基于改进PBFT算法的PKI跨域认证方案

doi:10.11959/j.issn.2096-109x.2020042

Abstract

Abstract:

In order to solve the efficiency problem of the existing public key infrastructure cross-domain authentication scheme,a cross-domain authentication model based on the consortium blockchain which has the advantages of distributed and difficult to be tamperd with was proposed.On the one hand,the dynamic join and exit function was added to the practical Byzantine fault tolerant (PBFT) algorithm,the primary node election mode was improved,and the three-stage broadcast was reduced to two-stage broadcast for the reducation of communication overhead.On the other hand,the cross-domain authentication system architecture based on consortium chain was designed,the blockchain certificate format and the cross-domain authentication protocol were presented,the security and efficiency were analyzed.The results shows that in term of security,the proposed model has security attributes such as resisting distributed attacks.In terms of performance,the proposed model has advantages in both computational overhead and communication overhead when it was compared with the existing cross-domain authentication schemes.

Key words: cross-domain authentication, blockchain, Byzantine fault tolerant algorithm, public key infrastructure

CLC Number:

TP309

Sijie QIAN,Liquan CHEN,Shihui WANG. PKI cross-domain authentication scheme based on advanced PBFT algorithm[J]. Chinese Journal of Network and Information Security, 2020, 6(4): 37-44.

Figures/Tables 6

符号	含义
A→B:m	A向B发送消息m
C_X	X域客户端
S_X	X域服务器
Cert_X	X域非根CA的公钥证书
${Sign}_{{sk}_{X}} (m)$	X域客户端对消息m的私钥签名
RCA_X	X域的根CA服务器
${BcCert}_{{RCA}_{X}}$	X域的根CA的区块链证书
PP	联盟链代理节点
CP	联盟链共识节点

References 20

[1]	郭锐 . 匿名通信系统流量伪装技术研究[D]. 北京:北京邮电大学, 2018.
	GUO R . Traffic camouflaging in anonymous communication system[D]. Beijing:Beijing University of Posts and Telecommunications, 2018.
[2]	张琰, 王瑾璠, 齐竹云 ,等. 基于动态累加器的去中心化加密搜索方案[J]. 网络与信息安全学报, 2019,5(2): 23-29.
	ZHANG Y , WANG J F , QI Z Y ,et al. Decentralized searchable en cryption scheme based on dynamic accumulator[J]. Chinese Journal of Network and Information Security, 2019,5(2): 23-29.
[3]	VACCA J R . Computer and information security handbook[M]. Boston: ElsevierPress, 2009.
[4]	彭博, 刘进, 龚智 ,等. 一种树型桥CA跨域信任传递方案研究[J]. 舰船电子工程, 2017,37(3): 66-69,113.
	PENG B , LIU J , GONG Z ,et al. Cross-domain trust model based on bridge CA[J]. Ship Electronic Engineering, 2017,37(3): 66-69,113.
[5]	PERLMAN R . An overview of PKI trust model[J]. IEEE Network, 1999,13(6): 38-43.
[6]	ROUIBAH K , OULD-ALI S . Dynamic data sharing and security in a collaborative product definition management system[J]. Robotics and Computer Integrated Manufacturing, 2006,23(2).
[7]	杨斌, 陈国庆, 孙永红 . 一种新的基于身份的多信任域认证方案研究[J]. 计算机安全, 2010(8): 15-18.
	YANG B , CHEN G Q , SUN Y H . Research of a new identity-based authentication model for multi-domain[J]. Computer Security, 2010(8): 15-18.
[8]	CHAN Y Y , FLEISSNER S , LIU J K ,et al. Single sign-on and key establishment for ubiquitous smart environments[C]// International Conference on Computational Science and Its Applications. Berlin:Springer, 2006: 406-415.
[9]	戴千一, 徐开勇, 郭松 ,等. 分布式网络环境下基于区块链的密钥管理方案[J]. 网络与信息安全学报, 2018,4(9): 23-35.
	DAI Q Y , XUN K Y , GUO S ,et al. Blockchain-based key management scheme for distributed networks[J]. Chinese Journal of Network and Information Security, 2018,4(9): 23-35.
[10]	刘亚辉 . 基于区块链的可信电子券系统的设计与实现[D]. 北京:北京邮电大学, 2018.
	LIU Y H . Design and implementation of trusted electronic coupons system based on block-chain[D]. Beijing:Beijing University of Posts and Telecommunications, 2018.
[11]	SUN Y , YU Y , LI X ,et al. Batch verifiable computation with public verifiability for outsourcing polynomials and matrix computations[C]// Australasian Conference on Information Security and Privacy. 2016: 293-309.
[12]	GARG S , GENTRY C , HALEVI S . Candidate multilinear maps from ideal lattices[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2013: 1-17.
[13]	BONEH D , GOH E J , NISSIM K . Evaluating 2-DNF formulas on ciphertexts[C]// Theory of Cryptography Conference. 2005: 325-341.
[14]	LAMPORT S , PEASE M . The byzantine generals problem[M]. IEEE Computer Society Press, 1995.
[15]	王娜 . 无线传感网节点信任检测量化方案与方法研究[D]. 上海:华东师范大学, 2015.
	WANG N . Research on quantitative trust detecting method and model for nodes in WSNs[D]. Shanghai:East China Normal University, 2015.
[16]	CASTRO M , LISKOV B . Practical Byzantine fault tolerance and proactive recovery[J]. ACM Transactions on Computer Systems (TOCS), 2002,20(4): 398-461.
[17]	沈鑫, 裴庆祺, 刘雪峰 . 区块链技术综述[J]. 网络与信息安全学报, 2016,2(11): 11-20.
	SHEN X , PEI Q Q , LIU X F . Survey of block chain[J]. Chinese Journal of Network and Information Security, 2016,2(11): 11-20.
[18]	蔡维德, 郁莲, 王荣 ,等. 基于区块链的应用系统开发方法研究[J]. 软件学报, 2017,28(6): 1474-1487.
	CAI W D , YU L , WANG R ,et al. Blockchain application development techniques[J]. Journal of Software, 2017,28(6): 1474-1487.
[19]	张文芳, 王小敏, 郭伟 ,等. 基于椭圆曲线密码体制的高效虚拟企业跨域认证方案[J]. 电子学报, 2014,42(6): 1095-1102.
	ZHANG W F , WANG X M , GUO W ,et al. An efficient inter-enterprise authentication scheme for VE based on the elliptic curve cryptosystem[J]. Acta Electronica Sinica, 2014,42(6): 1095-1102.
[20]	罗长远, 霍士伟, 邢洪智 . 普适环境中基于身份的跨域认证方案[J]. 通信学报, 2011,32(9): 111-115,122.
	LUO C Y , HUO S W , XING H Z . Identity-based cross-domain authentication scheme in pervasive computing environments[J]. Journal on Communications, 2011,32(9): 111-115,122.

Metrics

Recommended 0

No Suggested Reading articles found!

方案	共识阶段	共识阶段（视图切换）
PBFT	2n(n-1)	2n(n-1)+pn(n-1)
APBFT	n (n-1)	n(n-1)+p(3n ²-4n+1)

方案	公钥加解密次数	数字签名验证次数	哈希运算次数
文献[19]	0	12	4
文献[20]	2	4	10
本文	0	4	2

PKI cross-domain authentication scheme based on advanced PBFT algorithm

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 20

Related Articles 15

Metrics

Recommended 0

[1]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[2]	Heli WANG, Qiao YAN. Selfish mining detection scheme based on the characters of transactions [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 104-114.
[3]	Beiyuan YU, Shanyao REN, Jianwei LIU. Overview of blockchain assets theft attacks and defense technology [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 1-17.
[4]	Fei TANG, Ning GAN, Xianggui YANG, Jinyang WANG. Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 9-19.
[5]	Dan LIN, Kaixin LIN, Jiajing WU, Zibin ZHENG. Bytecode-based approach for Ethereum smart contract classification [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 111-120.
[6]	Liquan CHEN, Xiao LI, Zheyi YANG, Sijie QIAN. Blockchain-based high transparent PKI authentication protocol [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 1-11.
[7]	Wenbo ZHANG, Simin CHEN, Lifei WEI, Wei SONG, Dongmei HUANG. State-of-the-art survey of smart contract verification based on formal methods [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 12-28.
[8]	Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44.
[9]	Xiaoling SONG, Yong LIU, Jingnan DONG, Yongfei HUANG. Application and prospect of blockchain in Metaverse [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 45-65.
[10]	Lin JIN, Youliang TIAN. Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 66-76.
[11]	Pengkun JIANG, Wenyin ZHANG, Jiuru WANG, Shanyun HUANG, Wanshui SONG. Blockchain covert communication scheme based on the cover of normal transactions [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 77-86.
[12]	Jianlin NIU, Zhiyu REN, Xuehui DU. Cross-domain authentication scheme based on consortium blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 123-133.
[13]	Baoqin ZHAI, Jian WANG, Lei HAN, Jiqiang LIU, Jiahao HE, Tianhao LIU. Hierarchical proxy consensus optimization for IoV based on blockchain and trust value [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 142-153.
[14]	Jiaren YU, Youliang TIAN, Hui LIN. Design of miner type identification mechanism based on reputation management model [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 128-138.
[15]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.