3 Stages of a Pan-African Identity Framework for Establishing Self-Sovereign Identity With Blockchain

The African continent (specifically its overwhelming in(animate) resources) is often referred to as the sleeping giant by magazines, blogs, research presentations and articles, and NGOs [such as World Bank]. Reasons for this moniker/title include the continent’s plentiful natural resources, its large and quickly growing young population, and the young population’s quick adoption and acclimatization to technology. Most countries on the continent are known as developing countries due to lack of access to safe drinking water, reliable electricity and roads, sanitation and hygiene, and a high number of people with tropical/infectious diseases. However, due to the usefulness of cellular phones and technology, several countries and companies within them have focused on cell phone proliferation (91% in Kenya). Smart phone usage allows Kenyans access to the world’s information and potentially endless innovation. Given that a large number of Kenyans with smartphones use social media, coupled with the advent of Europe’s GDPR (general data protection regulation), African identity and its associated data became an area of great interest. As the world is quickly progressing into a digital economy, a solution must be created that allows us to regain and control our identities, doing our best to ensure losing such is infinitely close to computationally and probabilistically impossible/improbable. Developing a blockchain-based identity backbone using biometrics and historical family information while allowing government-based identification documents is the best way forward. Three stages have been identified as necessities to accomplish the development of this system before opening it further beyond the pan-African worldwide community. The three stages are defined by systems that allow for biometric/demographic registration (stage 1), interoperability and security hardening (stage 2), and biometric modality data analysis/organization/association (stage 3).

Securely Sharing Randomized Code that Flies

Address Space Layout Randomization (ASLR) was a great role model being a light-weight defense technique that could prevent early return-oriented programming attacks. Simple yet effective, ASLR was quickly widely-adopted. Conversely, today only a trickle of defense techniques are being integrated or adopted mainstream. As code reuse attacks have evolved, defenses have strived to keep up. To do so, many have had to take unfavorable tradeoffs like using background threads or protecting only a subset of sensitive code. In reality, these tradeoffs were unavoidable steps necessary to improve the strength of the state-of-the-art. We present Goose, an on-demand system-wide runtime re-randomization technique capable of scalable protection of application as well as shared library code most defenses have forgone. We achieve code sharing with diversification by implementing reactive and scalable, rather than continuous or one-time diversification. Enabling code sharing further removes redundant computation like tracking, patching, along with memory overheads required by prior randomization techniques. In its baseline state, the code transformations needed for Goose security hardening incur a reasonable performance overhead of 5.5% on SPEC and minimal degradation of 4.4% in NGINX, demonstrating its applicability to both compute-intensive and scalable real-world applications. Even when under attack, Goose only adds from less than 1% up to 15% depending on application complexity.