基于区块链技术的高效跨域认证方案

doi:10.11772/j.issn.1001-9081.2017082170

计算机应用 ›› 2018, Vol. 38 ›› Issue (2): 316-320.DOI: 10.11772/j.issn.1001-9081.2017082170

基于区块链技术的高效跨域认证方案

周致成, 李立新, 李作辉

信息工程大学, 郑州 450001

收稿日期:2017-08-21 修回日期:2017-09-12 出版日期:2018-02-10 发布日期:2018-02-10
通讯作者: 李立新
作者简介:周致成(1992-),男,河南郑州人,硕士研究生,主要研究方向:信息安全、区块链;李立新(1967-),男,重庆人,研究员,博士,主要研究方向:网络与信息安全;李作辉(1981-),男,湖南衡阳人,副研究员,博士,主要研究方向:公钥密码、网络安全。
基金资助:
信息工程大学科研基金资助项目（2016609903）。

Efficient cross-domain authentication scheme based on blockchain technology

ZHOU Zhicheng, LI Lixin, LI Zuohui

Information Engineering University, Zhengzhou Henan 450001, China

Received:2017-08-21 Revised:2017-09-12 Online:2018-02-10 Published:2018-02-10
Supported by:
This work is partially supported by the Information Engineering University Research Fund (2016609903).

摘要/Abstract

摘要： 为解决现有公钥基础设施（PKI）跨域认证方案的效率问题，利用具有分布式多中心、集体维护和不易篡改优点的区块链技术，提出基于区块链技术的高效跨域认证方案，设计了区块链证书授权中心（BCCA）的信任模型和系统架构，给出了区块链证书格式，描述了用户跨域认证协议，并进行了安全性和效率分析。结果表明，在安全性方面，该方案具有双向实体认证等安全属性；在效率方面，与已有跨域认证方案相比，利用区块链不可篡改机制，使用哈希算法验证证书，能减少公钥算法签名与验证的次数、提升跨域认证效率。

关键词: 跨域认证, 区块链, 授权中心, 公钥基础设施, 数字证书, 数字签名

Abstract: To solve the efficiency problem of the existing Public Key Infrastructure (PKI) cross-domain authentication scheme, by using blockchain technology with the advantages of distributed multi-center, collective maintenance and not being easy to tamper, an effective cross-domain authentication scheme was proposed, including BlockChain Certificate Authority (BCCA) trust model and system architecture, blockchain certificate format and user cross-domain authentication protocol, as well as the security and efficiency. The results show that in terms of security, the scheme has security attributes such as mutual entity authentication; in terms of efficiency, compared with the existing cross-domain authentication scheme, by taking advantage of blockchain mechanism such as not being easy to tamper, and hash algorithm, the number of signature and verification of public key algorithm is reduced, which enhances the efficiency of cross-domain authentication.

Key words: cross-domain authentication, blockchain, Certificate Authority (CA), Public Key Infrastructure (PKI), digital certificate, digital signature

中图分类号:

周致成, 李立新, 李作辉. 基于区块链技术的高效跨域认证方案[J]. 计算机应用, 2018, 38(2): 316-320.

ZHOU Zhicheng, LI Lixin, LI Zuohui. Efficient cross-domain authentication scheme based on blockchain technology[J]. Journal of Computer Applications, 2018, 38(2): 316-320.

参考文献

[1] 荆继武,林璟锵,冯登国.PKI技术[M].北京:科学出版社,2008:6. (JING J W, LIN J Q, FENG D G. PKI Technology[M]. Beijing:Science Press, 2008:6.)
[2] 关振胜.公钥基础设施PKI及其应用[M].北京:电子工业出版社,2008:14-16. (GUAN Z S. Public Key Infrastructure PKI and Its Application[J]. Beijing:Publishing House of Electronics Industry, 2008:14-16.)
[3] 路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582. (LU X M, FENG D G. An identity-based authentication model for multi-domain grids[J]. Acta Electronica Sinica, 2006, 34(4):577-582.)
[4] BUTLER R, WELCH V, ENGERT D, et al. A national-scale authentication infrastructure[J]. IEEE Computer, 2000, 33(12):60-66.
[5] ROUIBAH K, OULD-ALI S. Dynamic data sharing and security in a collaborative product definition management system[J]. Robotics and Computer-Integrated Manufacturing, 2007, 23(2):217-233.
[6] MILLÁN G L, PÉREZ M G, PÉREZ G M, et al. PKI-based trust management in inter-domain scenarios[J]. Computers & Security, 2010, 29(2):278-290.
[7] 张文芳,王小敏,郭伟,等.基于椭圆曲线密码体制的高效虚拟企业跨域认证方案[J].电子学报,2014,42(6):1095-1102. (ZHANG W F, WANG X M, GUO W, et al. An efficient inter-enterprise authentication scheme for VE based on the elliptic curve cryptosystem[J]. Acta Electronica Sinica, 2014, 42(6):1095-1102.)
[8] 彭华熹.一种基于身份的多信任域认证模型[J].计算机学报,2006,29(8):1271-1281. (PENG H X. An identity-based authentication model for multi-domain[J]. Chinese Journal of Computers, 2006, 29(8):1271-1281.)
[9] 罗长远,霍士伟,邢洪智.普适环境中基于身份的跨域认证方案[J]. 通信学报,2011,32(9):111-115. (LUO C Y, HUO S W, XING H Z. Identity-based cross-domain authentication scheme in pervasive computing environments[J]. Journal on Communications, 2011, 32(9):111-115.)
[10] LI Y, CHEN W, CAI Z, et al. CAKA:a novel certificateless-based cross-domain authenticated key agreement protocol for wireless mesh networks[J]. Wireless Networks, 2016, 22(8):2523-2535.
[11] NAKAMOTO S. Bitcoin:a peer-to-peer electronic cash system[EB/OL].[2017-03-22]. http://tmtfree.hd.free.fr/albums/files/TMTisFree/Documents/Economy/Bitcoin.%20A%20Peer-to-Peer%20Electronic%20Cash%20System.pdf.
[12] 工信部.中国区块链技术和应用发展白皮书[R]. 北京:工信部,2016:23. (Ministry of Industry and Information Technology. White paper for Chinese blockchain technology and application development[R]. Beijing:Ministry of Industry and Information Technology. White paper, 2016:23.)
[13] FROMKNECHT C, VELICANU D, YAKOUBOV S. CertCoin:a namecoin based decentralized authentication system[R/OL]. (2014-05-14)[2017-05-08]. http://courses.csail.mit.edu/6.857/2014/files/19-fromknecht-velicann-yakoubov-certcoin.pdf
[14] AXON L. Privacy-awareness in blockchain-based PKI, CDT technical paper series 21/15[R/OL].[2017-05-08]. https://ora.ox.ac.uk/objects/uuid:f8377b69-599b-4cae-8df0-f0cded53e63b.
[15] LEWISON K, CORELLA F. Backing rich credentials with a blockchain PKI[EB/OL].[2017-04-12]. https://pomcor.com/techreports/BlockchainPKI.pdf.
[16] 袁勇,王飞跃.区块链技术发展现状与展望[J].自动化学报,2016,42(4):481-494. (YUAN Y, WANG F Y. Blockchain:the state of the art and future trends[J]. Acta Automatica Sinica, 2016, 42(4):481-494.)
[17] 蔡维德,郁莲,王荣,等.基于区块链的应用系统开发方法研究[J].软件学报,2017,28(6):1474-1487. (CAI W D, YU L, WANG R, et al. Blockchain application development techniques[J]. Journal of Software, 2017, 28(6):1474-1487.)

基于区块链技术的高效跨域认证方案

Efficient cross-domain authentication scheme based on blockchain technology

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	葛纪红, 沈韬. 基于区块链的能源数据访问控制方法[J]. 计算机应用, 2021, 41(9): 2615-2622.
[2]	申玉民, 王金龙, 胡殿凯, 刘星宇. 基于区块链的建筑信息模型图纸多人协同创作系统[J]. 计算机应用, 2021, 41(8): 2338-2345.
[3]	杨龙海, 王学渊, 蒋和松. 改进SM2签名方法的区块链数字签名方案[J]. 计算机应用, 2021, 41(7): 1983-1988.
[4]	陈葳葳, 曹利, 顾翔. 基于区块链的车联网电子取证模型[J]. 计算机应用, 2021, 41(7): 1989-1995.
[5]	卿欣艺, 陈玉玲, 周正强, 涂园超, 李涛. 基于中国剩余定理的区块链存储扩展模型[J]. 计算机应用, 2021, 41(7): 1977-1982.
[6]	谷正川, 郭渊博, 方晨. 基于代理重加密的消息队列遥测传输协议端到端安全解决方案[J]. 计算机应用, 2021, 41(5): 1378-1385.
[7]	田志宏, 赵金东. 面向物联网的区块链共识机制综述[J]. 计算机应用, 2021, 41(4): 917-929.
[8]	张学旺, 殷梓杰, 冯家琦, 叶财金, 付康. 基于区块链与可信计算的数据交易方案[J]. 计算机应用, 2021, 41(4): 939-944.
[9]	张国潮, 唐华云, 陈建海, 沈睿, 何钦铭, 黄步添. 基于区块链的数字音乐版权管理系统[J]. 计算机应用, 2021, 41(4): 945-955.
[10]	刘宏宇, 梁秀波, 吴俊涵. 基于Kubernetes的Fabric链码管理及高可用技术[J]. 计算机应用, 2021, 41(4): 956-962.
[11]	李蓓, 张问银, 王九如, 赵伟, 王海峰. 基于区块链的密封式投标拍卖方案[J]. 计算机应用, 2021, 41(4): 999-1004.
[12]	刘宇, 朱朝阳, 李金泽, 劳源基, 覃团发. 检测型的联盟区块链共识算法d-PBFT[J]. 计算机应用, 2021, 41(3): 756-762.
[13]	高昊昱, 李雷孝, 林浩, 李杰, 邓丹, 李少旭. 区块链在数据完整性保护领域的研究与应用进展[J]. 计算机应用, 2021, 41(3): 745-755.
[14]	罗长银, 陈学斌, 马春地, 王君宇. 面向区块链的在线联邦增量学习算法[J]. 计算机应用, 2021, 41(2): 363-371.
[15]	庞晓琼, 杨婷, 陈文俊, 王云婷, 刘天野. 区块链环境下基于秘密共享的数字权限管理方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3257-3265.