New “Kids” on the “Block”: How to achieve Data Integrity with Self-Sovereign Identity (SSI)
The ever-growing digitization depends on trusted data. Numerous use cases without appropriate measures to mitigate data inconsistency and manipulation are at risk. This blog post highlights why data integrity is necessary and how this goal can be achieved with the benefits of the concept of Self-Sovereign Identities.
The value of data depends on trust
Data is the new crude oil in an increasingly connected world. However, this data is not immediately available for use and therefore requires a certain amount of effort before usable as a digital resource. Depending on the type of data, it represents an economically valuable resource needed for digital processes or new business areas. We can observe that this data is increasingly traded as a commodity on digital marketplaces. Regardless of the use case, however, it is only through the potential multi-use and further processing of the data that significant additional value is created. This means that the data must be flawless and verifiable for third parties, whether for an internal or external process, an autonomously acting machine, or an online service. In most cases, this requires an intrinsic value in form of trust before further processing or sale can be carried out.
Things to know and to consider
As a consequence, it is essential to prove the original data sender as the provider and the authenticity of the data to third parties, i.e. no other entity may claim authorship and authenticity of the data except the data sender. The required properties of data integrity, authenticity and non-repudiation for the data to be transferred can be implemented using a procedure with a unique signature of the identity and data holder.
The way this process works is similar to the insigne from the middle ages, where important documents were authenticated with a unique seal stamp and at the same time the integrity was guaranteed by giving the transferred document a wax seal. The recipient could thus easily ensure that the seal was intact and that the document had not been altered, as well as verify the sender’s origin based on the underlying symbol or emblem of the seal.
Today, this method can be implemented with centralized systems and digital certificates. However, these systems are hierarchical and centralized in nature, creating technical dependency and single point of failure if the entire system fails. In addition, these centralized systems are costly in terms of scaling and management. Most importantly, they are not designed for IoT and therefore fail miserably in emerging use cases.
The Potential of Data Integrity with Self-Sovereign Identity (SSI)
Self-Sovereign Identities are a promising new candidate for the long-term, when compared to existing central systems and digital certificates. The underlying concept is far more flexible than already established systems from a technical point of view. SSI uses a decentralized, open and neutral infrastructure built on a non-manipulable distributed ledger that serves as a neutral identity database by storing so-called decentralized identifiers (a decentralized identity) anchored in a way that ensures it is publicly accessible for everyone. The main advantage of using this SSI ecosystem is that participants no longer have to rely on central authorities. They retain full control over their identities and the parameters associated with them. At the same time, third parties are able to view these identities in a distributed ledger and verify them with a public key. This leads to a technically efficient system for digital and trusted identities.
These self-sovereign and decentralized identities can be used in a flexible way for more data integrity in use cases. In the next section, we will demonstrate an implementation based on a relatively new use case scenario.
Implementation of data integrity using SSI in an “agricultural data “ use case
In the future, it won’t just be the fields that can be harvested, but also the data they increasingly generate themselves. This will benefit farmers and water suppliers, as well as the end consumer, as technologies will contribute to sustainable agriculture and food management and promote the digital exchange of important information. Smart sensors that can transmit soil and weather data of the respective location in the field are an essential foundation for this. This data can be analyzed and, as a result, irrigation valves or even crop protection spraying systems can be used much more efficiently than was previously the case. This leads to better yields, a higher return on investment and ultimately greater sustainability. For the farmer there can even be an additional benefit if the data is exchanged with neighboring farmers or if the farmer sells the data via a data marketplace for better quality information or analysis. It is important that the authenticity and origin of the agricultural data provided can be established with certainty.
Technically, this can be achieved by giving each of these sensors its own decentralized, self-sovereign identity. Ideally, the identity would be held directly on the sensor itself or by a next best unit (e.g., an IoT gateway). The sensor can then send the outgoing data to this identity in a reliable and verifiable manner by signing it with the identity’s underlying private key. The receiver, e.g., a neighboring farmer, the water supplier, a competent authority or even an automated irrigation system itself, can now verify the conformity of the sensor identity as a first step by checking the communicated and publicly visible identity of the sensor on the distributed ledger (our identity directory service) for validity. Furthermore, the receiver can now use the identity and associated public key to confirm the authenticity and origin of the received data by cryptographically matching the signature used to “sign” the magnified data from the sensor. In case of a match, the receiver can be sure that the received data originates from this sensor and has not been manipulated. The data thus has a verifiable base value for the receiver.
Self-Sovereign Identity acts as a future-oriented, multipurpose solution for use cases where trustworthy data is required. For diverse and innovative data use cases, trustworthiness towards third parties can be established by equipping the underlying hardware with its own SSI and therefore generate digital signatures. Integrity protection, as well as data authenticity and non-repudiation of the data source, can be achieved in a future-proof, flexible, secure and efficient manner, without centralized authorities.
We can help: Do you have questions about the benefits of SSI or about your use case? Do not hesitate to contact us. Our first consultations are without obligation and free of charge.