计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (5): 337-344.doi: 10.11896/jsjkx.240100190

• 信息安全 • 上一篇    下一篇

基于区块链的物联网可追踪匿名跨域认证方案

汪秋丽1, 任志宇1, 吴翔宇1, 管秋国1, 王海超2   

  1. 1 信息工程大学密码工程学院 郑州 450001
    2 国家计算机网络应急技术处理协调中心江苏分中心 南京 210000
  • 收稿日期:2024-01-29 修回日期:2024-06-19 出版日期:2025-05-15 发布日期:2025-05-12
  • 通讯作者: 任志宇(ren_ktzy@163.com)
  • 作者简介:(1941124532@qq.com)
  • 基金资助:
    中原科技创新领军人才项目(224200510003)

Blockchain-based Internet of Things Traceable and Anonymous Cross-domain AuthenticationScheme

WANG Qiuli1, REN Zhiyu1, WU Xiangyu1, GUAN Qiuguo1, WANG Haichao2   

  1. 1 School of Cryptography Engineering,Information Engineering University,Zhengzhou 450001,China
    2 National Computer Network Emergency Response Technical Team/Coordination Center of Jiangsu,Nanjing 210000,China
  • Received:2024-01-29 Revised:2024-06-19 Online:2025-05-15 Published:2025-05-12
  • About author:
    WANG Qiuli,born in 2000,postgra-duate.Her main research interests include blockchain and identity authentication.
    REN Zhiyu,born in 1974,Ph.D,asso-ciate professor.Her main research in-terests include network and information security and so on.
  • Supported by:
    Zhongyuan Science and Technology Innovation Leading Talent Project(224200510003).

PDF (PC)

57

摘要: 随着物联网技术的广泛应用,跨域信息共享需求日益迫切,跨域身份认证方案是确保跨域安全协作的基础。基于设备真实身份实现跨域认证存在隐私泄露的风险,而匿名认证方案又存在难以追踪恶意设备的隐患。针对上述问题,基于区块链技术提出了可追踪匿名跨域认证方案。结合单向哈希链和无证书密码,为设备生成多个无关联的假名身份及对应的公私钥对,利用动态累加器计算变更后的域信息,每次跨域认证使用不同的假名,依据域信息与密钥生成中心颁发的跨域凭证进行身份认证,既保护了设备隐私,又可以恢复恶意设备的真实身份,对其追责。BAN逻辑正确性分析和形式化安全证明表明,所提方案具有较高的安全性;与其他方案相比,认证过程中的计算开销和通信开销较低。

关键词: 跨域认证, 可追踪性和匿名性, 单向哈希链, 动态累加器

Abstract: With the wide application of Internet of things technology,there is an increasing demand for cross-domain information sharing,and cross-domain authentication scheme is the foundation for ensuring cross-domain secure collaboration.Realizing cross-domain authentication based on the real identity of the device has the risk of privacy leakage,while the anonymous authentication scheme has the hidden danger of making it difficult to track malicious devices.To address the above problems,a traceable and anonymous cross-domain authentication scheme based on blockchain technology is proposed.Combining one-way hash chain and certificateless cryptography,multiple unrelated pseudonym identities and corresponding public-private key pairs are generated for the device.Dynamic accumulator is used to calculate the changed domain information.Different pseudonyms are used for each cross-domain authentication,and identity authentication is performed based on the domain information and the cross-domain credentials issued by the key generation center,which not only protects the privacy of the device,but also recovers the real identity of the malicious device and holds them accountable.BAN Logic Correctness analysis and formal security proofs show that the proposed scheme has high security.Compared with other schemes,the calculation cost and communication cost in authentication process are lower.

Key words: Cross-domain authentication, Traceability and anonymity, One-way hash chain, Dynamic accumulator

中图分类号: 

  • TP309
[1]NANDY T,IDRIS M Y I B,NOOR R M,et al.Review on securi-ty of internet of things authentication mechanism[J].IEEE Access,2019,7(99):1-36.
[2]CHOUHAN P K,MCCLEAN S,SHACKLETON M.Situation asses-sment to secure IoT applications[C]//2018 Fifth International Conference on Internet of Things:Systems,Management and Security.IEEE,2018:70-77.
[3]KANG J,YU R,HUANG X,et al.Privacy-preserved pseudonym scheme for fog computing supported internet of vehicles[J].IEEE Transactions on Intelligent Transportation Systems,2017,19(8):2627-2637.
[4]SINGH P,MASUD M,HOSSAIN M S,et al.Cross-domain secure data sharing using blockchain for industrial IoT[J].Journal of Parallel and Distributed Computing,2021,156(10):176-184.
[5]ZHANG S E,TIAN C W,LI B G.Review of identity authentication research based on blockchain technology[J].Computer Science,2023,50(5):329-347.
[6]CHENG G J,DENG S G,WEN Y Y,et al.Survey on blockchain based Internet of Things authentication mechanisms[J].Journal of Software,2023,34(3):1470-1490.
[7]YANG T,ZHANG G H,LIU L,et al.A survey on authentication protocols for Internet of Things[J].Journal of Cryptologic Research,2020,7(1):87-101.
[8]WEI S,WU X,ZHANG Z.Blockchain-based Cross-domainTrust Authentication Mechanism in Industrial Internet of Things[J].Journal of Chinese Computer Systems,2024,45(4):975-983.
[9]CHEN Y B,ZHONG C R,ZHOU C R,et al.Design of cross-domain authentication scheme based on medical consortium chain[J].Computer Science,2022,49(S1):537-543.
[10]ZHU H Y,ZHANG X Y,XING H L,et al.Lightweight terminal cross-domain authentication protocol in edge computing environment[J].Chinese Journal of Network and Information Security,2023,9(4):74-89.
[11]SHEN M,LIU H,ZHU L,et al.Blockchain-assisted secure device authentication for cross-domain industrial IoT[J].IEEE Journal on Selected Areas in Communications,2020,38(5):942-954.
[12]CUI J,LIU N,ZHANG Q,et al.Efficient andanonymous cross-domain authentication for IIoT based on blockchain[J].IEEE Transactions on Network Science and Engineering,2022,10(2):899-910.
[13]ZHANG Y,LI B,WU J,et al.Efficient andprivacy-preserving blockchain-based multifactor device authentication protocol for Cross-domain IIoT[J].IEEE Internet of Things Journal,2022,9(22):22501-22515.
[14]XUE L,HUANG H,XIAO F,et al.A cross-domain authentication scheme based on cooperative blockchains functioning with revocation for medical consortiums[J].IEEE Transactions on Network and Service Management,2022,19(3):2409-2420.
[15]LIU X J,ZHONG Q,XIA Y J.Efficient authentication scheme for cross-trust domain of loV based on double-layer shard blockchain[J].Journal on Communications,2023,44(5):213-223.
[16]FENG X,CUI K P,XIE Q Q,et al.Distributed Anonymous Authentication Scheme Based on the Blockchain in VANET[J].Journal on Communications,2022,43(9):134-147.
[17]LIU Y,WANG J,YAN Z,et al.A survey on blockchain-based trust management for Internet of Things[J].IEEE Internet of Things Journal,2023,10(7):5898-5922.
[18]YING B,NAYAK A.Anonymous and lightweight authentica-tion for secure vehicular networks[J].IEEE Transactions on Vehicular Technology,2017,66(12):10626-10636.
[19]XU Z,LIANG W,LI K C,et al.A Blockchain-based Roadside Unit-assisted Authentication and Key Agreement Protocol for Internet of Vehicles[J].Journal of Parallel and Distributed Computing,2021,149(3):29-39.
[20]XIE Q,WONG D S,WANG G,et al.Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model[J].IEEE Transactions on Information Forensics and Security,2017,12(6):1382-1392.
[21]FLAJOLET P,GARDY D,THIMONIER L.Birthday paradox,coupon collectors,caching algorithmsand self-organizing search[J].Discrete Applied Mathematics,1992,39(3):207-229.
[22]SEURIN Y.On the exact security of Schnorr-type signatures in the random oracle model[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2012:554-571.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发