Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments
This paper proposes an integrated authentication framework to enhance trust, key security, and auditability in Self-Sovereign Identity (SSI) environments. Existing SSI systems face structural limitations: users must manage private keys directly, and there is a lack of mechanisms to verify the state...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11122458/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849340349706665984 |
|---|---|
| author | Jihwan Kim Younho Lee Daeseon Choi |
| author_facet | Jihwan Kim Younho Lee Daeseon Choi |
| author_sort | Jihwan Kim |
| collection | DOAJ |
| description | This paper proposes an integrated authentication framework to enhance trust, key security, and auditability in Self-Sovereign Identity (SSI) environments. Existing SSI systems face structural limitations: users must manage private keys directly, and there is a lack of mechanisms to verify the state of Verifiable Credentials (VCs) and trace the submission history of Verifiable Presentations (VPs). These gaps lead to difficulties in detecting forgery and ensuring authentication integrity. To address these challenges, this study introduces a FROST (Flexible Round-Optimized Schnorr Threshold Signature)-based threshold signature scheme combined with a Trusted Third Party (TTP) that performs key status verification and metadata auditing. The user wallet automatically queries the status of each selected VC via the issuer’s registry and excludes any revoked or expired credentials from VP generation. When a proof signature is created, related metadata such as signature hashes and device cluster IDs are submitted to the TTP for integrity checks and real-time anomaly detection. The proposed framework is implemented atop the WACI (Wallet and Credential Interaction) protocol and supports interoperability across decentralized systems. Experiments evaluated end-to-end processing time, audit logging performance, and key recovery efficiency. As a result, the system maintained high levels of security and trust while achieving an average response time of less than one second, demonstrating comparable or improved performance compared to related studies on recent SSI-based frameworks such as FutureDID, Kim et al.’s work, and Bisht et al’s work proving its suitability for practical deployment. |
| format | Article |
| id | doaj-art-ef3ed7524cbb434cbfc5ddcc44478fdb |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-ef3ed7524cbb434cbfc5ddcc44478fdb2025-08-20T03:43:55ZengIEEEIEEE Access2169-35362025-01-011314187114188510.1109/ACCESS.2025.359759311122458Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized EnvironmentsJihwan Kim0Younho Lee1https://orcid.org/0000-0003-1767-6165Daeseon Choi2https://orcid.org/0000-0002-1438-0265Graduate School of IT and Policy, Seoul National University of Science and Technology, Seoul, Republic of KoreaDepartment of Industrial Engineering, Seoul National University of Science and Technology, Seoul, South KoreaDepartment of Software, Soongsil University, Seoul, Republic of KoreaThis paper proposes an integrated authentication framework to enhance trust, key security, and auditability in Self-Sovereign Identity (SSI) environments. Existing SSI systems face structural limitations: users must manage private keys directly, and there is a lack of mechanisms to verify the state of Verifiable Credentials (VCs) and trace the submission history of Verifiable Presentations (VPs). These gaps lead to difficulties in detecting forgery and ensuring authentication integrity. To address these challenges, this study introduces a FROST (Flexible Round-Optimized Schnorr Threshold Signature)-based threshold signature scheme combined with a Trusted Third Party (TTP) that performs key status verification and metadata auditing. The user wallet automatically queries the status of each selected VC via the issuer’s registry and excludes any revoked or expired credentials from VP generation. When a proof signature is created, related metadata such as signature hashes and device cluster IDs are submitted to the TTP for integrity checks and real-time anomaly detection. The proposed framework is implemented atop the WACI (Wallet and Credential Interaction) protocol and supports interoperability across decentralized systems. Experiments evaluated end-to-end processing time, audit logging performance, and key recovery efficiency. As a result, the system maintained high levels of security and trust while achieving an average response time of less than one second, demonstrating comparable or improved performance compared to related studies on recent SSI-based frameworks such as FutureDID, Kim et al.’s work, and Bisht et al’s work proving its suitability for practical deployment.https://ieeexplore.ieee.org/document/11122458/Self-Sovereign Identity (SSI)threshold signaturedistributed identity (DID)verifiable credential and verifiable presentation |
| spellingShingle | Jihwan Kim Younho Lee Daeseon Choi Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments IEEE Access Self-Sovereign Identity (SSI) threshold signature distributed identity (DID) verifiable credential and verifiable presentation |
| title | Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments |
| title_full | Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments |
| title_fullStr | Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments |
| title_full_unstemmed | Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments |
| title_short | Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments |
| title_sort | key audit chain kac a resilient and reliable key management framework for did based decentralized environments |
| topic | Self-Sovereign Identity (SSI) threshold signature distributed identity (DID) verifiable credential and verifiable presentation |
| url | https://ieeexplore.ieee.org/document/11122458/ |
| work_keys_str_mv | AT jihwankim keyauditchainkacaresilientandreliablekeymanagementframeworkfordidbaseddecentralizedenvironments AT younholee keyauditchainkacaresilientandreliablekeymanagementframeworkfordidbaseddecentralizedenvironments AT daeseonchoi keyauditchainkacaresilientandreliablekeymanagementframeworkfordidbaseddecentralizedenvironments |