网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (4): 37-44.doi: 10.11959/j.issn.2096-109x.2020042

• 专栏:基于区块链的多方可信协作应用探索 • 上一篇    

基于改进PBFT算法的PKI跨域认证方案

钱思杰1,陈立全2,3(),王诗卉2   

  1. 1 东南大学信息科学与工程学院,江苏 南京 210096
    2 东南大学网络空间安全学院,江苏 南京 210096
    3 紫金山实验室,江苏 南京 211100
  • 修回日期:2019-12-19 出版日期:2020-08-01 发布日期:2020-08-13
  • 作者简介:钱思杰(1995– ),男,浙江嵊州人,东南大学硕士生,主要研究方向为区块链和公钥密码学|陈立全(1976– ),男,广西玉林人,博士,东南大学教授、博士生导师,主要研究方向为信息系统安全、移动安全、区块链安全|王诗卉(1995– ),女,江苏如皋人,东南大学硕士生,主要研究方向为隐私保护和密码学
  • 基金资助:
    国家自然科学基金(61571110)

PKI cross-domain authentication scheme based on advanced PBFT algorithm

Sijie QIAN1,Liquan CHEN2,3(),Shihui WANG2   

  1. 1 School of Information Science and Engineering,Southeast University,Nanjing 210096,China
    2 School of Cyber Science and Engineering,Southeast University,Nanjing 210096,China
    3 Purple Mountain Laboratories,Nanjing 211100,China
  • Revised:2019-12-19 Online:2020-08-01 Published:2020-08-13
  • Supported by:
    The National Natural Science Foundation of China(61571110)

摘要:

为解决现有公钥基础设施跨域认证方案的效率问题,利用具有分布式和不易被篡改优点的区块链技术,提出基于联盟区块链的跨域认证方案。一方面,该方案对联盟链在传统实用拜占庭共识算法(PBFT)的基础上加入了节点动态增减功能;改进了主节点选举方式;将三阶段广播缩减为两阶段广播,减少了通信开销。另一方面,该方案设计了联盟链跨域认证协议,给出了区块链证书格式,描述了跨域认证协议,并进行了安全和效率分析。分析表明,在安全方面,该方案具有抵抗分布式攻击等安全属性;在效率方面,与已有跨域认证方案相比,该方案在计算开销上、通信开销上都有优势。

关键词: 跨域认证, 区块链, 拜占庭容错算法, 公钥基础设施

Abstract:

In order to solve the efficiency problem of the existing public key infrastructure cross-domain authentication scheme,a cross-domain authentication model based on the consortium blockchain which has the advantages of distributed and difficult to be tamperd with was proposed.On the one hand,the dynamic join and exit function was added to the practical Byzantine fault tolerant (PBFT) algorithm,the primary node election mode was improved,and the three-stage broadcast was reduced to two-stage broadcast for the reducation of communication overhead.On the other hand,the cross-domain authentication system architecture based on consortium chain was designed,the blockchain certificate format and the cross-domain authentication protocol were presented,the security and efficiency were analyzed.The results shows that in term of security,the proposed model has security attributes such as resisting distributed attacks.In terms of performance,the proposed model has advantages in both computational overhead and communication overhead when it was compared with the existing cross-domain authentication schemes.

Key words: cross-domain authentication, blockchain, Byzantine fault tolerant algorithm, public key infrastructure

中图分类号: 

No Suggested Reading articles found!