Digital identity management is undergoing a paradigm shift, moving from centralized and federated models toward the Self-Sovereign Identity (SSI) model. This paper reviews the application of the SSI paradigm to healthcare, focusing on a security analysis conducted via the S.T.R.I.D.E. methodology on a proposed system architecture designed to bridge legacy medical databases with user-controlled SSI. The case study applies STRIDE to a core scenario where a Healthcare Practitioner accesses a patient’s records using a patient-issued Verifiable Claim (VC). An analysis of 44 relevant threats identified Denial of Service (DoS), Spoofing, and Information Disclosure as the most critical ones specific to the SSI environment. DoS is exacerbated by the non-recoverability of DIDs, while Information Disclosure risks VCs being intercepted, leading to compliance violations. Conversely, Repudiation threats are significantly mitigated because all VCs and actions are cryptographically signed. Furthermore, a feasibility check addressed potential performance bottlenecks for using blockchain as the Immutable Storage, concluding that Layer 2 blockchain solutions are necessary to handle the high transaction volumes of major centralized healthcare systems. The study concludes that standardized security analysis methodologies are vital for the wider, trusted adoption of SSI.
Butakov et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: