Master-Slave Blockchain Fault-Tolerant Heterogeneous Cross-Domain Identity Authentication Scheme

doi:10.3778/j.issn.1002-8331.2109-0300

Abstract

Abstract: Heterogeneous cross-domain identity authentication is a technology that performs identity confirmation and security information exchange for nodes in different institutional trust domains. The existing authentication schemes mainly have issues such as single-point attack risk, complex authentication. This paper designs a master-slave blockchain identity authentication model and a hierarchical Byzantine fault-tolerant algorithm for matching. Through the step-by-step and phase-by-phase consensus of the master-slave chain, the number of nodes participating in the consensus is reduced. The unique function nodes of the PKI system and the CL-PKC system correspond to the master-slave chain nodes. On the premise of not changing the function of the original trusted domain node, the hash value of the blockchain certificate is used to efficiently transmit trust, and the authentication is optimized. The process realizes two-way heterogeneous cross-domain identity authentication. In the end, through the simulation experiment and the analysis of security and performance, the result shows that compared the mentioned scheme with others, consensus efficiency and fault tolerance are improved, and communication overhead is reduced while ensuring secure communication.

Key words: blockchain, fault-tolerant algorithm, cross-domain authentication, AVISPA tool

摘要： 异构跨域身份认证是对不同体制信任域内的节点进行身份确认和安全信息交互的技术，现有的认证方案主要存在单点攻击风险和认证复杂等问题。为此，设计了主从区块链身份认证模型和匹配使用的分层拜占庭容错算法，通过主从链分步、分阶段共识，减少了共识参与节点数量，并将PKI体制与CL-PKC体制的特有功能节点与主从链节点相对应，在不改变原有信任域节点功能的前提下，使用区块链证书的哈希值高效传递信任，优化了认证流程，实现了双向异构跨域身份认证。最后通过仿真实验验证以及安全性和性能分析，表明该方案与相关方案对比，在实现安全通信的同时，提高了共识效率和容错性，降低了认证过程的通信开销。

关键词: 区块链, 容错算法, 跨域身份认证, AVISPA工具

ZHAO Ping, WANG Ze, LI Fang, SUN Shimin. Master-Slave Blockchain Fault-Tolerant Heterogeneous Cross-Domain Identity Authentication Scheme[J]. Computer Engineering and Applications, 2022, 58(22): 79-88.

赵平, 王赜, 李芳, 孙士民. 主从区块链容错异构跨域身份认证方案[J]. 计算机工程与应用, 2022, 58(22): 79-88.

References

[1] 张佳乐，赵彦超，陈兵，等.边缘计算数据安全与隐私保护研究综述[J].通信学报，2018，39（3）：1-21.
ZHANG J L，ZHAO Y C，CHEN B，et al.Servey on data security and privacy-preserving for the research of edge computing[J].Journal on Communications，2018，39（3）：1-21.
[2] 林璟锵，荆继武，张琼露，等.PKI技术的近年研究综述[J].密码学报，2015，2（6）：487-496.
LIN J Q，JING J W，ZHANG Q L，et al.Recent advances in PKI technologies[J].Journal of Cryptologic Research，2015，2（6）：487-496.
[3] LI G，WANG Y，ZHANG B，et al.Smart contract-based cross-domain authentication and key agreement system for heterogeneous wireless networks[J].Mobile Information Systems，2020（29）：1-16.
[4] SHAMIR A.Identity-based cryptosystems and signature schemes[C]//Workshop on the Theory and Application of Cryptographic Techniques.Berlin，Heidelberg：Springer，1984：47-53.
[5] AL-RIYAMI S S，PATERSON K G.Certificateless public key cryptography[C]//9th International Conference on the Theory and Application of Cryptology and Information Security.Berlin，Heidelberg：Springer，2003：452-437.
[6] 杨小东，安发英，杨平，等.云环境下基于代理重签名的跨域身份认证方案[J].计算机学报，2019，42（4）：756-771.
YANG X D，AN F Y，YANG P，et al.Cross-domain authentication scheme based on proxy re-signature in cloud environment[J].Chinese Journal of Computers，2019，42（4）：756-771.
[7] YUAN C，ZHANG W，WANG X.EIMAKP：heterogeneous cross-domain authenticated key agreement protocols in the EIM system[J].Arabian Journal for Science and Engineering，2017，42（8）：3275-3287.
[8] LV Y，LIU W，WANG Z，et al.Heterogeneous cross-domain identity authentication scheme based on proxy resignature in cloud environment[J].Mathematical Problems in Engineering，2020（6）：1-12.
[9] 江泽涛，徐娟娟.云环境下基于代理盲签名的高效异构跨域认证方案[J].计算机科学，2020，47（11）：68-75.
JIANG Z T，XU J J.Efficient heterogeneous cross-domain authentication scheme based on proxy blind signature in cloud environment[J].Computer Science，2020，47（11）：68-75.
[10] WANG X，GAO F，ZHANG J，et al.Cross-domain authentication mechanism for power terminals based on blockchain and credibility evaluation[C]//2020 5th International Conference on Computer and Communication Systems，2020：936-940.
[11] SHEN M，LIU H，ZHU L，et al.Blockchain-assisted secure device authentication for cross-domain industrial IoT[J].IEEE Journal on Selected Areas in Communications，2020，38（5）：942-954.
[12] 魏松杰，李莎莎，王佳贺.基于身份密码系统和区块链的跨域认证协议[J].计算机学报，2021，44（5）：908-920.
WEI S J，LI S S，WANG J H.A cross-domain authentication protocol by identity-based cryptography on consortium blockchain[J].Chinese Journal of Computers，2021，44（5）：908-920.
[13] 周致成，李立新，李作辉，等.基于区块链技术的高效跨域认证方案[J].计算机应用，2018，38（2）：316-320.
ZHOU Z C，LI L X，LI Z H.Efficient cross-domain authentication scheme based on blockchain technology[J].Journal of Computer Applications，2018，38（2）：316-320.
[14] 马晓婷，马文平，刘小雪.基于区块链技术的跨域认证方案[J].电子学报，2018，46（11）：2571-2579.
MA X T，MA W P，LIU X X.A cross domain authentication scheme based on blockchain technology[J].Acta Electronica Sinica，2018，46（11）：2571-2579.
[15] 翁启.一种基于区块链的数字身份认证方案[D].西安：西安电子科技大学，2019.
WENG Q.A blockchain-based digital identity authentication scheme[D].Xi’an：Xidian University，2019.
[16] HOEGLUND J，LINDEMER S，FURUHED M，et al.PKI4IoT：towards public key infrastructure for the Internet of things[J].Computers & Security，2020，89：101658.
[17] LIU J，LIU Y，LAI Y，et al.Cross-heterogeneous domain authentication scheme based on blockchain[J].Blockchain and Artificial Intelligence Applications 2021，1（2）：92-100.
[18] LI H，DAI Y，LING T，et al.Identity-based authentication for cloud computing[C]//2009 IEEE International Conference on Cloud Computing，2009：157-166.
[19] JIA X，HU N，SU S，et al.IRBA：an identity-based cross-domain authentication scheme for the Internet of things[J].Electronics，2020，9（4）：634.
[20] WANG W，NING H，XIN L.BlockCAM：a blockchain-based cross-domain authentication model[C]//2018 IEEE 3rd International Conference on Data Science in Cyberspace，2018.
[21] 田有亮，彭长根，马建峰，等.安全协议的博弈论机制[J].计算机研究与发展，2014，51（2）：344-352.
TIAN Y L，PENG C G，MA J F，et al.Game theoretic mechanism for cryptographic protocol[J].Journal of Computer Research and Development，2014，51（2）：344-352.
[22] 谭琛，陈美娟，AMUAH E A.基于区块链的分布式物联网设备身份认证机制研究[J].物联网学报，2020，4（2）：70-77.
TAN C，CHEN M J，AMUAH E A.Research on distri-
buted identity authentication mechanism of IoT device based on blockchain[J].Chinese Journal on Internet of Things，2020，4（2）：70-77.