Edge agents - mitigating problems with compromised devices


#1

I posed this question on the telegram channel and @phil suggested I ask here to document the question for others.

Question: From what I understand about edge agents, it seems like fairly serious problems could arise if the device holding the agent were to be compromised; are there mechanisms already established for mitigating this? Would it just be a key rotation?
Or am I missing something altogether?

Thanks for your input!


#2

Yes there are mechanisms we are planning to do. We have implemented a prototype that works in this way. An edge agent is authorized by the owner. This authorization is manifested by an accumulator and some other non correlating data on the ledger. When the agent goes to present a proof to a relying party, the agent also proves authorization in zero knowledge using the accumulator on the ledger. This accumulator is a controlled by the ledger so no identity owner can write to it directly. I will leave out all the details but can speak to you directly if you want more information. An identity owner can also revoke this authorization from the agent in the case of device retirement, loss, or compromise. This control can be centralized or diffused depending on the owner’s preference. Agent authorization proofs will fail for revoked devices so relying parties can detect malicious activity. Hope this helps to answer your question.


#3

The mechanism Mike describes is explored in detail in at least the following two places:


The second resource is more detailed and includes many key management issues, not just recovery.