网络与信息安全学报 (Jun 2022)
Cross-domain authentication scheme based on consortium blockchain
Abstract
To solve the security problems of traditional cross-domain authentication schemes, such as single point of failure and excessive dependence on third parties, a cross-domain authentication scheme was proposed which combines IBC and consortium blockchain.The consortium blockchain was introduced into the cross-domain authentication scene by designing the layered cross-domain authentication architecture including entity layer, proxy layer, blockchain layer and storage layer.In the storage layer, abstract data format was designed and stored in the chain, and the complete data corresponding to the abstract data was stored in the interplanetary file system under the chain.This safe and reliable on-chain distributed storage scheme solved the limitation problem of on-chain storage caused by introduction of blockchain.Besides, an identity management scheme based on permanent autonomy identity and temporary identity was proposed to solve the challenges that it is difficult to cancel identity and to supervise anonymous identity after combining IBC system.On this basis, complete cross-domain full authentication, re-authentication and key negotiation protocols were designed to implement the cross-domain authentication process.In terms of security, SVO logic was used to analyze the authentication protocol, and the security of the cross-domain authentication protocol was proved.The performance of calculation overhead, communication overhead and consortium blockchain were tested and analyzed by simulation.Analysis results showed that the protocol satisfies the security requirements and has improved calculation overhead performance on both server and client sides, comparing with other related works.In terms of communication overhead, it also has better performance.The query/write latency was tested by the consortium blockchain tool, and the results showed that the scheme has good usability.