一种基于区块链的身份鉴证与授权机制

doi:10.11896/jsjkx.220700158

摘要/Abstract

摘要： 身份信息滥用是社会顽疾问题。文中提出了一种基于区块链的身份鉴证与授权(Blockchain-based Identity Authentication and Authorization,BIAA) 机制,该机制要求用户主体在对业务进行身份授权时提供有效身份证件和生物特征信息,确保业务为本人授权;同时将业务信息及身份授权写入区块链账本,进一步实现业务的安全存证与可追溯。为构建该机制,提出了“身份注册-身份授权”星形多区块链架构,身份注册链采用可控联盟链方式,由身份管理权威机构对身份信息注册实施管理,并提供身份鉴证服务;身份授权链可由各行业在获得权威机构许可后构建,其提供的相应业务在身份鉴证确认后,与身份授权信息写入身份授权链。在技术实现上,设计了一个身份注册-鉴证-授权(Identity Register-Authenticate-Authorize,IRAA) 终端,将用户生物信息和身份证件信息读取后利用哈希运算转化为密文,确保用户明文信息不上线;设计了身份鉴证协议,实现身份鉴证链为各身份授权链提供身份鉴证服务,协议过程以密文形式进行;设计了身份授权通用智能合约,实现对应用业务的身份授权管理与存证。最后利用二代身份证和指静脉纹作为身份信息构建了原型系统,验证了BIAA机制的安全性、可行性与有效性,为解决身份信息滥用问题提供有价值的参考。

关键词: 身份信息安全, 身份鉴证, 身份授权, 区块链, 智能合约

Abstract: The abuse of people’s identity information is a serious problem in nowadays society.In this paper,a blockchain-based identity authentication and authorization(BIAA) mechanism is proposed.BIAA requires users to provide the effective identity certificate and biological feature to authorize the business,to ensure that the business is authorized by the user.Then,the identity authorization together with the business contract will be written into the blockchain ledger with the secure and traceable manner.To fulfill BIAA,a stellate multi-blockchain structure is proposed for identity register and authorization.An identity register blockchain is built using consortium blockchain which is maintained by authorities to manage the identity registration.It also charges to identity authentication.Multiple identity authorization blockchains can be built with the permission from identity register blockchain.Each identity authorization blockchain can be maintained by a business sector and write the business contracts with identity authorizations into the blockchain ledger.For technical implementation,an identity register-authenticate-authorize(IRAA) terminal is designed.It transforms the identity and biological feature into ciphertext by hash function,thus to guarantee the identity information offline and secure.It is also embedded with the protocol to deal with the identity authentication in an encrypted way.IRAA terminal also charges to sign the business contract using digital signature and thus finish the identity authorization.Finally,a prototype system leveraging second-generation identity certificate and finger vein pattern as identity information is built,which verifies the security,feasibility,and effectiveness of BIAA mechanism and provides a valuable reference for solving the abuse of identity.

Key words: Identity information security, Identity authentication, Identity Authorization, Blockchain, Smart contract

中图分类号:

TP309

林飞龙, 岳跃栋, 郑建辉, 陈中育, 李明禄. 一种基于区块链的身份鉴证与授权机制[J]. 计算机科学, 2023, 50(6A): 220700158-9. https://doi.org/10.11896/jsjkx.220700158

LIN Feilong, YUE Yuedong, ZHENG Jianhui, CHEN Zhongyu, LI Minglu. Blockchain-based Identity Authentication and Authorization Mechanism[J]. Computer Science, 2023, 50(6A): 220700158-9. https://doi.org/10.11896/jsjkx.220700158

参考文献

[1]SMITH R G,National identity security strategy estimating the cost to Australian businesses of identity crime and misuse[OL].https://www.aic.gov.au.
[2]Personal information security and privacy protection in China[R].CYU Internet Law Research Center,2016.
[3]KHODAEI M,JIN H,PAPADIMITRATOS P.SECMACE:Scalable and robust identity and credential management infrastructure in vehicular communication systems[J].IEEE Tran-sactions on Intelligent Transportation Systems,2018,19(5):1430-1444.
[4]CHENG X,ZHANG Z,CHEN F,et al.Secure identity authentication of community medical Internet of things[J].IEEE Access,2019,2019(7):115966-115977.
[5]NAKAMOTO S,Bitcoin:A peer-to-peer electronic cash system,White Paper,2008[OL].https://bitcoin.org/bitcoin.pdf.
[6]CAI X,DENG Y,ZHANG L,et al.The principle and core technology of blockchain[J].Chinese Journal of Computers,2021,44(5):84-131.
[7]ANTONOPOULOS A M.Mastering Bitcoin:Unlocking digitalcryptocurrencies[M].O’Reilly Media,Inc.,Sebastopol,USA,2014.
[8]SLOMOVIC A.Privacy issues in identity verification[J].IEEE Security & Privacy,2014,12(3):71-73.
[9]WALT E,ELOFF J.A Big Data Science Experiment-IdentityDeception Detection[C]//International Conference on Computational Science & Computational Intelligence.IEEE,2015:416-419.
[10]ZOU Y,ROUNDY K,TAMERSOY A,et al.Examining theadoption and abandonment of security,privacy,and identity theft protection practices[C]//Proceedings of the CHI Conference on Human Factors in Computing Systems.Honolulu USA,2020:1-15.
[11]AKHTAR Z,HADID A,NIXON M S,et al.Biometrics:Insearch of identity and security(Q&A)[J].IEEE Multimedia,2018,25(3):22-35.
[12]ESTEE V D W,ELOFF J H P,GROBLER J.Cyber-security:Identity deception detection on social media platforms[J].Computers & Security,2018,78(sep.):76-89.
[13]HE D,ZHANG Y,DING W,et al.Secure and efficient two-party signing protocol for the identity-based signature scheme in the IEEE P1363 standard for public key cryptography[J].IEEE Transactions on Dependable and Secure Computing,2018,17(5):1124-1132.
[14]CHEN J,HAO G,LIANG Y.Strongly secure identity-based authenticated key agreement protocols without bilinear pairings[J].Information Sciences,2016,367(Nov.):176-193.
[15]DANIEL R M,RAJSINGH E B,SILAS S.An efficient eCK secure identity based two party authenticated key agreement scheme with security against active adversaries[J].Information and Computation,2020,275(Dec.):1-20.
[16]DENG Y,SONG G,YANG B,et al.Identity-based inner product functional encryption with verified secret key[J].Chinese Journal of Computers,2021,44(5):908-920.
[17]MEZRAG F,BITAM S,MELLOUK A.IDSP:A new identity-based security protocol for cluster-based wireless sensor networks[C]//Proceedings of the IEEE 30th Annual International Symposium on Personal,Indoor and Mobile Radio Communications.Istanbul,Turkey,2019:1-6.
[18]KAI H,JIAN W,LIU J N,et al.Anonymous identity-basedbroadcast encryption with chosen-ciphertext security[C]//Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.Xi’an China,2016:207-222.
[19]KHAN R,KUMAR P,JAYAKODY D,et al.,A survey on security and privacy of 5G technologies:potential solutions,recent advancements and future directions[J].IEEE Communications Surveys & Tutorials,2019,22(1):196-248.
[20]WANG Z.A privacy-preserving and accountable authentication protocol for IoT end-devices with weaker identity[J].Future Generations Computer Systems,2018,82:342-348.
[21]WANG H,HE D,YU J,et al.Incentive and unconditionallyanonymous identity-based public provable data possession[J].IEEE Transactions on Services Computing,2019,12(5):824-835.
[22]JIA X,HE D,KUMAR N,et al.A provably secure and efficient identity-based anonymous authentication scheme for mobile edge computing[J].IEEE Systems Journal,2019,14(1):1560-571.
[23]ZHANG C Y,KIM D,HWANG I.Multi-target Identity Ma-nagement for Unknown and Time-Varying Number of Targets in Clutter[J].European Journal of Control,2021,60:20-35.
[24]NIU J L,REN Z Y.A self-sovereign identity managementscheme using smart contracts[J].MATEC Web of Confe-rences,2021,336:08005.
[25]SONG L,SUN G,YU H,et al.FBIA:A fog-based identity authentication scheme for privacy preservation in Internet of vehicles[J].IEEE Transactions on Vehicular Technology,2020,69(5):5403-5415.
[26]WANG Z.An identity-based data aggregation protocol for the smart grid[J].IEEE Transactions on Industrial Informatics,2017,13(5):2428-2435.
[27]KARATI A,ISLAM S H,BISWAS G P,et al.,Provably secure identity-based signcryption scheme for crowdsourced industrial Internet of things environments[J].IEEE Internet of Things Journal,2018,5(4):2904-2914.
[28]DUNPHY P,PETITCOLAS F.A first look at identity management schemes on the Blockchain[J].IEEE Security and Privacy Magazine,2018,16(4):20-29.
[29]XU K,LING S,LI Q,et al.Research progress of network secu-rity architecture and key technologies based on blockchain[J].Chinese Journal of Computers,2021,44(5):55-83.
[30]Hyperledger Indy:Hyperledger-Powered Digital Identity Solu-tions[OL].https://www.hyperledger.org/use/hyperledger-indy.
[31]XU J,XUE K,TIAN H,et al.An identity management and authentication scheme based on redactable blockchain for mobile networks[J].IEEE Transactions on Vehicular Technology,2020,69(6):6688-6698.
[32]YANG X,LI W.A zero-knowledge-proof-based digital identity management scheme in blockchain[J].Computers & Security,2020,99(Dec.):1-17.
[33]CUI Z,XUE F,ZHANG S,et al.A hybrid blockchain-basedidentity authentication scheme for multi-WSN[J].IEEE Tran-sactions on Services Computing,2020,13(2):241-251.
[34]YANG X,YANG X,YI X,et al.Blockchain-based secure andlightweight authentication for Internet of things[J].IEEE Internet of things Journal,2022,9(5):3321-3332.
[35]MALIK N,NANDA P,ARORA A,et al.Blockchain based secured identity authentication and expeditious revocation framework for vehicular networks[C]//Proceedings of the 17th IEEE International Confe-rence on Trust,Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering.New York,NY,USA,2018:674-679.
[36]WANG S S,MA Z F,LIU J W,et al.Research and Implementation of Cross Chain Security Access and Identity Authentication Scheme of Blockchain[J].Netinfo Security,2022,22(6):61-72.
[37]WANG S S,DAI B R,ZHU M L,et al.User Identity Authentication Model for Cross-Chain System[J].Computer Engineering and Applications,2022,58(19):135-141.
[38]REN X,LIN F,CHEN Z,et al.BIA:A blockchain-based identity authorization mechanism[C]//Proceedings of the IEEE 16th International Conference on Mobility,Sensing and Networking.Tokyo,Japan,2020:98-105.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed