Research On Cross-domain Identity Authentication Scheme Based On Blockchain

Public key infrastructure(PKI)is a key technology to guarantee secure network connection and ensure online identity authenticity.With the continuous development of the Internet,identity authentication is no longer limited to a single information service entity domain,and the demand for cross-domain identity authentication is increasing in various industries.The existing PKI cross-domain authentication model has problems such as complex cross-domain trust model,excessive CA rights,prone to single point of failure,and inefficient cross-domain authentication,which cannot meet the demand for cross-service platform and cross-trust domain authentication.Blockchain technology has the advantages of being open and transparent,less prone to tampering and decentralization,which can well compensate for the shortcomings of PKI in cross-domain identity authentication.Blockchain can enhance traditional PKI in two ways.firstly,blockchain can simplify the process of establishing cross-domain trust between different domain entities.Secondly,blockchain acts as a public ledger for recording certificate operations to support public and verifiable searches.In this thesis,blockchain technology is applied to PKI to design and implement a cross-domain authentication scheme based on blockchain that and the research includes the following three points:(1)A blockchain-based alliance cross-domain trust model(BACTM)is constructed to simplify the cross-domain authentication process.After an in-depth study of the structural features of blockchain technology,this thesis selects the federated chain as the basis,and proposes a cross-domain trust model based on the federated chain that is as compatible as possible with the PKI system on the basis of a detailed analysis of the PKI/CA cross-domain trust model.To address the problem of long cross-domain authentication paths between different information service entity domains,the model sets different entity domain root CAs as nodes of the blockchain and establishes trust through P2 P networks,consensus mechanisms and tamper-evident federation chain ledgers,reducing the complexity of cross-domain identity authentication.For the security problem of CA,a single CA within the model cannot operate the certificate to avoid single point of failure,and the audit mechanism for CA is designed to enhance the security and trustworthiness of PKI.For the difficult problem of digital certificate management and maintenance,the model designs a lightweight blockchain certificate based on X.509 certificate and elaborates its life cycle,and the blockchain certificate has more advantages in information service trust and scenarios compared with X.509 certificate.(2)On the basis of BACTM,a cross-domain authentication protocol based on cuckoo filter optimization is proposed to address the inefficiency of certificate finding and the deficiencies in certificate revocation in the model.A double cuckoo filter(DCF)data structure is designed in the protocol,and the cuckoo filter is used to store the certificate fingerprint,replacing the query method of traversing the data in the chain with confirming whether the element is in the filter and improving the query efficiency.In response to the shortcoming that the revocation operation of invalid certificates in BACTM only writes the additional status of the certificate in the block,and a large number of invalid certificates still need to be stored in the blockchain to increase the storage pressure,the protocol supports the operation of removing the fingerprint of invalid certificates in the cuckoo filter,and uses the invalid certificate cuckoo filter to record the fingerprint of invalid certificates to provide fast query of the revoked certificates.The protocol conducts experiments in three aspects,namely the false alarm rate of DCF,the average time consumed for certificate query and the level of certificate storage,and analyzes and compares with Bc RCACDAM in literature [34] and BCTR in literature [37].This protocol can improve the certificate lookup performance,optimize the certificate revocation problem and relieve the storage pressure of the federated chain.(3)Based on the research of the above key technologies,a blockchain-based cross-domain authentication scheme is designed and implemented using Hyperledger Fabric.The scheme gives a specific process for establishing a federated chain network,configuring and deploying smart contracts and implementing cross-domain identity authentication.Finally,the security and complexity analyses show that this solution has security and efficiency advantages over existing blockchain-based cross-domain authentication solutions.