摘要
异构跨域身份认证是对不同体制信任域内的节点进行身份确认和安全信息交互的技术,现有的认证方案主要存在单点攻击风险和认证复杂等问题。为此,设计了主从区块链身份认证模型和匹配使用的分层拜占庭容错算法,通过主从链分步、分阶段共识,减少了共识参与节点数量,并将PKI体制与CL-PKC体制的特有功能节点与主从链节点相对应,在不改变原有信任域节点功能的前提下,使用区块链证书的哈希值高效传递信任,优化了认证流程,实现了双向异构跨域身份认证。最后通过仿真实验验证以及安全性和性能分析,表明该方案与相关方案对比,在实现安全通信的同时,提高了共识效率和容错性,降低了认证过程的通信开销。
Heterogeneous cross-domain identity authentication is a technology that performs identity confirmation and security information exchange for nodes in different institutional trust domains.The existing authentication schemes mainly have issues such as single-point attack risk,complex authentication.This paper designs a master-slave blockchain identity authentication model and a hierarchical Byzantine fault-tolerant algorithm for matching.Through the step-by-step and phase-by-phase consensus of the master-slave chain,the number of nodes participating in the consensus is reduced.The unique function nodes of the PKI system and the CL-PKC system correspond to the master-slave chain nodes.On the premise of not changing the function of the original trusted domain node,the hash value of the blockchain certificate is used to efficiently transmit trust,and the authentication is optimized.The process realizes two-way heterogeneous cross domain identity authentication.In the end,through the simulation experiment and the analysis of security and perfor-mance,the result shows that compared the mentioned scheme with others,consensus efficiency and fault tolerance are improved,and communication overhead is reduced while ensuring secure communication.
作者
赵平
王赜
李芳
孙士民
ZHAO Ping;WANG Ze;LI Fang;SUN Shimin(School of Computer Science and Technology,Tiangong University,Tianjin 300384,China)
出处
《计算机工程与应用》
CSCD
北大核心
2022年第22期79-88,共10页
Computer Engineering and Applications
基金
国家自然科学基金(61702366,61802281)
天津市重点项目基金(15ZXHLGX003901)
天津市自然科学基金(19JCYBJC15800)。
