网络与信息安全学报 (Apr 2024)
Blockchain-based cross-data center anonymous and verifiable identity authentication scheme
Abstract
With the progression of big data and cloud computing technologies, there has been an escalating trend in cross-institutional data sharing and interaction within the financial sector. However, the frequent occurrence of privacy breaches poses significant challenges to ensuring data security protection. This necessitates the elevation of requirements for identity authentication across data centers and other technologies related to data security management. The traditional centralized identity authentication schemes are inherently flawed in security and scalability, which hampers their ability to meet the demands of high-frequency cross-center data sharing applications. The blockchain technology has emerged as a potential solution, offering exceptional characteristics such as a distributed nature, tamper-proof properties, traceability, and the ability to achieve multi-party consensus. In practical application scenarios, it is essential to not only protect the privacy of user identities but also to effectively regulate anonymous identities. An anonymous and supervisable cross-data center identity authentication scheme based on blockchain was proposed. This scheme did not necessitate alterations to the original architecture of each data center. Instead, a distributed multi-center consortium blockchain was formed by leveraging more than one server from each data center to establish a data center union. Blockchain technology was utilized to ensure the transparency and reliability of the identity authentication process. Additionally, attribute signatures were employed to safeguard user identity privacy while simultaneously creating an identity mapping table that facilitated the tracking of real user identities. Consequently, the scheme was designed to protect user privacy during cross-data center identity authentication and to enable effective supervision over anonymous identities. A thorough security analysis and the results of experiments demonstrate that the proposed scheme possesses the following attributes: it does not require users to re-register, it exhibits characteristics of unforgeability and traceability, and it is capable of withstanding various network attacks, including replay attacks, denial of service attacks, tampering attacks, and man-in-the-middle attacks.
