基于联盟链的跨域认证方案

doi:10.11959/j.issn.2096-109x.2022036

Abstract

Abstract:

To solve the security problems of traditional cross-domain authentication schemes, such as single point of failure and excessive dependence on third parties, a cross-domain authentication scheme was proposed which combines IBC and consortium blockchain.The consortium blockchain was introduced into the cross-domain authentication scene by designing the layered cross-domain authentication architecture including entity layer, proxy layer, blockchain layer and storage layer.In the storage layer, abstract data format was designed and stored in the chain, and the complete data corresponding to the abstract data was stored in the interplanetary file system under the chain.This safe and reliable on-chain distributed storage scheme solved the limitation problem of on-chain storage caused by introduction of blockchain.Besides, an identity management scheme based on permanent autonomy identity and temporary identity was proposed to solve the challenges that it is difficult to cancel identity and to supervise anonymous identity after combining IBC system.On this basis, complete cross-domain full authentication, re-authentication and key negotiation protocols were designed to implement the cross-domain authentication process.In terms of security, SVO logic was used to analyze the authentication protocol, and the security of the cross-domain authentication protocol was proved.The performance of calculation overhead, communication overhead and consortium blockchain were tested and analyzed by simulation.Analysis results showed that the protocol satisfies the security requirements and has improved calculation overhead performance on both server and client sides, comparing with other related works.In terms of communication overhead, it also has better performance.The query/write latency was tested by the consortium blockchain tool, and the results showed that the scheme has good usability.

Key words: cross-domain authentication, consortium blockchain, identity-based cryptography, identity management

CLC Number:

TP393

Jianlin NIU, Zhiyu REN, Xuehui DU. Cross-domain authentication scheme based on consortium blockchain[J]. Chinese Journal of Network and Information Security, 2022, 8(3): 123-133.

Figures/Tables 10

References 19

[1]	HOUSLEY R , POLK W , FORD W ,et al. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) Profile:RFC3280[EB].
[2]	ELLISON C , SCHNEIER B . Ten risks of PKI:what you’re not being told about public key infrastructure[J]. Computer Security Journal, 2000,16(1): 1-7.
[3]	MATSUMOTO S , REISCHUK R M . IKP:turning a PKI around with decentralized automated incentives[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). 2017: 410-426.
[4]	ANDROULAKI E , BARGER A , BORTNIKOV V ,et al. Hyperledger fabric:a distributed operating system for permissioned blockchains[C]// Proceedings of Proceedings of the Thirteenth EuroSys Conference. 2018.
[5]	ZHANG Y H , DENG R H , BERTINO E ,et al. Robust and universal seamless handover authentication in 5G HetNets[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(2): 858-874.
[6]	SHAMIR A . Identity-based cryptosystems and signature schemes[M]// Advances in Cryptology. Berlin Heidelberg: Springer, 1985: 47-53.
[7]	BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing[M]// Advances in Cryptology—CRYPTO 2001. Berlin Heidelberg: Springer, 2001: 213-229.
[8]	彭华熹 . 一种基于身份的多信任域认证模型[J]. 计算机学报, 2006,29(8): 1271-1281.
	PENG H X . An identity-based authentication model for multi-domain[J]. Chinese Journal of Computers, 2006,29(8): 1271-1281.
[9]	BELLARE M , NAMPREMPRE C , NEVEN G . Security proofs for identity-based identification and signature schemes[M]// Advances in Cryptology - EUROCRYPT 2004. Berlin Heidelberg: Springer, 2004: 268-286.
[10]	罗长远, 霍士伟, 邢洪智 . 普适环境中基于身份的跨域认证方案[J]. 通信学报, 2011,32(9): 111-115,122.
	LUO C Y , HUO S W , XING H Z . Identity-based cross-domain authentication scheme in pervasive computing environments[J]. Journal on Communications, 2011,32(9): 111-115,122.
[11]	YUAN C , ZHANG W F , WANG X M . EIMAKP:heterogeneous cross-domain authenticated key agreement protocols in the EIM system[J]. Arabian Journal for Science and Engineering, 2017,42(8): 3275-3287.
[12]	周致成, 李立新, 李作辉 . 基于区块链技术的高效跨域认证方案[J]. 计算机应用, 2018,38(2): 316-320,326.
	ZHOU Z C , LI L X , LI Z H . Efficient cross-domain authentication scheme based on blockchain technology[J]. Journal of Computer Applications, 2018,38(2): 316-320,326.
[13]	马晓婷, 马文平, 刘小雪 . 基于区块链技术的跨域认证方案[J]. 电子学报, 2018,46(11): 2571-2579.
	MA X T , MA W P , LIU X X . A cross domain authentication scheme based on blockchain technology[J]. Acta Electronica Sinica, 2018,46(11): 2571-2579.
[14]	SHEN M , LIU H S , ZHU L H ,et al. Blockchain-assisted secure device authentication for cross-domain industrial IoT[J]. IEEE Journal on Selected Areas in Communications, 2020,38(5): 942-954.
[15]	蔡振华, 林嘉韵, 刘芳 . 区块链存储：技术与挑战[J]. 网络与信息安全学报, 2020,6(5): 11-20.
	CAI Z H , LIN J Y , LIU F . Blockchain storage:technologies and challenges[J]. Chinese Journal of Network and Information Security, 2020,6(5): 11-20.
[16]	BENET J . IPFS-content addressed,versioned,P2P file system[EB].
[17]	赖英旭, 刘岩, 刘静 . 一种网络间可信连接协议[J]. 软件学报, 2019,30(12): 3730-3749.
	LAI Y X , LIU Y , LIU J . Trusted connection protocol between networks[J]. Journal of Software, 2019,30(12): 3730-3749.
[18]	韩继红, 郭渊博, 王亚弟 . 安全协议形式化分析方法[J]. 信息工程大学学报, 2008,9(3): 272-276.
	HAN J H , GUO Y B , WANG Y D . On methods and techniques for formal analysis of security protocols[J]. Journal of Information Engineering University, 2008,9(3): 272-276.
[19]	KILINC H H , YANIK T . A survey of SIP authentication and key agreement schemes[J]. IEEE Communications Surveys ＆ Tutorials, 2014,16(2): 1005-1023.

Metrics

Recommended 0

No Suggested Reading articles found!

实体	临时身份获取	跨域认证	密钥协商	总耗时/ms
U_A	PE+AS	PE	RNG+PM	14.315
KGC_A	/	IBS	/	23.866
HAS	AS+PE+AV	/	/	7.893
BAS_A	AS+AV	/	/	4.043
SP_B	/	/	RNG+PM	2.765
FAS	/	AS+IBV+H	/	9.724
BAS_B	/	AS	/	4.043

方案		计算负载	耗时/ms
文献[10]方案	用户端	3PM	6.678
	服务端	4AS+4AV+2PE+2PD+3PM	38.248
文献[12]方案	用户端	2AS	7.7
	服务端	4AS+4AV+2H	41.006
文献[13]方案	用户端	PE	3.85
	服务端	2IBS+3AS+5PE+3AV+5PD+4PM+2Hn	93.03
本文方案	用户端	PE	3.85
	服务端	PE+IBS+2AS+AV+IBV+Hn	37.63

Cross-domain authentication scheme based on consortium blockchain

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 19

Related Articles 4

Metrics

Recommended 0

[1]	Yueyang YE, Xinglan ZHANG. Research on anonymous identity authentication technology in Fabric [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 134-140.
[2]	Sijie QIAN,Liquan CHEN,Shihui WANG. PKI cross-domain authentication scheme based on advanced PBFT algorithm [J]. Chinese Journal of Network and Information Security, 2020, 6(4): 37-44.
[3]	Jin LI,Songqi WU,Senlin ZHANG,Yueming LU. Trusted storage mechanism of distributed electric energy data based on blockchain [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 87-95.
[4]	Yongshan DING,Lixin LI,Zuohui LI. Certificate-based cross-domain authentication scheme with anonymity [J]. Chinese Journal of Network and Information Security, 2018, 4(5): 32-38.