摘要
SM9是国内商用密码体系的重要组成部分,它是基于标识的密码体制,可以避免PKI系统中复杂的证书管理难题,为物联网安全应用提供了新的解决方案。但SM9需要可信第三方KGC为用户生成和管理密钥,密钥更新极为不便。为了解决SM9密钥更新的难题,文章利用区块链技术,提出一种去中心化的身份认证及密钥管理方案。在该方案中,用户仅需要首次由IGC(Identity Generator Center)为其生成身份标识符和密钥,随后用户可以自动对密钥更新,在此过程中身份标识符作为公钥保持不变,仅对私钥和参数更新,以便于身份认证。文章重新定义了交易的数据结构,并且更新过程以交易的形式记录在区块链上,通过区块链数据的不可篡改性保证了其真实可信。文章的研究为去中心化的物联网应用场景下身份认证及密钥管理提供了新的解决方案。
SM9 is an important part of China's commercial cryptosystem.It is an identity-based cryptosystem,which can avoid complex certificate management problems in PKI(Public Key Infrastructure)systems and provide a new solution for IoT security applications.However,SM9 requires a trusted third party KGC(Key Generator Center)to generate and manage keys for users,which is extremely inconvenient to update.In order to solve the problem of SM9 key update,this paper proposes a decentralized identity authentication and key management scheme by using blockchain technology.In this scheme,the user only needs to generate the identity identifier and key for the first time by the IGC(Identity Generator Center),and then the user can automatically update the key,in the process,the identity identifier remains unchanged as the public key,only Update private keys and parameters for identity authentication.This paper redefines the data struc-ture of the transaction,and the update process is recorded in the blockchain in the form of transactions,which guaran-tees its authenticity through the irreversible modification of the blockchain data.The research in this paper provides a new solution for identity authentication and key management in the decentralized IoT application scenario.
作者
姚英英
常晓林
甄平
Yao Yingying;Chang Xiaolin;Zhen Ping(Beijing Key Laboratory of Security and Privacy in Intelligent Transportation,Beijing Jiaotong University,Beijing 100044;State Grid Electronic Commerce Co.,Ltd.(State Grid Xiong'an Financial Technology Group Co.,Ltd.),Beijing 100053)
出处
《网络空间安全》
2019年第6期33-39,共7页
Cyberspace Security
基金
中央高校基本科研业务费专项资金资助(项目编号:2018YJS023)
关键词
去中心化
身份认证
密钥管理
SM9
区块链
decentralization
identity authentication
key management
SM9
blockchain
