基于区块链技术的跨域认证方案

doi:10.3969/j.issn.0372-2112.2018.11.002

摘要
图/表
参考文献(0)
相关文章 (7)

全文: PDF (1587 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要针对现有交互频繁的信息服务信任域（PKI域和IBC域）之间不能实现信息服务实体（ISE）安全高效的跨域认证的问题，提出一种基于区块链的跨异构域认证方案.在IBC域设置区块链域代理服务器参与SM9（国产标识密码）算法中密钥生成，并与PKI域区块链证书服务器等构成联盟链模型，利用区块链技术去中心化信任、数据不易篡改等优点保证模型内第三方服务器的可信性.基于此设计了跨域认证协议与重认证协议，并进行SOV逻辑证明.分析表明，与目前相关方案相比，协议在满足安全需求的前提下，降低了用户终端的计算量、通信量和存储负担，简化了重认证过程，实现域间安全通信，在信息服务跨异构域身份认证过程中具有良好的实用性.

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	马晓婷
	马文平
	刘小雪

关键词 ：跨域认证, 区块链, SM9算法, 信息服务

Abstract：Existing information service entities (ISE) in various domains (PKI domain and IBC domain) interact more frequent.To solve the obstacle to the development of services caused by unsafe and inefficient cross-domain authentication,a novel blockchain-based cross-domain authentication scheme is proposed.A blockchain domain agent server is set in IBC to participate in SM9 key generation and build up the consortium blockchain model along with the blockchain certificate server (PKI).Based on the high credible model with the advantages of blockchain technology,a cross-domain authentication protocol and re-authentication protocol are proposed,and are proved by SOV logic.Compared with the related schemes,our scheme reduces the computation and communication on user side and simplifies the heavy authentication process.Therefore,the scheme has good practicability in domain authentication.

Key words： across domains authenticated blockchain SM9 information services

收稿日期: 2018-01-29 出版日期: 2018-07-24

ZTFLH:

TP309

基金资助:国家自然科学基金（No.61373171）；高等学校创新引智计划项目（No.B08038）；国家重点研发计划重点专项（No.2017YFB0802400）

作者简介: 马晓婷 女,1992年出生与河北张家口,硕士研究生,研究方向为信息安全、密码学.E-mail:Ma_xting@163.com;马文平 男,1966年出生,陕西西安人,韩国全州全北国立大学的博士后研究员,研究方向为通信理论、纠错码和信息安全等.

引用本文:

马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案[J]. 电子学报, 2018, 46(11): 2571-2579. MA Xiao-ting, MA Wen-ping, LIU Xiao-xue. A Cross Domain Authentication Scheme Based on Blockchain Technology. Acta Electronica Sinica, 2018, 46(11): 2571-2579.

链接本文:

http://www.ejournal.org.cn/CN/10.3969/j.issn.0372-2112.2018.11.002 或 http://www.ejournal.org.cn/CN/Y2018/V46/I11/2571

[1] R Housley,W Ford,et al.IETF RFC2459.Internet X.509 public key infrastructure:certificate and CRL profile[S].Jan.1999.
[2] A Shamir.Identity-based cryptosystems and signature schemes[J].Advances in cryptology (Santa Barbara,Calif),1984,21(2):47-53.
[3] G Lopze Millan,M Gil Perze,et al.PKI-based trust management in inter-domain scenarios[J].Computers and Security,2010,29:278-290.
[4] 张文芳,汪小敏,等.基于椭圆曲线密码体制的高效虚拟企业跨域认证方案[J].电子学报,2014,42(6):1095-1120. Zhang W F,Wang X M,et al.An efficient inter-enterprise authentication scheme for VE based on the elliptic curve cryptosystem[J].Acta Electronica Sinica,2014,42(6):1095-1102.(in Chinese)
[5] 路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):579-582. Lu Xiao-ming,Feng Deng-guo.An identity-based authentication model for multi-domain grids[J].Acta Electronica Sinica,2006,34(4):579-582.(in Chinese)
[6] 杨斌,陈国庆,孙永红.一种新的基于身份的多信任域认证模型研究[J].计算机安全,2010,8:15-18. Yang B,Chen G Q,Sun Y H.Research on a new identity-based authentication model for multi-domains[J].Computer Security,2010,8:15-18.(in Chinese)
[7] 杨斌.IBC和PKI组合应用研究[D].郑州:解放军信息工程大学,2009. Yang B.Research on the combination of identity-based cryptographic techniques and public key infrastructure[D].Zhengzhou:PLA Information Engineering University,2009.(in Chinese)
[8] Yuan C,Zhang W F,et al.EIMAKP:Heterogeneous cross-domain authenticated key agreement protocols in the EIM system[J].Arabian Journal for Science and Engineering,2017,42(8):3275-3287.
[9] 蔡维德,郁莲,等.基于区块链的应用系统开发方法研究[J].软件学报,2017,28(6):1474-1487. Tsai W T,Yu L,et al.Blockchain application development techniques[J].Journal of Software,2017,28(6):1474-1487.(in Chinese)
[10] L Axon.Privacy-awareness in blockchain-based PKI[J].Oxford University Research Archive,2015.
[11] K Lewison,F Corella.Backing rich credentials with a blockchain PKI[R].Tech Rep,2016.
[12] 周致成,李立新,李作辉.基于区块链技术的高效跨域认证方案[J].计算机应用,2018,38(2):316-320. Zhou Z C,Li L X,Li Z H.Efficient cross domain authentication scheme based on blockchain technology[J].Journal of Computer Applications,2018,38(2):316-320.(in Chinese)
[13] 袁峰.SM9标识密码算法综述[J].信息安全研究,2016,2(11):1008-1027. Yuan F.Overview on SM9 identity-based cryptographic algorithm[J].Information Security Research,2016,2(11):1008-1027.(in Chinese).
[14] Kosba A,Miller A,et al.Hawk:the blockchain model of cryptography and privacy-preserving smart contracts[A].IEEE Symposium on Security and Privacy (SP)[C].2016,San Jose,CA,USA:IEEE Press,2016.839-858.
[15] 袁勇,王飞跃.区块链技术发展现状与展望.自动化学报[J].2016,42(4):481-494. Yuan Y,Wang F Y,Blockchain:The state of the art and future trends[J].Acta Automatica Sinica,2016,42(4):481-494.(in Chinese)
[16] 王远敏.基于SVO逻辑的多方不可否认协议的形式化分析与研究[D].贵州大学,2009. Wang Y M.The application study on formalism of multi-party non-repudiation protocols on SOV logic[D].Guizhou University,2009.(in Chinese)
[17] 田有亮,彭长根,马建峰等.安全协议的博弈论机制[J].计算机研究与发展,2014,51(2):344-352 Tian Y L,Peng C G,Ma J F,et al.Game-Theoretic Mechanism for Cryptographic Protocol[J].Journal of Computer Research and Development 2014,51(2):344-352.(in Chinese)
[18] H Kilinc,T Yanik.A survey of SIP authentication and key agreement schemes[J].Communications Surveys\& Tutorials,IEEE,2014,16(2),1005-1023.