As digitalization has progressed and the spread of the internet has grown, the individual's digital identity has become increasingly fragmented in the world of the web. Sensitive data has been widely shared, and control over them has become increasingly fragile and precarious. Users are now victims of hackers and other users who daily target valuable data for malicious purposes, and the fact that this data is now scattered across the web makes this data theft easier. Recently, even advertising has become a warning sign of further loss of control over shared data online, proposing personalized ads using data obtained from data providers such as Google or social networks. This is how the need to give users back the control that has been taken away from them since the birth of the internet has arisen and is developing more and more. For this reason, a new user-centric model of digital identity management, Self-Sovereign Identity, has been introduced. The purpose of Self-Sovereign Identity is to decentralize data and give each individual user the ability to share only the data they deem necessary in order to guarantee them greater control over their digital identity and thus also reduce the risk of being a victim of data leaks to which the databases, both physical and non-physical, of data providers or other third-party sites to which users rely in order to access content that requires registration with them, can be subject. This thesis aims to explore the concept of Self-Sovereign Identity, to discuss the pillars underlying the functioning of this paradigm, and to apply these concepts in a use case in the medical field, specifically in the management of health data that are part of the user's medical history and in their controlled sharing. It will focus on some aspects such as the storage of data in a encrypted database, the security of them, dealing with the aspect of authentication and the components of Self-Sovereign Identity, explaining for each of them their functioning and their role within the system so that it is GDPR compliant. Finally, some considerations will be made on the pros and cons of using this paradigm in this use case, paying attention to blockchain and some characteristics such as scalability, costs and the environmental impact of the solution described in this paper.
Con il progredire della digitalizzazione e la crescente diffusione di internet, l’identità digitale del singolo è stata sempre più frammentata nel mondo del web, i dati sensibili sono stati largamente condivisi e il controllo su di essi è diventato sempre più fragile e precario. L’utente è ora vittima di hackers e altri utenti che mirano quotidianamente ai dati preziosi con fini malevoli e il fatto che questi siano ormai sparsi per il web rende questo furto di dati più semplice. Recentemente anche gli annunci pubblicitari sono diventati monito di un’ulteriore perdita di controllo sui dati condivisi in rete, proponendo annunci personalizzati per mezzo di dati ottenuti ad esempio da data providers come google o i social networks. È così che nel corso degli anni è nata e si sta sviluppando sempre più la necessità di ridare all’utente il controllo che sin dalla nascita di internet gli era stato sottratto, motivo per il quale è stato introdotto un nuovo modello user centric di gestione dell’identità digitale, il SelfSovereignIdentity il cui scopo è quello di decentralizzare i dati e di fornire al singolo utente la capacità di condividere solo i dati che egli riterrà necessario al fine di garantirgli un maggior controllo sulla propria identità digitale e di ridurre così anche il rischio di essere vittima dei data leaks a cui possono essere soggetti i database sia fisici che non dei data providers o di altri siti terzi ai quali gli utenti si affidano per poter usufruire di contenuti che richiedono una registrazione presso di essi. Questa tesi si propone come obiettivo quello di approfondire il concetto di Self sovereign identity, di parlare dei pilastri alla base del funzionamento di tale paradigma e di applicare tali concetti in un caso d’uso nel campo medico, in particolare nella gestione dei dati sanitari facenti parte della storia clinica dell’utente e nella loro condivisione controllata. Ci si concentrerà su alcuni aspetti quali la conservazione dei dati in un database criptato, la sicurezza di essi trattando l’aspetto dell’autenticazione e i componenti della self sovereign identity, spiegando per ognuno di essi il proprio funzionamento e il loro ruolo all’interno del sistema affinchè sia GDPR compliant. Infine, si faranno delle considerazioni sui pro e i contro dell’impiego di tale paradigma in questo usecase ponendo attenzione alla blockchain e ad alcune caratteristiche quali la scalabilità, i costi e l’impatto ecologico della soluzione descritta in questo elaborato.
Sanità e Self Sovereign Identity
SPAZIANI, ALBERTO
2023/2024
Abstract
As digitalization has progressed and the spread of the internet has grown, the individual's digital identity has become increasingly fragmented in the world of the web. Sensitive data has been widely shared, and control over them has become increasingly fragile and precarious. Users are now victims of hackers and other users who daily target valuable data for malicious purposes, and the fact that this data is now scattered across the web makes this data theft easier. Recently, even advertising has become a warning sign of further loss of control over shared data online, proposing personalized ads using data obtained from data providers such as Google or social networks. This is how the need to give users back the control that has been taken away from them since the birth of the internet has arisen and is developing more and more. For this reason, a new user-centric model of digital identity management, Self-Sovereign Identity, has been introduced. The purpose of Self-Sovereign Identity is to decentralize data and give each individual user the ability to share only the data they deem necessary in order to guarantee them greater control over their digital identity and thus also reduce the risk of being a victim of data leaks to which the databases, both physical and non-physical, of data providers or other third-party sites to which users rely in order to access content that requires registration with them, can be subject. This thesis aims to explore the concept of Self-Sovereign Identity, to discuss the pillars underlying the functioning of this paradigm, and to apply these concepts in a use case in the medical field, specifically in the management of health data that are part of the user's medical history and in their controlled sharing. It will focus on some aspects such as the storage of data in a encrypted database, the security of them, dealing with the aspect of authentication and the components of Self-Sovereign Identity, explaining for each of them their functioning and their role within the system so that it is GDPR compliant. Finally, some considerations will be made on the pros and cons of using this paradigm in this use case, paying attention to blockchain and some characteristics such as scalability, costs and the environmental impact of the solution described in this paper.| File | Dimensione | Formato | |
|---|---|---|---|
|
Spaziani_Alberto.pdf
accesso aperto
Dimensione
3.97 MB
Formato
Adobe PDF
|
3.97 MB | Adobe PDF | Visualizza/Apri |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/62803