Self-Sovereign Identity Empowered Automated Teller Machines

To withdraw cash or make a payment, customers can use their bank's interactive Automated Teller Machines (ATMs), debit card, or credit card systems. With these advances, customers no longer have to physically visit a bank to withdraw funds or make a payment. However, there are available vulnerabilities in the structure of current ATMs that put customer funds at risk and open the door to fraud such as various card frauds, skimming devices, shoulder surfing and so on. In recent years, a variety of approaches and suggestions have been proposed to address and eventually eliminate the problem of ATM fraud. In this article, we propose a novel ATM system based on Self-sovereign Identity (SSI) for conducting different types of monetary activities. The proposed system bolsters the security of ATM transactions in multiple ways, hence eliminating the above-mentioned frauds. Our proposed system also introduces a delegated transaction mechanism that allows one user to share credentials in a secure way to another user so as to enable the second user to use those credentials to perform monetary operations at an ATM without even having a registered account in the respective bank. In this article, we present the architecture of the proposed system which is based on a threat model and requirement analysis, discuss the respective protocol flows of several use-cases and analyse its performance. In addition, we examine the usability of the system using the Cognitive Walkthrough approach and formally analyse the security of the protocols using ProVerif, a state-of-the-art security verification protocol.