Blockchain: The solution for the adoption of Self-Sovereign Identity?

40  Download (0)

Full text

(1)

Blockchain: The solution for the adoption of Self-Sovereign

Identity?

A quantitative study on blockchain: Research on the willingness to adopt to Self-Sovereign Identity with the use of Blockchain technology

Bachelor Thesis

Muhtashim Ashraf June 30, 2021

BSc. BA – Management in the digital age Amsterdam Business School, University of Amsterdam

Author’s note Muhtashim Ashraf

Student number: 12022748

E-mail: Muhtashim.ashraf@hotmail.com Under the supervision of Willem Dorresteijn

(2)

2

Statement of originality

This document is written by Muhtashim Ashraf who declares to take full responsibility for the contents of this document and that the text and the work presented in this document are original and that no sources other than those mentioned in the text and their references have been used creating it.

The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.

(3)

3

Table of contents

Statement of originality ... 2

Abstract ... 4

1. Introduction ... 5

1.1. Research Question ... 6

2. Literature review ... 6

2.1. Self-Sovereign Identity ... 6

2.2. Blockchain... 7

2.3. Self-Sovereign Identity using Blockchain technology ... 8

2.4. Framework and governance for SSI ... 9

2.5. Existing projects and regulations ... 11

2.6. Advantages ... 12

2.7. Disadvantages... 15

2.8. Hypothesis and conceptual model ... 17

3. Research methodology ... 18

4. Results ... 20

4.1. Hypothesis results ... 23

5. Discussion ... 24

5.1. Research Question with existing literature ... 24

5.2. Contribution thesis ... 25

5.3. Practical implications ... 26

6. Conclusion ... 27

6.1. Recommendations further research ... 27

6.2. Limitations thesis ... 28

6.3. Summary thesis ... 29

7. References ... 30

8. Appendix ... 35

(4)

4

Abstract

The need for Self-Sovereign Identity using blockchain technology is increasing and gaining more and more attention worldwide. Individuals are demanding full control over and total insight in their digital identities. In this current digital day and age, it is of utmost importance that individuals have full control over their digital identities. Many individuals have already become victims of ID theft, stolen or lost identification items, scam practices, impersonations and devious and costly processes. Furthermore an individual provides information, which other organizations and other individuals receive. This results in a lack of privacy, while the other organizations and individuals do not need most information most of the time. Self-Sovereign Identity is a hopeful solution, especially when it is combined with blockchain technology, to tackle most of these problems.

The main objective of this paper is to research the willingness of individuals to adopt Self- Sovereign Identity using blockchain technology. Furthermore, a few recommendations for a framework and standards for Self-Sovereign Identity will be provided to increase the success rate of a possible adoption of Self-Sovereign Identity using blockchain technology in the near future. A quantitative study is conducted focusing on the three key aspects of Self-Sovereign Identity to provide more insight in this topic and the willingness of individuals for a possible adoption of Self-Sovereign Identity using blockchain technology.

The results in this document show that it is time to change the way individuals manage their identities. This study paves the way and forms a solid basis for future research about Self- Sovereign Identity and blockchain technology, especially because this topic is still in its infancy. Resulting in a possible watertight framework and adoption of Self-Sovereign Identity with blockchain technology in the near future.

(5)

5

1. Introduction

“When decentralized blockchain protocols start displacing the centralized web services that dominate the current Internet, we'll start to see real internet-based sovereignty. The future Internet will be decentralized” – Olaf Carlson-Wee

The Internet of Things (IoT) is a communication network between different physical objects that are connected to the internet for data sharing (Suciu et al., 2015; Hirsch, 2014). With the tremendous rise in internet users every day, the management of identities has also seen a significant increase in interest (Mühle et al., 2018; Bloor, 2018). The internet lacks a layer of identity protocol, therefore the responsibility for identification and verification to the service providers. Over time, internet is evolved without governance, resulting in service providers starting issuing and authenticating digital identities and therefore gradually becoming centralized authorities. Users have to create and store their digital identity for every service they use (Tobin & Reed, 2016). These centralized authorities prevent users to gain insight in their digital identity, resulting in a lack of control (van Bokkem et al., 2019). Self-sovereign Identity (SSI) is a recent solution for this lack of control and aims to give users insight in and control over their own digital identity. Critics claim that the concepts of SSI are idealistic and far from ready for widespread use (van Bokkem et al., 2019). Research shows that there is potential in decentralized technologies to privatize data and gain insight in and control over their digital identity, which are conditions for successful SSI using blockchain technology implementation (Seifert, 2020).

(6)

6

1.1. Research Question

Current literature about SSI mainly focuses on possible SSI solutions, frameworks and architecture. This paper will contribute to the literature by investigating if individuals are willing to take full responsibility over their digital identity, by adopting SSI using blockchain technology. The research goal of this paper is to answer the following research question:

RQ: Are individuals willing to adopt Self-Sovereign Identity with the use of blockchain technology?

2. Literature review

2.1. Self-Sovereign Identity

“The best way to think of self-sovereign identity is as a digital record or container of identity transactions that you control. You can add more data to it yourself, or ask others to do so.” – Christopher Allen, 2016

SSI aims to give users control over their own digital identity and removes the need for a centralized authority (van Bokkem et al., 2019). Users should control their identity with verifiable credentials on their device. Three key aspects of SSI are portability, controllability and security (Allen, 2016). Users can provide the required information to the services for validation purposes. There are ten elements that can be derived from the three key aspects for SSI that have to be fulfilled, before an individual has full control over their own digital identity:

Existence, control, access, transparency, persistence, interoperability, consent, portability, minimalization and protection (Der, Jähnichen & Sürmeli 2017). These ten elements are derived

(7)

7

from the three key aspects for SSI. Despite the huge opportunity that SSI enables users to control their identity, there are also a few limitations. Individuals keep all their data, information and their digital identity stored in a digital wallet. This results in individuals having the responsibility to first of all protect their data and digital identity, as well as to ensure that their data and digital identity can be trusted (Der et al., 2017).

2.2. Blockchain

Since the popularization of blockchain technology by Satoshi Nakamoto in 2008, the technology behind Bitcoin is attracting massive attention worldwide, resulting in a spark for new payment system projects in different industries. (Nofer et al., 2017). Blockchain technology is transparent and decentralized and is one of the well-known examples of a Distributed Ledger Technology. Bitcoin popularized the blockchain technology and therefore the distributed ledger technology (Abeyratne & Monfared, 2016). Users of blockchain technology can keep their digital identities private with aliases and secure their transactions with other users using cryptographic hashing without intervention by a centralized authority or service provider (Heister & Yuthas, 2020). However, scalability and off-chain security form a significant challenge for blockchain technology, which will be explored in later sections.

(Zheng et al., 2018).

A blockchain consist of data sets which are composed of a chain of data packages (blocks) where a block comprises multiple transactions. The blockchain is extended by each additional block and hence represents a complete ledger of the transaction history. Figure 1, gives a visual representation of the blockchain and the extension by each additional block. Blocks have to be validated by the network using cryptographic means. In addition to the transactions, each block contains a timestamp, a cryptographic hash value of the previous block (“parent”) and a nonce,

(8)

8

which is a random number verifying the hash and is what miners look for. The result constitutes the proof of work. This concept ensures the integrity of the entire blockchain through to the first block (‘‘genesis block’’). Hash values are unique and fraud can be effectively prevented since changes of a block in the chain would immediately change the respective hash value (Zheng et al. 2018). There is a consensus mechanism to establish the validity of the transactions in a block, which is determined by the hash rate distribution. Many papers suggest that the majority of the nodes in the network have to agree (more than 50%) on the validity of a transaction. However it is possible that the largest mining pools together are not representing the majority of nodes, but can establish the majority of votes for consensus.

Figure 1. Example of a blockchain (Zheng et al. 2016)

2.3. Self-Sovereign Identity using Blockchain technology

Blockchain technology seems very promising for SSI, because it does not require a centralized authority to validate transactions (van Bokkem et al. 2019) resulting in a promising symbiotic relationship. The new payment system projects, mentioned in the previous paragraph, could be relevant projects for SSI. Surveys conducted in other studies show that many individuals use digital identity management systems, that they do not actually trust and want to use. A lack of control over their digital identity is the main reason for this distrust. The decentralized nature of blockchain technology, can help to get rid of this untrustworthy feeling (Baars, 2016). With blockchain technology, every individual can make transactions without a third party. The decentralized nature of blockchain technology (Distributed Ledger Technology) does not

(9)

9

necessarily mean that no centralized authorities are required, centralized authorities can still fill in a role to verify credentials and information on the blockchain. Individuals can store their digital identity in a digital wallet and only provide the information or data that is needed for certain transactions or other uses.

2.4. Framework and governance for SSI

Several changes are needed for SSI to work and possibly be adopted. SSI must comply with privacy laws and regulations, for example GDPR (European General Data Protection Regulation) and Zero-Knowledge Proof can help to improve the reliability and enhance feelings of trust for users (Gondova & Erbguth, 2020). Zero-Knowledge Proof is a proof (the user receives a value) without disclosing the information that is stored on that value. GDPR regulates the processing of personal data and it only applies to personal data for SSI solutions (Kondova

& Erbguth, 2020). It is important to get a clear understanding about the regulations and justifications for SSI in regard to privacy law and regulations. The personal data storage and the processes around collection, processing, storage, maintenance and retention, should comply with privacy laws and regulations and a controller (centralized authority) should be able to check whether the data is valid. To ensure the privacy of the user, the data should be anonymized. SSI consists of personal data that will be anonymized by the use of blockchain technology. The data will be encrypted and can be changed with the use of pseudonymization techniques. The data in the wallet of the user consists of the non-encrypted data and can be managed by the user. The pseudonymized data is stored in the central permissioned blockchain and can be accessed by third parties.

(10)

10

Public key cryptography uses a linked pair of private and public keys. Private keys are being held by the user and should be protected by the user. Data can be encrypted with the use of public keys, the user can then decrypt the public key with the corresponding private key. To manage and facilitate the encryption and decryption of the public keys of the different users, the framework of PKI (Public Key Infrastructure) is introduced. Public key infrastructure is a framework that regulates the processing, trafficking, public key management and authentication of the messages (Gilani et al., 2020). Public keys are used to verify the authentication of the message, which are encrypted in the first place with the private key of the sender. The public key infrastructure is necessary for a reliable and trustworthy network, which can likely result in more users of SSI. A centralized authority is needed to verify your credentials as an user, this can be achieved with the use of four different authentication factors: knowledge-based, possession-based, location-based and biometric-based (Chen et al., 2000). To verify that the individual is who the individual claims to be, authentication is used. For example, something that only an individual can know (knowledge-based), something that only the individual has (possession-based), somewhere only the individual can be (location-based) or something the individual is, like a fingerprint or iris scan respectively, which is biometric-based (Chen et al., 2000).

In summary, three layers can be distinguished that are necessary for a good, robust and especially scalable solution for the adoption of SSI using blockchain technology: Regulation, technology and framework. Regulation is needed to maintain the set of rules and make sure that the digital identity and information of individuals is secured (Lopez, 2019). Technology is required to make sure that the willingness to adopt SSI using blockchain increases. Technology in combination with regulation can assure that individuals can store, collect, retrieve, recover and delete data and personal information in a secure and especially safe way. Lastly, frameworks are necessary for the first two layers to work properly. The technology framework

(11)

11

can also result in more users, because many applications and purposes can be connected with each other. The connection with each other will result in a positive interaction, that keeps improving each other (Hühnlein, 2014).

2.5. Existing projects and regulations

There are already a few existing projects or regulations that have a connection with SSI using blockchain technology. It is important to know about these projects, because they can shed some light on possible advantages and limitations that need to be addressed for SSI using blockchain technology to work. This section also serves as an introduction to the next two paragraphs where the advantages and disadvantages will be looked in to.

The Hyperledger Indy platform is a project, which is designed with a decentralized ledger framework. The Hyperledger Indy platform is a location where all the digital identities can be safely stored, when a digital identity is required, the platform can locate and point out the location where it is stored (Grech et al., 2021). The Hyperledger Indy project uses a public ledger. To ensure that the digital identity of an individual cannot be accessed, the public ledger uses Zero-Knowledge proofs, decentralized identifiers and public keys. The Hyperledger Indy is also interoperable, which is one of the components that are required for achieving SSI (Lopez, 2019).

“eIDAS (electronic identification and trust services) is an EU regulatory environment that enables secure and seamless electronic interactions between businesses, citizens and public authorities” (eIDAS supported self-sovereign identity, 2019). It ensures cross-border access to public services in countries in the European Union (Grech et al., 2021). One of the main advantages of eIDAS is the principle of privacy by design. eIDAS came into effect before GDPR, but the design ensured the compliance with the predecessor, which makes eIDAS

(12)

12

reliable and trustworthy (Pohlmann et al., 2014). The eIDAS trust framework still has some limitations. For example, the regulatory environment has to fit in with the national legislations of all member states as well for it to work (Cuijpers & Schroers, 2014). With the eIDAS regulation the digital identities of users in Europe can be stored in their own private digital wallets, which makes sure that users in the EU have full control over their digital identities. The users can store their digital identity on their wallet and make sure that the information that is issued on the chain is only the verification of the information that is stored in their private digital wallet (Hühnlein, 2014) The third party that wants to access the shared credential, can verify both sides (holder and issuer).

2.6. Advantages

The adoption of SSI using blockchain technology is beneficial for many purposes. Firstly, the digital identity of an individual and appurtenant to that the digital assets of an individual are not fully accessible and in control of the individual that possesses it. This can change with the use of SSI using blockchain technology, resulting in full control over your assets and digital identity. The digital identity of an individual in the Netherlands can also be accessed when you login to DigiD (Digital identity that is associated with the unique BSN of each citizen, same as social security in the US, used for access to public services or for government related applications), meaning that there is no full control and access to it. This also applies to your assets, for example money. Individuals store their money in the bank, but when access is required, only the balance can be seen. If you want to withdraw your money from the bank, but the bank files for bankruptcy after becoming insolvent. Meaning the bank cannot repay its depositors, then there is no way to retrieve your money resulting in a loss of money. Banks and the government can however still fulfill a role as issuers and centralized authorities when SSI

(13)

13

using blockchain technology will be used, however the control and access is in the hands of the individuals and therefore also in the decentralized ledger.

The adoption of SSI using blockchain technology could also be beneficial for governments, because it is relatively cheap and easy to implement and issue across all habitants of a country.

The digital identities can be used to gain access to many applications and services. Furthermore, governments do not need to maintain the framework, which means that no extra time will be consumed and is beneficial financially. There is also a great advantage for individuals, because they can store all their data and their digital identity in one device, this greatly enhances the portability of their digital identity and data. Other entities can on their turn sign a proof and ask for data from one central entity, which is the individual, which makes it easier and less time consuming for every party involved in the transactions.

Another beneficial aspect of adopting SSI using blockchain technology is the anonymity that can be achieved for individuals. Individuals can use pseudonyms when they create digital identifiers. Another method to increase the level of anonymity is by the use of Zero-Knowledge Proofs, this means that an individual only provides the information that is necessary and restrains of providing any more information (Bartolomeu et al., 2019). For example, when an individual goes to a liquor store for which an age limit over 18 years applies, the information that should be provided is if the individual is over 18 years or not and the individual should not provide their exact age. Providing the exact age of the individual and is extra information that is not unnecessary for the task and therefore should not be provided.

Nowadays, there are way too many opportunities to lose pieces of your digital identity, for example losing passwords or physical cards like your driver’s license. With SSI there are more options to recover any possible losses of your digital identity or information. If the data and information stored on your digital wallet gets lost, then the data can be retrieved with possible back-ups that were made either on or off the cloud (Pohlmann et al., 2014). Pearson mentioned

(14)

14

different ways to verify credentials as an user, however those authentication factors could also be used to retrieve lost information or data (Chen et al., 2000). For example, with a biometric- based solution like a fingerprint to make sure that the individual is indeed the real owner of the data that was lost (Gilani et al., 2020).

Digital wallets are one of the most maximized security options available nowadays. There are many layers and different protocols to make sure that the next step: authentication and verification is done securely and with at least as possible errors made (Lopez, 2019). SSI removes the possibilities of tampering with the data of an individual. Hacking is also reduced to a minimum, because the individual stores their information and digital identity on their own digital wallet and the data that is available is encrypted. In comparison, nowadays many databases are stored in centralized locations with lots of information, which are protected.

However, if hackers find a way to breach in and steal or hack the data, then they ultimately hit the jackpot (Grech et al., 2021).

Lastly, if scalability of the SSI solutions with blockchain technology is achieved by the use of a general framework and clear protocols then this will result in more users of the decentralized ledger and more applications when other companies for example also join the network (Bartolomeu et al., 2019). Traditional identity solutions are incompetent in creating trust and support, where SSI using blockchain technology is competent by the nature of the design. These advantages can in their turn result in another advantage that naturally comes forth: inclusion.

More and more individuals will be exposed to the easy possibility to adopt SSI using blockchain technology, whereas those individuals might not be included in other traditional services, for example banks in their respective country.

(15)

15

2.7. Disadvantages

There are potential disadvantages and challenges for the adoption of SSI using blockchain technology. Firstly, a distinction needs to be made between online (on the chain) and offline (off the chain) challenges, because some of the challenges for the adoption of SSI using blockchain technology have to do with the individual self like protecting your own goods.

Secondly, most of these challenges and disadvantages are also possibilities that can be solved, which will likely increase the likelihood to adopt SSI using blockchain technology.

Several standards should be made to make sure that the quality can be ensured, however there are not many globally approved standards yet. A sidenote that has to made, but is not unnecessary, is the understanding and acceptance of these rules, standards and regulations by lawyers, jurists, judges and notaries for example. Furthermore, the previous mentioned parties need to keep their selves up to date with these technologies. Governments should also accept and include SSI solutions using blockchain technology for it to work, for example including driver’s licenses and passports. SSI using blockchain technology can truly unlock its potential when there are widespread and accepted standards, for example the W3C DID standard (World Wide Web Consortium). The W3C is an organization and a platform where developers and others create standards and exchange ideas for the world wide web, for example HTML and CSS (Lopez, 2019). Some standards also need an update or more strict rules and regulations.

This is especially the case for data protection, to protect individuals and their data, privacy and their human rights.

A central marketplace needs to be made for all the possible applications that allow for SSI with the use of blockchain technology. The willingness to adopt SSI using blockchain technology will most likely increase if it is made easy, understandable and friendly for all type of users.

Furthermore, the pseudonymity has to be guaranteed for the privacy of the users. In a public

(16)

16

marketplace or other applications, the registration of personally identifiable information should be avoided. Also correlations made between entries made by individuals should be avoided, to make sure that there is no backtracking possible (Bartolomeu et al., 2019). Individuals but also the entities that store the registries of information, should make sure that only the cryptographic proof is stored on the ledger and not the data and information that is provided.

Another aspect that should be accounted for by individuals is the offline storage of their data, information and possible back-ups on ‘off the chain’ tools, for example an USB-stick. It is highly recommended to make back-ups of your information to guarantee that easy recoveries can be made of the information of the respective individual. Back-ups can be made on the cloud or on offline devices (Gilani et al., 2020). Both options have their pros and cons. On the cloud back-up mechanisms could be hacked, however it is harder for an individual to lose access to the back-up. An individual could forget their password, however that problem is solved with the two-step verification method. Back-ups made on offline devices cannot be hacked, but an individual could lose their offline device or it could also be stolen. SSI using blockchain technology should also account for smooth integration between back-up methods and the digital wallet of the respective individual.

Further elaborating on the previously made points is the upgrades of currently existing digital wallets. Digital wallets are of utmost importance for SSI using blockchain technology to work.

Many digital wallets are not robust yet and just like the SSI frameworks, there should also be a digital wallet framework that integrates the necessary aspects needed for SSI using blockchain technology (Gilani et al., 2020). A global network that collects digital wallet providers and makes sure that the digital wallets comply to given standards could be a possibility. This global network can then ensure the quality and therefore also the authorization and authentication of the information. Key recovery and key rotation (making new keys once in a while, just like passwords need to be updated to improve the overall security) are further steps that need

(17)

17

improvement to upgrade the ecosystem of SSI using blockchain technology (Bartolomeu et al., 2019).

2.8. Hypothesis and conceptual model

This research is composed of the following four components: security, controllability and portability as the three independent variables, which are the three key aspects of Self-Sovereign Identity and the willingness to adopt SSI using blockchain technology as the dependent variable. This is graphically represented in figure 2.

Figure 2. Conceptual model

The following three hypotheses are to be investigated in this research:

H1: The willingness to adopt SSI using blockchain technology is proportional to the perceived security.

H2: The willingness to adopt SSI using blockchain technology is proportional to the received controllability.

H3. The willingness to adopt SSI using blockchain technology is proportional to the received portability.

(18)

18

3. Research methodology

For the literature study several databases were used, like Google Scholar and the library of the University of Amsterdam. The keywords used to search for articles were primarily: Self- Sovereign Identity, Blockchain technology and the combination of these two keywords. After reading a few articles, some supplementary keywords were used. For example, eIDAS, Hyperledger Indy, data protection, digital wallets and data. Not every article was relevant for this study, several criteria points were used to make a distinction between good and bad articles.

If an article was academic, consulted other different articles and was relevant for this study, then it was concluded and used in this research.

A quantitative approach is used for this study, with deductive reasoning. An online cross- sectional survey was conducted with a 5-point Likert scale (Babakus & Mangold, 1992).

Surveys are used to gather lots of information from many people, surveys are also relatively cost-effective. The downside, however, is the lack of depth of information and inflexibility. An aspect to keep in mind are the potential sources for the common method variance (CMV), which can lead to distorted correlations between variables. Furthermore, the central-tendency bias and negative affectivity should be taken into account.

The sample size for this study will be at least N>100, to make sure that the Confidence Interval is higher than 95% and the Margin of Error is below 10%. The sample group will be selected based on non-probability sampling and primary data will be collected. Non-probability sampling is chosen because of the availability of subjects due to the SARS-CoV-2 virus. The survey scores will be measured with the Cronbach’s alpha, which is a convenience test used to assess the reliability or internal consistency (Field, 2017). The three hypotheses will be tested and calculated with linear regression. Dummy variables represent the subgroup of a categorical

(19)

19

PV, but since we have no categorical PV no dummy variable will be included in this research paper (Field, 2017).

The survey is conducted online and was distributed in several Facebook groups about blockchain technology and Self-Sovereign Identity, at the University of Amsterdam and in Utrecht. There were limitations, because of the corona measurements and restrictions, which results in most subjects coming from Utrecht or Amsterdam. The survey consisted of three pages with each ten questions (Fig. 1, Appendix). Each page represents one of the three hypotheses, each representing one of the three key aspects of SSI: portability, controllability and security. The ten questions per key aspect aim to collect answers about the ten elements that are required for SSI. In total 153 respondents filled in this survey. After transforming and exporting the data from Qualtrics (software used to collect data) to SPSS (software used to interpret the data), there were several invalid results. Many of these invalid results consisted of individuals not fully completing the survey and the rest of the invalid results were due to Qualtrics not correctly saving and transforming the data that was given by the individuals that took the survey. After deleting the invalid results, 108 respondents remained valid (Figure 2, Appendix). Six respondents did not complete the survey and 38 results were not correctly saved, which resulted in Qualtrics marking the survey as completed while the answers were not shown.

One respondent was marked as invalid, because SPSS reported it as missing.

After exporting the data to SPSS, several labels and information columns were either reorganized and relabeled or deleted. For the sake of privacy of the individuals that took the survey, every column that was not necessary or possessed private information was deleted, for example the IP address of the survey takers. Each hypothesis consisted of ten questions and the questions were labeled correspondingly. The means were calculated per hypothesis for the values of the ten questions, resulting in the three independent variables, to make it easier to analyze and interpret the data that was filled in. For the dependent variable, willingness to adopt

(20)

20

SSI using blockchain technology, three questions were asked to the individuals, on a Likert- scale from 1 to 5. The mean was calculated for the dependent variable as well.

4. Results

First of all, the Cronbach’s alpha test was conducted for internal consistency and reliability of the questions asked in the survey. A reliability coefficient of 0.70 or higher is considered reasonable and acceptable (Field, 2017). The Cronbach’s alpha that was calculated with SPSS resulted in a Cronbach’s alpha of 0.904, which is considered excellent (Figure 3, Appendix).

The next step was to check whether the Cronbach’s alpha would increase if an item was deleted.

The Cronbach’s alpha would only increase if security was deleted, but it would increase by 0,002. This minor increase is not significant enough, especially considering the already high alpha, so the internal consistency is considered good.

The next step was to conduct a One-way ANOVA analysis, which is an abbreviation of Analysis of Variance. This test is mainly used to compare and test the means of different groups, with only one variable (Field, 2017). There are several assumptions that need to be met, before an ANOVA analysis can be conducted. The most important assumption is that the results need to be distributed normally. To test this the Kolmogorov-Smirvov and Shapiro-Wilk analysis was conducted (Figure 4, Appendix). The significance level was below 0.05, which is lower than the needed 0.05 or higher. All three variables were not distributed normally and this was emphatic confirmed after checking the skewness and kurtosis (Figure 5, 6 and 7, Appendix) All three variables had a relatively high kurtosis, meaning that the peak of the distribution was quite high. Furthermore the skewness was positive, which means that the distribution was heavy on the right side, resulting in a relatively large left tail (Figure 8, Appendix). An One-way ANOVA test could not be conducted, so the alternative had to be used: The Kruskal-Wallis test. This is

(21)

21

a nonparametric test to also determine if the means of different groups, with only one variable are significantly different from each other. The Kruskal-Wallis test only states if there is a difference between groups, but it does not provide which of the three groups is significantly different (Kruskal & Wallis, 1953). The assumptions for the Kruskal-Wallis test were met as well, namely: dependent variable is measured at an ordinal or continuous level, the independent variable consists of at least two or more independent groups (categorical) and lastly, the distributions of the three groups should be sort of similar in size and shape. To find out which of the three groups is significantly different, a post hoc test needs to be conducted. To make it clear and easy to understand, the groups were relabeled and the Kruskal-Wallis test was done in R Studio for easier interpretation (Figure 9, Appendix). The Chi Square (test statistic) is 5.9707, which means that there is some significant difference between the groups. The significance level was 0.05, without an asterisk, meaning that it is a little bit higher than 0.05.

This is not significant, however there is a strong trend that indicates that there might be differences. The choice was made to still do a post hoc test, to find out where the differences are between the groups. For the post hoc test, a Dunn test was done with a Bonferroni correction (Figure 9, Appendix). The Dunn test is similar to the Tukey test for ANOVA and provides pairwise comparisons between the groups (Field, 2017). The Bonferroni correction is a way to neutralize the chance that multiple comparisons occur. In figure 9, Appendix is shown that there is a significant difference between groups 2 and 3 (controllability and portability respectively).

This difference was also shown in the box plots that were generated to visualize this difference (Figure 10, Appendix). Normally, the null hypothesis should be retained. However, it is clearly shown after doing the post hoc tests and because of the small differences in the significance level, that there is sufficient reason to believe that there is a difference between the groups.

Lastly, to calculate the effect of the independent variables on the dependent variable a linear regression analysis was conducted. An analysis was done on all three independent variables on

(22)

22

the dependent variable separately and afterwards an analysis was done with all three independent variables combined. The R value shows the correlation, strength and direction of the relation between the variables (Field, 2017). A positive R value means that the variables are positively correlated and vice versa for negative values. Each of the independent variables show a positive R value, meaning that every variable independently has a positive effect on the dependent variable. Security and controllability have a R value of 0.678 and 0.696 respectively (Figure 11 and 12, Appendix), while portability has a R value of 0.777 (Figure 13, Appendix).

The R squared value shows the proportion of variance in the dependent variable, that can be explained by the independent variables (Field, 2017). The SPSS output shows that security and controllability explain 45,9% and 48,4% of the variance respectively (Figure 11 and 12, Appendix) and portability explains the most variance with 60,3% (Figure 13, Appendix). The standard error of the estimate shows the accuracy of the population mean with the true mean.

The higher the value of the standard error of estimate, the lower the accuracy is. In the three outputs of the independent variable, the standard error of estimate is relatively high. However if the three independent variables are combined, then the standard error of estimate further decreases, which results in a higher level of accuracy. The R value (0.789) and the R squared value (0.623) increased, which means higher correlation. (Figure 14, Appendix) The individual correlations between each variables are shown in the correlation matrix (Figure 15, Appendix), in the matrix it becomes clear that portability has the largest effect on the other variables. The P-P plot shows a visualization of the positive effect of the independent variables on the dependent variable (Figure 16, Appendix).

(23)

23

4.1. Hypothesis results

The following three hypotheses were investigated in this research.

H1: The willingness to adopt SSI using blockchain technology is proportional to the perceived security.

The willingness to adopt SSI using blockchain technology is proportional to the perceived security with an unstandardized beta coefficient of 0.765. This means that for every +1 increase in value of the perceived security, the willingness to adopt SSI using blockchain technology increases with 0.765 points (Field, 2017). The values of the beta coefficient are significant (Figure 17, Appendix).

H2: The willingness to adopt SSI using blockchain technology is proportional to the received controllability.

The willingness to adopt SSI using blockchain technology is proportional to the received controllability with an unstandardized beta coefficient of 0.883. This means that for every +1 increase in value of the perceived controllability, the willingness to adopt SSI using blockchain technology increases with 0.883 points (Field, 2017). The values of the beta coefficient are significant (Figure 17, Appendix).

H3. The willingness to adopt SSI using blockchain technology is proportional to the received portability.

The willingness to adopt SSI using blockchain technology is proportional to the received portability with an unstandardized beta coefficient of 0.914. This means that for every +1 increase in value of the perceived portability, the willingness to adopt SSI using blockchain technology increases with 0.914 points (Field, 2017). The values of the beta coefficient are significant (Figure 17, Appendix).

(24)

24

All three key aspects of SSI have an effect on the willingness to adopt SSI using blockchain technology, with portability having the largest effect, meaning that it is the most important aspect according to the survey takers. Security has the smallest effect, however security is still important. A significant effect size of 0.765 points is still proportional and valuable for the willingness to adopt SSI using blockchain technology. The most important point is that when the three key aspects were measured together, the effect size increased even further. This is hopeful and stimulating for SSI. All three aspects are important and for SSI using blockchain technology to succeed, all three aspects should be accounted for.

5. Discussion

5.1. Research Question with existing literature

RQ: Are individuals willing to adopt Self-Sovereign Identity with the use of blockchain technology?

In light of the existing literature it becomes evident that individuals are willing to adopt Self- Sovereign Identity with the use of blockchain technology. As stated in the previous paragraph, portability has the largest effect size. Individuals made it clear and evident that the need to gain access and control over their own data is important and the strongest reason to adopt SSI using blockchain technology. Furthermore, individuals want their data to be as widely usable as possible. Meaning that their data is not in possession of a third-party or a centralized entity. The smallest effect size; security is still very important to individuals to adopt SSI using blockchain technology. It is, however, the smallest effect size out of the three key aspects. The smaller effect size might be because of a general feel of doubt due to the current general policy and the need of a watertight and smooth framework. Another point to keep in mind is the storage of

(25)

25

digital identities and backups. This is an element that is part of security and individuals are given the task to protect their data, information and keys on- and offline. These doubts and concerns might had a role in the lower effect size of security on the willingness to adopt SSI using blockchain technology. Controllability is an aspect that is fundamental on its own, however also requires the attention and fulfillment of the other two key aspects. For example, an element of controllability is consent. This means that individuals have to agree, thus have to give consensus, for the use of their digital identity. This element increases in power when security and portability are taken into consideration. Logically, this explains the strong power of controllability and the reason why this is the second most important aspect for individuals.

Overall the results were quite positive and the results support the hypotheses.

5.2. Contribution thesis

Self-Sovereign Identity using blockchain technology is gaining attention worldwide, as individuals feel the need to gain full control over their digital identity. This thesis was written with the aim to provide insight in the advantages and disadvantages of Self-Sovereign Identity using blockchain technology. Furthermore, a framework and several standards were discussed to provide feedback and possible tips and aspects to assure that the quality of current and possible future SSI solutions can improve. These points are necessary to increase the likelihood that individuals are willing to adopt SSI using blockchain technology. Lastly, by means of a survey the willingness to adopt SSI using blockchain technology was researched. SSI using blockchain technology is promising, but not much research has been done on this topic yet.

That is why it is important to explore what individuals want and which points are important to improve the willingness to adopt SSI.

(26)

26

Secondly, this research reviews and aims to fill in the current literature gaps about this topic.

Most current literature is trying to find a path to Self-Sovereign Identity. Previous literature provided a stepping stone for this thesis. To find out if a path to Self-Sovereign Identity can be made, the willingness had to be investigated. The next step is to find out how the framework has to be shaped and which standards, possible worldwide, have to apply on SSI using blockchain technology. A community of users and providers need to be created, to make sure that it is feasible to adopt SSI solutions.

5.3. Practical implications

There are many consequences for individuals if Self-Sovereign Identity using blockchain technology is not adopted. It reduces the freedom and control individuals can have over their digital identities and this lack of control and power shifts the power to entities that do have control over and insight in digital identities of other individuals. Currently almost every individual on the planet is in some way connected to the internet, which means that a lot of data of every individual is stored and given. Privacy is one of the major concerns that comes with the huge amount of data sharing by individuals. SSI using blockchain technology is a possible solution for all these problems and concerns and can help individuals to be private and gain control and access over their digital identity in this globalized world again. The practical implications of this research can also extend in different areas. Other alternative solutions might emerge and SSI using blockchain technology might also play a role in different fields.

(27)

27

6. Conclusion

6.1. Recommendations further research

This thesis is a stepping stone and early approach to get a better view and understanding of the willingness of individuals to adopt SSI using blockchain technology. However, this is mere a first a step to many different areas and implications that SSI using blockchain technology has.

Possible future research could first of all consist of qualitative research, by means of interviews for example. This can provide a better understanding of the real issues and concerns individuals have, which SSI solutions using blockchain technology can possibly tackle. Further research could also dive deeper in to creating a community where users and providers can come together, to increase the likelihood for adoption of SSI solutions. To create a community, several standards and a clear framework has to be made. This is also a recommendation for further research, to create a framework and ecosystem that includes as many individuals and services as possible. The governance and standards have to be included as well to ensure the best quality of possible future SSI solutions using blockchain technology. The last and ultimate step and research would be to provide a whitepaper that has a Self-Sovereign Identity solution using blockchain technology that is available worldwide and includes all individuals and services that need and require this technology.

(28)

28

6.2. Limitations thesis

Self-Sovereign Identity using blockchain technology is first of all, a hard topic to grasp and understand. Many individuals do not really know about either of the two concepts yet, because it is still a new term and concept. The aim of this research was to include as many individuals as possible to get a clear view and distribution to really find out if individuals are willing to adopt SSI using blockchain technology. The difficulty of this topic made it really hard for many individuals to have a good idea what it means to have a Self-Sovereign Identity. Furthermore, many individuals only heard about blockchain technology, without really knowing what it means and does. Especially all the possible implementations blockchain technology can have.

The survey was made as easy and understandable as possible, while also including all the elements and aspects of Self-Sovereign Identity and blockchain. The survey was still difficult for some individuals, which might lead to some distorted results. In the first two pages of the survey, an effort was made to counteract this problem beforehand. The first two pages provided information and real-life examples, to make it as understandable as possible, without losing essential information. Quantitative research do not allow for follow up questions and answers, which has to be done in future research. This is a major limitation, that also applies for the determination if the survey takers really answered the questions in an ethical way. These limitation were also magnified, because of the Sars-COV-2 virus. If more individuals were included in the survey, which would ultimately lead to better results and clear answers, then this limitation would not apply. The COVID pandemic however, because of the strict measurement by the government, lead to less subjects than the goal that was set primarily beforehand.

(29)

29

6.3. Summary thesis

Concluding, Self-Sovereign Identity solutions using blockchain technology have huge potential for individuals and service providers to play a role in future applications. With these SSI solutions the privacy and control will be guaranteed, which will lead to secure and faster transactions. This is a significant benefit for all parties involved to maintain a healthy relation and to create trust again. The key aspect that can be derived from this thesis is that a framework, standard and ecosystem need to be created to further elevate the current concepts of SSI using blockchain technology. In particular the Hyperledger Indy project shows great promise, as one of the few relatively advanced projects that uses blockchain technology for SSI. Furthermore the management of digital identities, keys and wallets has to be explored and finetuned to make sure that off-the-chain facets also ensure the security and quality of the SSI solutions using blockchain technology.

(30)

30

7. References

Abeyratne, S. A., & Monfared, R. P. (2016). Blockchain ready manufacturing supply chain using distributed ledger. International Journal of Research in Engineering and Technology, 5(9), 1-10.

Allen, C. (2016, April 27). The Path to Self-Sovereign Identities, available at: Coindesk:

https://www.coindesk.com/path-self-sovereign-identity/ (accessed March 27, 2021)

Baars, D. S. (2016). Towards self-sovereign identity using blockchain technology (Master's thesis, University of Twente).

Babakus, E., & Mangold, W. G. (1992). Adapting the SERVQUAL scale to hospital services:

an empirical investigation. Health services research, 26(6), 767.

Bartolomeu, P. C., Vieira, E., Hosseini, S. M., & Ferreira, J. (2019, September). Self- sovereign identity: Use-cases, technologies, and challenges for industrial iot. In 2019 24th IEEE International Conference on Emerging Technologies and Factory

Automation (ETFA) (pp. 1173-1180). IEEE.

Bloor, R. (2018), “If data is the new oil, then you are the oil”, Algebraix Data, March 26, available at: https://medium.com/algebraix-data/if-data-is-the-new-oil-then-youre-the- oil-2c90fb42135b (accessed March 27, 2021)

(31)

31

Chen, L., Pearson, S., & Vamvakas, A. (2000, August). On enhancing biometric

authentication with data protection. In KES'2000. Fourth International Conference on Knowledge-Based Intelligent Engineering Systems and Allied Technologies.

Proceedings (Cat. No. 00TH8516) (Vol. 1, pp. 249-252). IEEE.

Cuijpers, C. M. K. C., & Schroers, J. (2014). eIDAS as guideline for the development of a pan European eID framework in FutureID.

Der, U., Jähnichen, S., & Sürmeli, J. (2017). Self-sovereign identity $-$ opportunities and challenges for the digital revolution. arXiv preprint arXiv:1712.01767.

eIDAS supported self-sovereign identity. (2019, may). European Commission.

https://ec.europa.eu/futurium/en/system/files/ged/eidas_supported_ssi_may_2019_0.p df

Field, A. (2017) Discovering Statistics Using IBM SPSS Statistics. Sage publications, London, 5th edition, ISBN 9781526419521

Grech, A., Sood, I., & Ariño, L. (2021). Blockchain, Self-Sovereign Identity and Digital Credentials: Promise Versus Praxis in Education. Frontiers in Blockchain, 4, 7.

Heister, S., & Yuthas, K. (2020). The blockchain and how it can influence conceptions of the self. Technology in Society, 60, 101218.

(32)

32

Hirsch, D. D. (2014). The glass house effect: Big data, the new oil, and the power of analogy. Maine Law Review, 66(2), 373-396.

Hühnlein, D. (2014). Towards eIDAS as a Service. In ISSE 2014 Securing Electronic Business Processes (pp. 241-248). Springer Vieweg, Wiesbaden.

Komal Gilani, Emmanuel Bertin, Julien Hatin, Noel Crespi. A survey on blockchain-based identity management and decentralized privacy for personal data. BRAIN 2020: 2nd conference on Blockchain Research & Applications for Innovative Networks and Services, Sep 2020, Paris, France. pp.97-101, 110.1109/BRAINS49436.2020.9223312

Kondova, G., and Erbguth, J. 2020. Self-Sovereign Identity on Public Blockchains and the GDPR. In Proceedings of ACM SAC Conference, Brno, Czech Republic, March 30- April 3, 2020 (SAC’20), 4 pages. DOI: 10.1145/3341105.3374066

Kruskal, W. H., & Wallis, W. A. (1953). Errata: Use of ranks in one-criterion variance analysis. Journal of the American statistical Association, 48(264), 907-911.

López, M. A. (2019). SELF-SOVEREIGN IDENTITY-The Future of Identity: Self- Sovereignity, Digital Wallets, and Blockchain. Materials Today: Proceedings.

Mühle, A., Grüner, A., Gayvoronskaya, T., & Meinel, C. (2018). A survey on essential components of a self-sovereign identity. Computer Science Review, 30, 80-86.

(33)

33

Nakamoto, S. (2008). Bitcoin whitepaper. URL: https://bitcoin. org/bitcoin. pdf-(Дата обращения: 17.07. 2019).

Nofer, M., Gomber, P., Hinz, O., & Schiereck, D. (2017). Blockchain. Business &

Information Systems Engineering, 59(3), 183-187.

Pohlmann, N., Sparenberg, M., Siromaschenko, I., & Kilden, K. (2014). Secure

Communication and Digital Sovereignty in Europe. In ISSE 2014 Securing Electronic Business Processes (pp. 155-169). Springer Vieweg, Wiesbaden.

Seifert, R. (2020). Digital identities–self-sovereignty and blockchain are the keys to success. Network Security, 2020(11), 17-19.

Suciu, G., Suciu, V., Martian, A., Craciunescu, R., Vulpe, A., Marcu, I., ... & Fratu, O.

(2015). Big data, internet of things and cloud convergence–an architecture for secure e-health applications. Journal of medical systems, 39(11), 1-8.

Tobin, A., & Reed, D. (2016). The inevitable rise of self-sovereign identity. The Sovrin Foundation, 29(2016).

Van Bokkem, D., Hageman, R., Koning, G., Nguyen, L., & Zarin, N. (2019). Self-sovereign identity solutions: The necessity of blockchain technology. arXiv preprint

arXiv:1904.12816.

(34)

34

Zheng, Z., Xie, S., Dai, H. N., Chen, X., & Wang, H. (2018). Blockchain challenges and opportunities: A survey. International Journal of Web and Grid Services, 14(4), 352- 375.

(35)

35

8. Appendix

Figure 1. Survey on the adoption of SSI using Blockchain technology

Case Processing Summary

N %

Cases Valid 108 99,1

Excludeda 1 ,9

Total 109 100,0

a. Listwise deletion based on all variables in the procedure.

Figure 2. Summary number of cases

Reliability Statistics

Cronbach's Alpha

Cronbach's Alpha Based on

Standardized

Items N of Items

,904 ,905 3

Figure 3. Cronbach’s alpha for reliability

(36)

36 Tests of Normality

Kolmogorov-Smirnova Shapiro-Wilk

Statistic df Sig. Statistic df Sig.

Mean_Security ,109 108 ,003 ,937 108 ,000

Mean_Controllability ,091 108 ,028 ,957 108 ,001

Mean_Portability ,144 108 ,000 ,907 108 ,000

a. Lilliefors Significance Correction

Figure 4. Tests for normal distribution

Figure 5. Distribution of Security

(37)

37 Figure 6. Distribution of controllability

Figure 7. Distribution of portability

(38)

38 Figure 8. Descriptive statistics of the independent variables

Figure 9. Kruskal-Wallis test and post hoc Dunn test with a Bonferroni correction

Figure 10. Box plot of Kruskal-Wallis test

(39)

39 Figure 11. Model summary of IV Security

Figure 12. Model summary of IV Controllability

Figure 13. Model summary of IV Portability

Figure 14. Model summary of all three IV’s combined

(40)

40

Figure 15. Correlation between all independent variables and the dependent variable

Figure 16. P-P plot effect visualization

Figure 17. B Coefficient table

Figure

Updating...

References

Related subjects :