataSE), IEEE, pp.
lenging to carry out. 1406–1412.
Aggarwal, S., Chaudhary, R., Aujla, G.S., Kumar, N., Choo, K.-K.R., Zomaya, A.Y., 2019.
Blockchain for smart communities: applications, challenges and opportunities. J. Netw.
4.2. Cost implications Comput. Appl. 144, 13–48.
Alsayed Kassem, J., Sayeed, S., Marco-Gisbert, H., Pervez, Z., Dahal, K., Dns-idm, 2019.
A blockchain identity management system to secure personal data sharing in a network.
There are also cost implications associated with blockchain-based Appl. Sci. 9 (15), 2953.
solutions. O. Amujo, C. U. Ebelogu, E. O. Agu, M. Hammawa, Development of a National Identity

•
Management System Using Blockchain Technology.
Infrastructure. SSI is relatively new and may not be easily sup- Baars, D., 2016. Towards Self-Sovereign Identity Using Blockchain Technology, Master’s Thesis.
University of Twente.
ported by existing IdM systems and their supporting infrastructure.
Benjumea, V., Choi, S.G., Lopez, J., Yung, M., 2007. Anonymity 2.0x. 509 extensions
Hence, there will be cost implications associated with infrastructure supporting privacy-friendly authentication. In: International Conference on
upgrades. For example, user passwords will need to be replaced by Cryptology and Network Security. Springer, pp. 265–281.
Y. Borse, A. Chawathe, D. Patole, P. Ahirao, Anonymity: a secure identity management
certificates and the authentication mechanism dependencies within
using smart contracts, Available at: SSRN 3352370.
the service provider will need to be improved. Clearly, upgrading Cahill, C.P., Whitehead, G., Yang, H.J., 2007. Liberty Id-Wsf Provisioning Service
of equipment and procedures is only part of the cost. Other costs Specification.
include staff training and equipment maintenance. To minimize the J. D. Caldwell, Emotional Labor and Identity Management Among Hiv Counselors and
Testers.
costs, infrastructure upgrades can be gradual.
•
Cameron, K., 2005. The laws of identity. Microsoft Corp 12, 8–11.
Key management. In bitcoin-based system, losing the private key S. Cantor, J. Hodges, J. Kemp, P. Thompson, Liberty Id-Ff Architecture Overview,
will result in the lost of the associated asset (e.g. bitcoins). Unlike Wason, Thomas (Herausgeber): Liberty Alliance Project Version 1.
S. Chari, H. Gunasinghe, A. Kundu, K. K. Singh, D. Su, Protection of confidentiality,
a password-based system, there is no mechanism to reset the privacy and financial fairness in a blockchain based decentralized identity
forgotten password. Hence, one viable approach is to integrate management system, uS Patent App. 15/ 839, 117 (Jun. 13 2019).
such a reset feature or outsource key management to a third- S. Chari, H. Gunasinghe, H. M. Krawczyk, A. Kundu, K. K. Singh, D. Su, Protection of
confidentiality, privacy and ownership assurance in a blockchain based
party. However, private key delegation management contradicts the
decentralized identity management system, uS Patent App. 15/ 824, 405 (May 30
concept of SSI. To support SSI, there are significant maintenance 2019).
cost implications. We can also use multi-party key management, such
as that of (Feng et al., 2020).

9
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

Chaudhary, R., Jindal, A., Aujla, G.S., Aggarwal, S., Kumar, N., Choo, K.-K.R., 2019. Manral, B., Somani, G., Choo, K.R., Conti, M., Gaur, M.S., 2020. A systematic survey on
Best: blockchain-based secure energy trading in sdn-enabled intelligent cloud forensics challenges, solutions, and future directions. ACM Comput. Surv. 52 (6),
transportation system. Comput. Secur. 85, 288–299. 124:1–124:38.
Cosign: Secure, intra-institutional web authentication. http://weblogin.org/. Martinez, L.V., Ting-Toomey, S., Dorjee, T., 2016. Identity management and relational culture in
Dhamija, R., Dusseault, L., 2008. The seven flaws of identity management: usability and interfaith marital communication in a United States context: a qualitative study. J.
security challenges. IEEE Secur. Priv. 6 (2), 24–29. Intercult. Commun. Res. 45 (6), 1–23.
Dunphy, P., Petitcolas, F.A.P., 2018. A first look at identity management schemes on the Mell, P., Dray, J., Shook, J., Smart contract federated identity management without
blockchain. IEEE Secur. Priv. 16 (4), 20–29. third party authentication services. arXiv preprint 1906.11057.
A. Ebrahimi, Identity management service using a blockchain providing certifying Mikula, T., Jacobsen, R.H., 2018. Identity and access management with blockchain in
transactions between devices, uS Patent 9,722,790 (Aug. 1 2017). electronic healthcare records. In: 2018 21st Euromicro Conference on Digital System
El Haddouti, S., El Kettani, M.D.E.-C., 2019. Analysis of identity management systems Design (DSD). IEEE, pp. 699–706.
using blockchain technology. In: 2019 International Conference on Advanced Mistry, I., Tanwar, S., Tyagi, S., Kumar, N., 2020. Blockchain for 5g-enabled iot for
Communication Technologies and Networking (CommNet). IEEE, pp. 1–7. industrial automation: a systematic review, solutions, and challenges. Mech. Syst. Signal
Faber, B., Michelet, G.C., Weidmann, N., Mukkamala, R.R., Vatrapu, R., 2019. Bpdims: a Process. 135, 106382.
blockchain-based personal data and identity management system. In: Proceedings of Mohamad, B., Bakar, H.A., Ismail, A.R., Halim, H., Bidin, R., 2016. Corporate identity
the 52nd Hawaii International Conference on System Sciences. management (cim) in malaysian higher education sector: developing a conceptual model. Int.
Fan, P., Liu, Y., Zhu, J., Fan, X., Wen, L., Identity management security authentication Rev. Manag. Market. 6 (7S), 175–180.
based on blockchain technologies. http://ijns.femto.com.tw/contents/ijns-v21-n6/ ijns- Nabi, A.G., Comparative study on identity management methods using blockchain,
2019-v21-n6-p912-917.pdf. University of Zurich, Department of Informatics (IFI). https://files.ifi.uzh.ch/CSG/
Feng, Q., He, D., Zeadally, S., Khan, M.K., Kumar, N., 2019. A survey on privacy staff/Rafati/ID20Management20using20BC-Atif-VA.pdf.
protection in blockchain system. J. Netw. Comput. Appl. 126, 45–58. Nyante, K., 2018. Secure Identity Management on the Blockchain, Master ’s Thesis.
Feng, Q., He, D., Liu, Z., Wang, D., Choo, K.-K.R., 2020. Multi-party signing University of Twente.
protocol for Openid connect, openid. https://openid.net/connect/.
the identity-based signature scheme in ieee p1363 standard. IET Inf. Secur. 1 (99), 1– Othman, A., Callahan, J., 2018. The horcrux protocol: a method for decentralized
10, https://doi. org/10. 1049/i et-ifs.2019.0559. biometric-based self-sovereign identity. In: 2018 International Joint Conference on Neural Networks
Gao, Z., Xu, L., Turner, G., Patel, B., Diallo, N., Chen, L., Shi, W., 2018. Blockchain-based (IJCNN). IEEE, pp. 1–7.
identity management with mobile device. In: Proceedings of the 1st Workshop on U. Pavalanathan, C. M. De, Identity Management and Mental Health Discourse in Social
Cryptocurrencies and Blockchains for Distributed Systems. ACM, pp. 66–70. Media.
M. Goodner, A. Nadalin, Web Services Federation Language (Ws-federation) Version 1.2, B. Pularikkal, S. Patil, S. Anantha, S. Chakraborty, Blockchain Based Wi-Fi Onboarding
OASIS Web Services Federation (WSFED) TC. Simplification, Identity Management and Device Profiling for Iot Devices in
A. Grner, A. Mhle, C. Meinel, On the relevance of blockchain in identity management, Enterprise Networks.
arXiv preprint arXiv:1807.08136. Raju, S., Boddepalli, S., Gampa, S., Yan, Q., Deogun, J.S., 2017. Identity
Grner, A., Mhle, A., Gayvoronskaya, T., Meinel, C., 2018. A quantifiable trust model for management
blockchain-based identity management. In: 2018 IEEE International Conference on Internet of using blockchain for cognitive cellular networks. In: 2017 IEEE International
Things (iThings) and IEEE Green Computing and Communications (GreenCom) and Conference on Communications (ICC). IEEE, pp. 1–6.
IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data Ren, Y., Zhu, F., Qi, J., Wang, J., Sangaiah, A.K., 2019. Identity management and access control
(SmartData). IEEE, pp. 1475–1482. based on blockchain under edge computing for the industrial internet of things. Appl. Sci.
T. Hamer, K. Taylor, K. S. Ng, A. Tiu, Private Digital Identity on Blockchain. 9 (10), 2058.
J. Hughes, S. Cantor, J. Hodges, F. Hirsch, P. Mishra, R. Philpott, E. Maler, Profiles for M. Rowden, Identity: Transforming Performance through Integrated Identity
the Oasis Security Assertion Markup Language (Saml) V2. 0, OASIS standard. Management.
N. S. Hyun, H. S. Chae, S. H. Kim, K. J. Kim, M. S. Yang, Y. M. Seo, Blockchain-based Santos, J.P. N.d., 2018. Identity Management in Healthcare Using Blockchain
digital identity management method, uS Patent App. 15/913, 456 (Oct. 11 2018). Technology. Masters thesis. Universidade de vora.
Jamal, A., Helmi, R.A.A., Syahirah, A.S.N., Fatima, M.-A., 2019. Blockchain-based identity M. Schffner, Analysis and Evaluation of Blockchain-Based Self-Sovereign Identity
verification system. In: 2019 IEEE 9th International Conference on System Engineering Systems.
and Technology (ICSET). IEEE, pp. 253–257. Schanzenbach, M., Bramm, G., Schtte, J., 2018. reclaimid: secure, self-sovereign
Jindal, A., Aujla, G.S., Kumar, N., 2019. Survivor: a blockchain based edge-as-a-service identities using name systems and attribute-based encryption. In: 2018 17th IEEE
framework for secure energy trading in sdn-enabled vehicle-to-grid environment. Comput. International Conference on Trust, Security and Privacy in Computing and
Network. 153, 36–48. Communications/12th IEEE International Conference on Big Data Science and Engineering
S. Kikitamara, M. van Eekelen, D. I. J.-P. Doomernik, Digital Identity Management on (TrustCom/BigDataSE), IEEE, pp. 946–957.
Blockchain for Open Model Energy System, Unpublished Masters thesisInformation ShangGuan, X., 2012. Research on the international identity management and privacy
Science. standards. Inform. Technol. Standard. (1), 29–34.
M. Kuperberg, Blockchain-based Identity Management: A Survey from the Enterprise Shocard, The premier blockchain-based mobile identity platform. https://shocard.com.
and Ecosystem Perspective, IEEE Transactions on Engineering Management. html.
Leea, J., Hwangc, J., Choib, J., Oha, H., Kimb, J., Sims, Self-sovereign identity Soltani, R., Nguyen, U.T., An, A., 2018. A new approach to client onboarding using
management system with preserving privacy in blockchain. https://eprint.iacr.org/ self-sovereign identity and distributed ledger. In: 2018 IEEE International Conference on
2019/1241.pdf. Internet of Things (iThings) and IEEE Green Computing and Communications
Lesavre, L., Varin, P., Mell, P., Davidson, M., Shook, J., 2019. A Taxonomic Approach to (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE
Understanding Emerging Blockchain Identity Management Systems (Draft). Tech. rep.. Smart Data (SmartData). IEEE, pp. 1129–1136.
National Institute of Standards and Technology. J. StClair, A. Ingraham, D. King, M. B. Marchant, F. C. McCraw, D. Metcalf, J.
Liang, X., Zhao, J., Shetty, S., Liu, J., Li, D., 2017. Integrating blockchain for data sharing Squeo,
and collaboration in mobile healthcare applications. In: 2017 IEEE 28th Blockchain, interoperability, and self-sovereign identity: trust me, it’s my data,
Annual International Symposium on Personal, Indoor, and Mobile Radio Blockchain Healthcare Today.
Communications (PIMRC). IEEE, pp. 1–5. Stokkink, Q., Pouwelse, J., 2018. Deployment of a blockchain-based self-sovereign identity. In: 2018
Lim, S.Y., Fotsing, P.T., Almasri, A., Musa, O., Kiah, M.L.M., Ang, T.F., Ismail, R., 2018. IEEE International Conference on Internet of Things (iThings) and IEEE Green
Blockchain technology the identity management and authentication service Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social
disruptor: a survey. Int. J. Adv. Sci. Eng. Inf. Technol. 8 (42), 1735–1745. Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, pp.
Lin, C., He, D., Huang, X., Choo, K.K.R., Vasilakos, A.V., 2018. Bsein: a blockchain-based secure 1336–1342.
mutual authentication with fine-grained access control system for industry Stroud, F., What is identity and access management (iam)? webopedia definition.
4.0. J. Netw. Comput. Appl. 116 (1), 42–52. retrieved 27 February 2019
Lin, C., He, D., Huang, X., Khan, M.K., Choo, K.-K.R., 2018. A new transitively closed undirected https://www.webopedia.com/TERM/I/iam-identity-and-access-management.htm l.
graph authentication scheme for blockchain-based identity management systems. IEEE Takemiya, M., Vanieiev, B., 2018. Sora identity: secure, digital identity on the
Access 6, 28203–28212. blockchain. In: 2018 IEEE 42nd Annual Computer Software and Applications
Lin, C., He, D., Kumar, N., Huang, X., Vijayakumar, P., Choo, K.-K.R., 2020. Homechain: Conference (COMPSAC), vol. 2. IEEE, pp. 582–587.
a blockchain-based secure mutual authentication system for smart homes. IEEE Intern. A. Tobin, D. Reed, The Inevitable Rise of Self-Sovereign Identity, The Sovrin Foundation
Things J. 7 (2), 818–829. vol. 29.
Lundkvist, C., Heck, R., Torstensson, J., Mitton, Z., Sena, M., Uport: a platform for C. J. Wack, E. M. Scheidt, Identity management distributed ledger and blockchain, uS
self-sovereign identity. https://whitepaper.uport.me/uPort_whitepaper_ Patent App. 15/ 703, 433 (Sep. 20 2018).
DRAFT20170221.pdf. Wadhwa, S., 2019. Decentralized Digital Identity Management Using Blockchain and its
V. K. Madisetti, A. Bahga, Method and system for blockchain-based combined identity, Implication on Public Sector. Ph.D. thesis. Dublin Business School.
ownership, integrity and custody management, uS Patent App. 16/118, 599 (Dec. 27 Wang, J., Wu, L., Choo, K.-K.R., He, D., 2020. Blockchain-based anonymous authentication
2018). with key management for smart grid edge computing infrastructure. IEEE Trans. Indust.
V. K. Madisetti, A. Bahga, Method and System for Identity and Access Management for Inform. 16 (3), 1984–1992.
Blockchain Interoperability, uS Patent App. 15/830, 099 (Oct. 4 2018). Westerkamp, M., Gndr, S., Kpper, A., 2019. Tawki: towards self-sovereign social
A. Manohar, J. Briggs, Identity Management in the Age of Blockchain 3.0. communication. In: Proc. IEEE International Conference on Decentralized
Applications and Infrastructures (DAPPCON). IEEE.

10
Y. Liu et al. Journal of Network and Computer Applications 166 (2020) 102731

Zambrano, R., Young, A., Velhurst, S., 2018. Connecting Refugees to Aid through Presidential Service Award, SCS Hall of Fame –Lifetime Achievement Award for his
Blockchain-Enabled Id Management: World Food Programme’s Building Blocks. technical contribution to modeling and simulation and for his outstanding visionary
Zhang, Y., He, D., Choo, K.-K.R., 2018. Bads: blockchain-based architecture for data sharing with leadership and dedication to increasing the effectiveness and broadening the applications
abs and cp-abe in iot. Wireless Commun. Mobile Comput. 2018, 1–9. of modeling and simulation worldwide. He also received the SCS Outstanding Service Award. He
Zhao, Z., Liu, Y., A blockchain based identity management system considering was awarded the IEEE CITS Hall of Fame Distinguished and Eminent Award. He is a Life
reputation. http://faculty.neu.edu.cn/swc/liuyuan/paper/iccse1.pdf. Fellow of IEEE and a Fellow of SCS.
Zheng, Y., Li, Y., Wang, Z., Deng, C., Luo, Y., Li, Y., Ding, J., 2019. Blockchain-based privacy
protection unified identity authentication. In: 2019 International Conference Neeraj Kumar received his Ph.D. in CSE from Shri Mata Vaishno Devi University, Katra,
on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). IEEE, India. He is now an Associate Professor in the Department of Computer Science and
pp. 42–49. Engineering, Thapar University, Patiala, Punjab (India). He is a member of IEEE. His
Zhu, X., Badr, Y., 2018. A survey on blockchain-based identity management systems for the research is focused on mobile computing, parallel/distributed computing, multi-agent
internet of things. In: 2018 IEEE International Conference on Internet of Things (iThings) systems, service oriented computing, routing and security issues in mobile ad hoc, sensor
and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and mesh networks. He has more than 100 technical research papers in leading journals
and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, pp. 1568–1573. such as-IEEE TII, IEEE TIE, IEEE TDSC, IEEE ITS, IEEE TWPS, IEEE SJ,IEEE ComMag,
IEEE WCMag, IEEE NetMag and conferences. His research is supported from DST, TCS
and UGC. He has guided many students leading to M.E. and Ph.D.

Yang Liu received his Bachelor degree in information security from Wuhan University Muhammad Khurram Khan is currently working as a Professor of Cybersecurity at the
in 2019. He is currently working toward the Master degree with the School of Cyber Center of Excellence in Information Assurance (CoEIA), King Saud University, Kingdom
Science and Engineering, Wuhan University. His research interests include cryptography, of Saudi Arabia. He is founder and CEO of the ‘Global Foundation for Cyber Studies and
blockchain, and network security. Research’ (http://www.gfcyber.org). He is the Editor-in-Chief of a well-reputed Interna-
tional journal ‘Telecommunication Systems’ published by Springer for over 26 years with
its recent impact factor of 1.707 (JCR 2019). Furthermore, he is on the editorial board
Debiao He received his Ph.D. degree in applied mathematics from School of Mathemat-
of several international journals, including, IEEE Communications Surveys \ & Tutorials,
ics and Statistics, Wuhan University, Wuhan, China in 2009. He is currently a professor
IEEE Communications Magazine, IEEE Internet of Things Journal, IEEE Transactions on
of the Key Laboratory of Aerospace Information Security and Trusted Computing, Min-
Consumer Electronics, etc. He has published more than 350 research papers in the jour-
istry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan
nals and conferences of international repute. In addition, he is an inventor of 10 US/PCT
430072, China. His main research interests include cryptography and information secu-
patents. He has edited 7 books/proceedings published by Springer-Verlag and IEEE. He
rity, in particular, cryptographic protocols.
has secured several national and international competitive research grants in the domain
of Cybersecurity. He has played a leading role in developing ‘BS Cybersecurity Degree
Professor Mohammad S. Obaidat is an internationally known aca-
Program’ and ‘Higher Diploma in Cybersecurity’ at King Saud University. His research
demic/researcher/scientist/ scholar. He received his Ph.D. degree in Computer
areas of interest are Cybersecurity, digital authentication, IoT security, cyber policy, and
Engineering with a minor in Computer Science from The Ohio State University,
technological innovation management. He is a fellow of the IET (UK), fellow of the BCS
Columbus, USA. He has received extensive research funding and published To Date
(UK), fellow of the FTRA (Korea), senior member of the IEEE (USA), senior member of
(2019) about One Thousand (1,000) refereed technical articles-About half of them are
the IACSIT (Singapore), member of the IEEE Consumer Electronics Society, member of
journal articles, over 70 books, and over 70 Book Chapters. He is Editor-in-Chief of 3
the IEEE Communications Society, member of the IEEE Technical Committee on Security
scholarly journals and an editor of many other international journals. He is the founding
\ & Privacy, member of the IEEE IoT Community, member of the IEEE Smart Cities Com-
Editor-in Chief of Wiley Security and Privacy Journal. Among his previous positions
munity, and member of the IEEE Cybersecurity Community. He is also the Vice Chair of
are Advisor to the President of Philadelphia University for Research, Development and
IEEE Communications Society Saudi Chapter. He is a distinguished Lecturer of the IEEE
Information Technology, President and Chair of Board of Directors of the Society for
(CESoC).
Molding and Simulation International, SCS, Senior Vice President of SCS, Dean of the
College of Engineering at Prince Sultan University, Chair and tenured Professor at the
Department of Computer and Information Science and Director of the MS Graduate Kim-Kwang Raymond Choo received the Ph.D. in Information Security in 2006 from
Program in Data Analytics at Fordham university, Chair and tenured Professor of the Queensland University of Technology, Australia. He currently holds the Cloud Technology
Department of Computer Science and Director of the Graduate Program at Monmouth Endowed Professorship at The University of Texas at San Antonio (UTSA). In 2016, he was
University, Tenured Full Professor at King Abdullah II School of Information Technology, named the Cybersecurity Educator of the Year - APAC (Cybersecurity Excellence Awards
University of Jordan, The PR of China Ministry of Education Distinguished Overseas are produced in cooperation with the Information Security Community on LinkedIn), and
Professor at the University of Science and Technology Beijing, China and an Honorary in 2015 he and his team won the Digital Forensics Research Challenge organized by Ger-
Distinguished Professor at the Amity University- A Global University. He is now the many’s University of Erlangen-Nuremberg. He is the recipient of the 2019 IEEE Technical
Founding Dean of the College of Computing and Informatics at The University of Committee on Scalable Computing (TCSC) Award for Excellence in Scalable Computing
Sharjah, UAE. He has chaired numerous (Over 160) international conferences and has (Middle Career Researcher), 2018 UTSA College of Business Col. Jean Piccione and Lt.
given numerous (Over 160) keynote speeches worldwide. He founded or co-founded four Col. Philip Piccione Endowed Research Award for Tenured Faculty, Outstanding Associate
international conferences. He has served as ABET/CSAB evaluator and on IEEE CS Fellow Editor of 2018 for IEEE Access, British Computer Society’s 2019 Wilkes Award Runner-up,
Evaluation Committee. He has served as IEEE CS Distinguished Speaker/Lecturer and an 2019 EURASIP Journal on Wireless Communications and Networking (JWCN) Best Paper
ACM Distinguished Lecturer. Since 2004 has has been serving as an SCS Distinguished Award, Korea Information Processing Society’s Journal of Information Processing Sys-
Lecturer. He received many best paper awards for his papers including ones from IEEE tems (JIPS) Survey Paper Award (Gold) 2019, IEEE Blockchain 2019 Outstanding Paper
ICC, IEEE Globecom, AICSA, CITS, SPECTS, DCNET International conferences. He also Award, International Conference on Information Security and Cryptology (Inscrypt 2019)
received Best Paper awards from IEEE Systems Journal in 2018 and in 2019 (2 Best Paper Best Student Paper Award, IEEE TrustCom 2018 Best Paper Award, ESORICS 2015 Best
Awards). In 2020, he received 4 best paper awards from IEEE Systems Journal. He also Research Paper Award, 2014 Highly Commended Award by the Australia New Zealand
received many other worldwide awards for his technical contributions including: The Policing Advisory Agency, Fulbright Scholarship in 2009, 2008 Australia Day Achieve-
2018 IEEE ComSoc-Technical Committee on Communications Software 2018 Technical ment Medallion, and British Computer Society’s Wilkes Award in 2008. He is also a Fellow
Achievement Award for contribution to Cybersecurity, Wireless Networks Computer of the Australian Computer Society, and Co-Chair of IEEE Multimedia Communications
Networks and Modeling and Simulation, SCS prestigious McLeod Founder’s Award, Technical Committee’s Digital Rights Management for Multimedia Interest Group.

11