Blockchain-Based Identity Verification System

Arshad Jamal Rabab Alayham Abbas Helmi

Faculty of Information Sciences and Engineering Faculty of Information Sciences and Engineering
Management & Science University Management & Science University
Shah Alam, Malaysia Shah Alam, Malaysia
[email protected] [email protected]
Ampuan Siti Nurin Syahirah Mariam-Aisha Fatima
Faculty of Information Sciences and Engineering Faculty of Information Sciences and Engineering
Management & Science University Management & Science University
Shah Alam, Malaysia Shah Alam, Malaysia
[email protected] [email protected]

Abstract— In any registration process, it is a hassle to blockchain is a distributed ledger and the information can be
always bring physical documents. Not only that, the process is viewed and altered by anyone if it is verified by the parties
elongated if they are lost, and will contribute to identity theft if involved [2].
unauthorized persons have access to those documents. The problems identified in the current traditional system
Therefore, the objective of this paper is to generate a
decentralized system, similar to the concept of blockchain, to
of verifying identities are as such: firstly, paper-based
allow registered persons to access user’s personal records. To personal records are bulky to store while also posing a
further elaborate, this system is designed to be used by three safety risk [3]. Secondly, a person has no control over their
consumers, which are: user, authority, and third-party personal information kept in a distributed database which
(requester). Nowadays, majority of systems are susceptible to may lead to identity theft and misuse of data [4], [5].
massive data breaches. However, some researches have This system is assumed to be used as a storage system
theorized that blockchain technology may solve this problem, for an individual’s personal information, and that they will
such as one that uses a real-world example, Aadhaar. In be accessed by others to verify identity during registration
conclusion, this project enhances that the area of blockchain processes. The identity verified using this system would be
identity is vital in helping society gain control of their personal
details. Since most of researches are focused on storage system
considered as authentic, with no further verification needed.
of businesses using blockchain, personal identities of the people II. LITERATURE SURVEY
should be digitized on the blockchain as well. An identity
verification system that is entirely owned by the individual will This section includes findings from the literature review
increase trust that the data is genuine and reliable. that was done in inception phase. There are several
categories of findings:
Keywords— authentication, blockchain, decentralized, digital
identity, verification A. Personal Archive
This includes a blockchain-based personal archive
I. INTRODUCTION system whereby it built a decentralized transparent
The crime of identity theft, an unauthorized access to a immutable secure personal archive management and service
person’s personal information, has impacted many people system via ‘proof-of-X’ [4]. There is also a research using
especially in the recent years and the numbers increase real-world example called Aadhaar, a system in India to
yearly. According to Javelin Strategy & Research [1], there improve efficiency in accessing national identification
were approximately one in 15 people likely to be a victim of records of an individual [6]. One of the oldest papers used
identity theft in 2017 just in the United States (US). for the review discussed regarding a decentralised social
Therefore, having a system which can help consumers in network identity validation, where the design is based on the
monitoring access to private data would be very beneficial. tendency of social networking applications to cluster its
In this paper, a system called Blockchain-based Identity users with similar attributes, either through location,
Verification System is proposed whereby it is a system interests, or work [7].
which stores an individual’s personal records on the User authentication can also be integrated with
blockchain. This system uses the security features of blockchain whereby the system is designed to be fully
blockchain to allow everyone to know who has access to distributed [8]. Smart contracts are also employed in this
their data. study to allow social networks to access authentication
As such, the new system will have three types of records so that users do not have to depend on their
consumers, which are: user, authority, and third-party cognitive ability to remember id and password, or rely on a
(requester). The user is able to allow third-party to access third party.
data and also view list of requesters; the authority is able to With regards to identity management on blockchain,
upload user’s personal records on the blockchain, and verify smart contracts are made part of the research done by [7]
companies who would like to be registered requesters; and where online identities are concerned. The smart contracts
the third-party is able to send request to view data of user. termed that parties involved must rate each other, in which it
Blockchain is a decentralized database consisting of will help in increasing their reputation [9]. From the medical
blocks connected by a hash number. Each block has an side, there is a system which integrates providers’ existing
address which records ownership and is continuously local data storage solutions [3] and medical insurance [10]
updated after being verified. Decentralized means that with blockchain to increase efficiency and eliminate third
parties.
B. Security Issues and Solutions Syrian refugee crisis undertaken by the Ethereum co-
Blockchain is used for the security that it provides [11], founder. Secondly, since blockchain operates without a
and therefore must constantly be improved. As with every central authority [18], it is applied to the US election voting
system to ensure that the votes are not tampered with.
technology, there are loopholes. The main points will be
summarised in Table 1 below.
III. OBJECTIVES
TABLE I The objectives designed for the above problems are as
SUMMARY OF SECURITY ISSUES AND SOLUTIONS
follows:
Author/ Issue Solution
i. To generate a system which uses the decentralized
Year
feature of blockchain to keep personal records,
Aniello Forging of redo logs Total consensus which maximizes availability of data.
et al, algorithm on the fast ii. To create a function which allows others to access
2017 first layer blockchain, the records for registration and verification
[12] anchored to a secure purposes.
second layer based on
proof-of-work
IV. METHODOLOGY
Do & Owner’s capability to Authorized keyword
Ng, grant permission for searching on Before this system could be developed, a literature
2017 [5] others to search distributed data storage survey was done to get a clear framework through making a
through encrypted data which works like a review. The keywords used to search for papers from 2014
set and come up with smart contract to 2018 were as follows: blockchain identity, blockchain
partial but useful storage, smart contracts, and security issues.
information The development methodology used is Agile Unified
Process (AUP) and the main reason why this methodology
Gipp et Premature Researchers may
was used is so that the project may be continuously
al, 2017 dissemination or independently verify
improved even if the project is already in the last phase.
[13] plagiarism of the validity of the
During inception phase, the basic elements of the project
unpublished research timestamp associated
was identified, including the issues related to the current
paper with their manuscript
method of storing personal records, i.e. the inefficiency and
at the time of
security risks; the objectives of the new system which is to
submission using
allow third-party access; and benefits of the new system.
blockchain
The scope and constraints were also detected to minimize
Yeoh, Regulatory challenges Smart regulatory
faults to the system.
2017 impacting blockchains, hands-off approach
The second phase was where the design of the system
[14] innovative distributed adopted in the EU and
was drafted based on the six Unified Modelling Language
technologies in EU and the USA to a large
(UML) diagrams. Figure 1 below is the use case diagram
USA extent bodes well for
designed for the system.
future innovative
contributions of
blockchains in the
financial services and
related sectors and
toward enhanced
financial inclusiveness

C. Government and Human Rights

Blockchain is undeniably time and cost saving and can be
used to avoid conflict. Due to its decentralisation, there will
be no use of middlemen for transactions. It is a rare
occurrence for the concepts of blockchain to fail because of
its transparency and incorruptibility. This can improve Fig. 1. Use Case Diagram
efficiency and decrease corruption in government –
specifically e-government which is an electronic
government aiming to help in easing delivery of information Figure 2 below is a summary of interactions between the
to the citizens as well as resolving issues in a short amount users and objects.
of time [15], [16]. It should be the main interest of every
government to provide uncomplicated access to information
for the usage and reference of the citizens [17].

To date, most of the systems using blockchain

technology is regarding human rights. The first issue is of the
 Figure 5 below is the user interface which shows the list
of requesters of a particular user.

Fig. 2. System Flow

The third phase is when the system was constructed

using Microsoft Visual Studio Code and Android Studio 3
as it is both a web and mobile application, with Huawei
Mate 8 as a test device. Figure 3 below is the user interface
for when a third-party wants to request for a user’s
information.
Fig. 5. Requester List

The last phase involved testing of new system. There

were two types of testing done: system and acceptance
testing. Both were done to allow users to review the
functionalities of the project. Through this, changes were
made accordingly. The results will be discussed in the next
section.

V. FINDINGS AND DISCUSSIONS

Regarding the testing which is part of the transition
phase, there were two types of testing done: system and
acceptance testing. The summary of test cases is in Table 2,
whereby there were a total of 18 cases for each of the
Fig. 3. Request User Details functionalities in the web application as well as the Android
application. The functionalities are as follows: authority,
Figure 4 below is the user interface for the authority to requester and user registration, authority and user log in,
input user details. upload user details, and request user details.

TABLE II
SUMMARY OF TEST CASES
Test Test Scenario Expected Results Pass/
Case Fail
ID
TC01 Authority Authority registered Pass
registration with successfully and
unregistered email redirected to
Authority Log In
Page
TC02 Authority Error pops up Pass
registration with
registered email
TC03 Authority log in Authority log in Pass
with registered successfully and
email redirected to
Authority Home
Page
Fig. 4. User Details TC04 Authority log in Error pops up Pass
 with unregistered
email
TC05 Upload user details User successfully Pass
with unregistered registered
user email
TC06 Upload user details Error pops up Pass
with registered user
email
TC07 Upload user details User successfully Pass
with registered registered
authority email Fig. 5. Summary of Acceptance Testing
TC08 Upload user details Error pops up Pass
with unregistered Survey analysis was also done, in which some of the
authority email questions asked were regarding how respondents minimize
TC09 Requester User successfully Pass the risk of becoming a victim of identity theft. The majority
registration using registered of the answers focused on changing passwords regularly and
unregistered email setting them to be strong, not giving out information freely,
TC10 Requester Error pops up Pass and ensuring applications used are trusted. One answer
registration using which really stood out was that s/he will confirm that the
registered email application applies the Personal Data Protection Act first
TC11 Requester request User Details are Pass before using it.
user details using displayed as Another question asked whether respondents are aware
registered user requested of identity verification applications, and that if they have, to
email state the name of the application. The results showed that 57
TC12 Requester request Error pops up Pass per cent of 141 respondents know of identity verification
user details using application. However, only a handful have actually used
unregistered user them, and they are as follows: Civic, Aadhaar, and Digital
email KYC.
TC13 Requester request User Details are Pass The last question in the survey asked the respondents to
user details using displayed as give their feedback. Some had notable things to say, such as:
registered requester requested to use one-time passwords for log in purposes; to have the
email option to delete their data from the system; to know the
TC14 Requester request Error pops up Pass information being requested; to have the application provide
user details using a customer support through the mobile application; and,
unregistered lastly, to have a list of blacklisted requesters.
requester email
TC15 User registration User successfully Pass VI. FUTURE ENHANCEMENTS
using registered registered
email For future enhancements of this project, there are a
TC16 User registration Error pops up Pass number which can be implemented. Firstly, the project can
using unregistered be done on a real working blockchain as opposed to just a
email local host to allow this system to be commercialized. As of
TC17 User log in using User successfully Pass now, this system is only using the concept of blockchain
registered email registered through hashing.
Secondly, the request of user details from requester can
TC18 User log in using Error pops up Pass
be through push notifications to the mobile application and
unregistered email
that the user can accept or reject the request. This is to
further increase the privacy for the user details because
Acceptance testing results were extracted from a survey users will be immediately aware of who is requesting their
distributed after the system was finished being designed. It details and when they are requested in contrast of knowing
consisted of three questions, which are: preference on online after the details are already given.
identity verification, if the application eases verification Thirdly, biometrics can also be used to lock and unlock
processes, and should the application be made available to the application, specifically voice recognition and
everyone. The inference that can be made is that although fingerprints. Similar to a research done by [19], where
the respondents preferred to not do online identity speech recognition is used to lock and unlock folders on a
verification, they are accepting the importance of having a machine as it is a cheap and widely available resource,
mobile and easily available way for online verification. The while also providing high security due to the uniqueness of a
summary of the responses is in Figure 5 below. voice to a person.
Fourthly, more variety of personal records can be
included in system as the current system only stores the
user’s passport details. An example of is to have kinship
verification as well through facial recognition. As the
application needs to have user email, the application can be [9] Yasin, A., & Liu, L. (2016). An Online Identity and Smart Contract
Management System. In 2016 IEEE 40th Annual Computer Software
designed to handle details of persons under their custody, and Applications Conference (COMPSAC). Atlanta, GA: IEEE.
for example, the user’s children. This would further increase Retrieved from https://ieeexplore.ieee.org/document/7552202/
efficiency as a method called deep learning can be used to [10] Zhou, L., Wang, L., & Sun, Y. (2018). MIStore: a Blockchain-Based
verify association between users [20]. Medical Insurance Storage System. Journal Of Medical Systems,
Lastly, the user details can be made time-sensitive so 42(8). doi: 10.1007/s10916-018-0996-4
that it can be ensured that user details are not being misused [11] Lin, I., & Liao, T. (2017). A Survey of Blockchain Security Issues
and Challenges. International Journal Of Network Security, 19(5).
even after they are being requested. To further keep the doi: 10.6633/IJNS.201709.19(5).01
information safe, there can also be a prohibition on taking a [12] Aniello, L., Baldoni, R., Gaetani, E., Lombardi, F., Margheri, A., &
screen-shot of the details. Sassone, V. (2017). A Prototype Evaluation of a Tamper-Resistant
High Performance Blockchain-Based Transaction Log for a
Distributed Database. In 2017 13th European Dependable Computing
VII. CONCLUSION Conference (EDCC). Geneva: IEEE. Retrieved from
https://ieeexplore.ieee.org/document/8123568/
In conclusion, this paper discussed about how a system [13] Gipp, B., Breitinger, C., Meuschke, N., & Beel, J. (2017).
which enhances the area of blockchain identity is vital in CryptSubmit: Introducing Securely Timestamped Manuscript
helping the society to gain control of their lives. Since most Submission and Peer Review Feedback Using the Blockchain. In
2017 ACM/IEEE Joint Conference on Digital Libraries (JCDL).
of researches are focused on storage system of businesses Toronto, ON: IEEE. Retrieved from
using blockchain, personal identities of the people should be https://ieeexplore.ieee.org/document/7991588/
digitized on the blockchain as well. Financial and medical [14] Yeoh, P. (2017). Regulatory issues in blockchain technology. Journal
should not be the only emphasis for blockchain-based Of Financial Regulation And Compliance, 25(2), 196-208. doi:
10.1108/jfrc-08-2016-0068
systems, because eventually every physical data will move on
[15] Elmansori, M., Atan, H., & Ali, A. (2017). Factors Affecting E-
to digitalization. Government Adoption by Citizens in Libya: A Conceptual
In addition, the main benefits of research in this area will Framework. I-Manager's Journal On Information Technology, 6(4).
allow users to own as well as control their identity by doi: 10.26634/jit.6.4.13845
placing it in a decentralized system to avoid data breaches [16] Elmansori, M., Atan, H., & Ali, A. (2018). Adoption of E-
by applications and services. An identity verification system government Services in Libya: A Critical Review. Saudi Journal Of
Humanities And Social Sciences (SJHSS), 3(4), 553-560. doi:
that is entirely owned by the individual will increase trust 10.21276/sjhss.2018.3.4.4
that the data is genuine and reliable. It will also help that [17] Al-Shuaili, S., Ali, M., Jaharadak, A., & Al-Shekly, M. (2019). An
this system is open and transparent. Investigate on the Critical Factors that can Affect the Implementation
of E-government in Oman. 2019 IEEE 15Th International
REFERENCES Colloquium On Signal Processing & Its Applications (CSPA). doi:
10.1109/cspa.2019.8695988
[1] Pascual, A., Marchini, K., & Miller, S. (2018). 2018 Identity Fraud:
Fraud Enters a New Era of Complexity. Retrieved from [18] Yaga, D., Mell, P., Roby, N., & Scarfone, K. (2018). Draft NISTIR
https://www.javelinstrategy.com/coverage-area/2018-identity-fraud- 8202: Blockchain Technology Overview [Ebook]. NIST. Retrieved
fraud-enters-new-era-complexity from
https://csrc.nist.gov/CSRC/media/Publications/nistir/8202/draft/docu
[2] Zyskind, G., Nathan, O., & Pentland, A. (2015). Decentralizing
ments/nistir8202-draft.pdf
Privacy: Using Blockchain to Protect Personal Data. In 2015 IEEE
Security and Privacy Workshops. San Jose, CA: IEEE. Retrieved [19] Mahendran, D., Jamal, A., Helmi, R., & Fatima, M. (2018). Trusted
from https://ieeexplore.ieee.org/document/7163223/ computing and security for computer folders. International Journal Of
Medical Toxicology & Legal Medicine, 21(3and4), 83. doi:
[3] Azaria, A., Ekblaw, A., Vieira, T., & Lippman, A. (2016). MedRec: 10.5958/0974-4614.2018.00036.0
Using Blockchain for Medical Data Access and Permission
Management. In 2016 2nd International Conference on Open and Big [20] Almuashi, M., Mohd Hashim, S., Mohamad, D., Alkawaz, M., & Ali,
Data (OBD). Vienna: IEEE. Retrieved from A. (2015). Automated kinship verification and identification through
https://ieeexplore.ieee.org/document/7573685/ human facial images: a survey. Multimedia Tools And Applications,
76(1), 265-307. doi: 10.1007/s11042-015-3007-5
[4] Chen, Z., & Zhu, Y. (2017). Personal Archive Service System using
Blockchain Technology: Case Study, Promising and Challenging. In
2017 IEEE International Conference on AI & Mobile Services
(AIMS). Honolulu, HI: IEEE. Retrieved from
https://ieeexplore.ieee.org/document/8027275/
[5] Do, H., & Ng, W. (2017). Blockchain-based System for Secure Data
Storage with Private Keyword Search. 2017 IEEE 13Th World
Congress On Services. doi: 10.1109/SERVICES.2017.23
[6] Mudliar, K., Parekh, H., & Bhavathankar, P. (2018). A
comprehensive integration of national identity with blockchain
technology. In 2018 International Conference on Communication
information and Computing Technology (ICCICT). Mumbai: IEEE.
Retrieved from https://ieeexplore.ieee.org/document/8325891/
[7] Soliman, A., Bahri, L., Carminati, B., Ferrari, E., & Girdzijauskas, S.
(2015). DIVa: Decentralized identity validation for social networks.
In 2015 IEEE/ACM International Conference on Advances in Social
Networks Analysis and Mining (ASONAM). Paris: IEEE. Retrieved
from https://ieeexplore.ieee.org/document/7403568/
[8] Zhang, L., Li, H., Sun, L., Shi, Z., & He, Y. (2017). Poster: Towards
Fully Distributed User Authentication with Blockchain. In 2017 IEEE
Symposium on Privacy-Aware Computing (PAC). Washington, DC:
IEEE. Retrieved from
https://ieeexplore.ieee.org/document/8166639/?part=1