摘要
针对现有交互频繁的信息服务信任域(PKI域和IBC域)之间不能实现信息服务实体(ISE)安全高效的跨域认证的问题,提出一种基于区块链的跨异构域认证方案.在IBC域设置区块链域代理服务器参与SM9(国产标识密码)算法中密钥生成,并与PKI域区块链证书服务器等构成联盟链模型,利用区块链技术去中心化信任、数据不易篡改等优点保证模型内第三方服务器的可信性.基于此设计了跨域认证协议与重认证协议,并进行SOV逻辑证明.分析表明,与目前相关方案相比,协议在满足安全需求的前提下,降低了用户终端的计算量、通信量和存储负担,简化了重认证过程,实现域间安全通信,在信息服务跨异构域身份认证过程中具有良好的实用性.
Existing information service entities(ISE)in various domains(PKI domain and IBC domain)interact more frequent.To solve the obstacle to the development of services caused by unsafe and inefficient cross-domain authentication,a novel blockchain-based cross-domain authentication scheme is proposed.A blockchain domain agent server is set in IBC to participate in SM9 key generation and build up the consortium blockchain model along with the blockchain certificate server(PKI).Based on the high credible model with the advantages of blockchain technology,a cross-domain authentication protocol and re-authentication protocol are proposed,and are proved by SOV logic.Compared with the related schemes,our scheme reduces the computation and communication on user side and simplifies the heavy authentication process.Therefore,the scheme has good practicability in domain authentication.
作者
马晓婷
马文平
刘小雪
MA Xiao-ting;MA Wen-ping;LIU Xiao-xue(State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an,Shaanxi 710071,China)
出处
《电子学报》
EI
CAS
CSCD
北大核心
2018年第11期2571-2579,共9页
Acta Electronica Sinica
基金
国家自然科学基金(No.61373171)
高等学校创新引智计划项目(No.B08038)
国家重点研发计划重点专项(No.2017YFB0802400)。
关键词
跨域认证
区块链
SM9算法
信息服务
across domains authenticated
blockchain
SM9
information services