Computer Science

Computer Science ›› 2026, Vol. 53 ›› Issue (1): 363-370.doi: 10.11896/jsjkx.250100080

• Information Security • Previous Articles     Next Articles

Software-defined Perimeter Anonymous Authentication Scheme Based on Verifiable Credentials

SI Xuege, JIA Hongyong, LI Weixian, ZENG Junjie , MEN Ruirui   

  1. College of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450002, China
  • Received:2025-01-13 Revised:2025-05-10 Published:2026-01-08
  • About author:SI Xuege,born in 1999,postgraduate.Her main research interests include cryptography and zero trust security.
    JIA Hongyong,born in 1975,Ph.D,lecturer.His main research interests include cloud computing security and zero trust security of the IoT system.
  • Supported by:
    Key Research and Development Projects of Henan Province(231111211900) andthe Management of Major Science and Technology of Henan Province(221100210900).

PDF (PC)

7

Abstract: The standard SDP architecture employs identity-based authentication and authorization strategies to monitor and audit access activities in real time.However,users must fully disclose their identity information to obtain access,potentially exposing sensitive data unrelated to the requested service and introducing privacy risks.To address challenges such as ineffective user privacy protection and vulnerability of access records to malicious linkage in the current SDP architecture,this paper proposes an anonymous authentication scheme based on verifiable credentials(VCs) for SDP.The scheme constructs a VC verification algorithm using bilinear pairing and CL-signature,integrating the VC system with the standard SDP architecture to enable anonymous user access without altering the original single-packet authorization and TLS secure connection authentication model.Theoretical analysis demonstrates that the proposed scheme resists common network attacks,including knock amplification and identity impersonation.Experimental results show that it achieves shorter authentication latency in multi-node network environments.

Key words: Software defined perimeter, Verifiable credentials, Anonymous authentication, CL-signature, Privacy preservation

CLC Number: 

  • TP309
[1]GARBIS J,KOILPILLAI J.Software-Defined Perimeter(SDP) Specification v2.0[M].Working Group:SDP and Zero Trust,2022.
[2]YAN J,LI S X,LI G Z,et al.Security Protection Method ofOower Internet of Things Based on Software Defined Perimeter[J].Techniques of Automation and Applications,2025,44(3):93-95,114.
[3]WANG F,LI G,WANG Y,et al.Privacy-aware traffic flow prediction based on multi-party sensor data with zero trust in smart city[J].ACM Transactions on Internet Technology,2023,23(3):1-19.
[4]CHIY P,LIU J H,LIANG J M.Design of SDP Trust Evaluation Model Based on Federated Learning[J].Journal of Information Security Research,2024,10(10):903-911.
[5]RASH M.Single packet authorization[J].Linux Journal,2007,2007(156):1.
[6]ZHANG L,GE J,WU Y,et al.On Improved Efficiency and Forward Security of 0-RTT Key Exchange for SDP[C]//2024 33rd International Conference on Computer Communications and Networks(ICCCN).IEEE,2024:1-9.
[7]LEE H,KIM D,KWON Y.TLS 1.3 in practice:How TLS 1.3 contributes to the internet[C]//Proceedings of the Web Confe-rence 2021.2021:70-79.
[8]SINGH J,BELLO Y,REFAEY A,et al.Five-Layers SDP-Based Hierarchical Security Paradigm for Multi-access Edge Computing[J].arXiv:2007.01246,2020.
[9]CAMENISCH J,LYSYANSKAYA A.Signature schemes andanonymous credentials from bilinear maps[C]//Annual international cryptology conference.Berlin:Springer,2004:56-72.
[10]FENGJ Y,YU T T,WANG Z Y,et al.An Edge Zero-Trust Model Against Compromised Terminals Threats in Power loT Environments[J].Computer Research and Development,2022,59(5):1120-1132.
[11]YANG Y,BAI F,YU Z,et al.An anonymous and supervisory cross-chain privacy protection protocol for zero-trust IoT application[J].ACM Transactions on Sensor Networks,2024,20(2):1-20.
[12]TANG F,MA C,CHENG K.Privacy-preserving authentication scheme based on zero trust architecture[J].Digital Communications and Networks,2024,10(5):1211-1220.
[13]SONGZ M,YU Y M,WANG G W,et al.Zero-knowledge authentication and management architecture for digital identity verifiable credentials based on blockchain smart contracts[J].Journal of Information Security,2023,8(1):55-77.
[14]LI S,IQBAL M,SAXENA N.Future industry internet of things with zero-trust security[J].Information Systems Frontiers,2024,26:1653-1666.
[15]RASHEED A,MAHAPATRA R N,VAROL C,et al.Exploiting zero knowledge proof and blockchains towards the enforcement of anonymity,data integrity and privacy(ADIP) in the iot[J].IEEE Transactions on Emerging Topics in Computing,2021,10(3):1476-1491.
[16]SONG Y,DING L,LIU X,et al.Differential Privacy Protection Algorithm Based on ZeroTrust Architecture for Industrial Internet[C]//2022 IEEE 4th International Conference on Power,Intelligent Computing and Systems(ICPICS).IEEE,2022:917-920.
[17]VerifiableCredentials Data Model v2.0[EB/OL].(2024-12-19)[2024-12-30].https://www.w3.org/TR/vc-data-model-2.0/.
[18]SEDLMEIR J,SMETHURST R,RIEGER A,et al.Digital identities and verifiable credentials[J].Business & Information Systems Engineering,2021,63(5):603-613.
[19]ALAM S.A blockchain-based framework for secure educational credentials[J].Turkish Journal of Computer and Mathematics Education,2021,12(10):5157-5167.
[20]MUKTA R,MARTENS J,PAIK H,et al.Blockchain-basedverifiable credential sharing with selective disclosure[C]//2020 IEEE 19th International Conference on Trust,Security and Privacy in Computing and Communications(TrustCom).IEEE,2020:959-966.
[21]SHIM K A.A strong designated verifier signature scheme tightly related to the LRSW assumption[J].International Journal of Computer Mathematics,2013,90(2):163-171.
[22]KOILPILLAI J.Software defined perimeter(SDP) a primer for cios[J].Waverley Labs LLC,2017,267:56-62.
[23]YAN J,YANG B,SU L,et al.Blockchain based Software Defined Perimeter(SDP) in Support of Authentication and Authorization[C]//2022 International Conference on Blockchain Technology and Information Security(ICBCTIS).2022:40-42.
[24]WU K H,CHENG R,JIANG X C,et al.Security ProtectionScheme of Power IoT Based on SDP[J].Netinfo Security,2022,22(2):32-38.
[1] YANG Ke, GUO Qinglei, SHEN Yiming, BAI Neng, SONG Wenting, WANG Weiyu. Privacy-preserving Cross-certificate System Authentication and Access Control Model for Material Supply Chain [J]. Computer Science, 2025, 52(11A): 250100131-10.
[2] YAN Li, YIN Tian, LIU Peishun, FENG Hongxin, WANG Gaozhou, ZHANG Wenbin, HU Hailin, PAN Fading. Overview of Attribute-based Searchable Encryption [J]. Computer Science, 2024, 51(11A): 231100137-12.
[3] ZHAO Yuhao, CHEN Siguang, SU Jian. Privacy-enhanced Federated Learning Algorithm Against Inference Attack [J]. Computer Science, 2023, 50(9): 62-67.
[4] LIU Yingjun, LUO Yang, YANG Yujun, LIU Yuanni. Anonymous Authentication Protocol for Medical Internet of Things [J]. Computer Science, 2023, 50(8): 359-364.
[5] GUO Nan, SONG Xiaobo, ZHUANG Luyuan, ZHAO Cong. Anonymous Batch Authentication Scheme in Internet of Vehicles for WAVE Security Services [J]. Computer Science, 2023, 50(4): 308-316.
[6] KONG Yu-ting, TAN Fu-xiang, ZHAO Xin, ZHANG Zheng-hang, BAI Lu, QIAN Yu-rong. Review of K-means Algorithm Optimization Based on Differential Privacy [J]. Computer Science, 2022, 49(2): 162-173.
[7] WANG Qing-long, QIAO Rui, DUAN Zong-tao. Security Analysis on VANETs Authentication Schemes:CPAV and ABV [J]. Computer Science, 2019, 46(4): 177-182.
[8] WANG Jing, SI Shu-jian. Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology [J]. Computer Science, 2018, 45(9): 187-194.
[9] REN Hui, DAI Hua and YANG Geng. Secure Comparator Based Privacy-preserving Sorting Algorithms for Clouds [J]. Computer Science, 2018, 45(5): 139-142.
[10] YUE Xiao-han, HUI Ming-heng, WANG Xi-bo. Forward Security Anonymous Authentication Protocol Based on Group Signature for Vehicular Ad Hoc Network [J]. Computer Science, 2018, 45(11A): 382-388.
[11] CAO Min-zi, ZHANG Lin-lin, BI Xue-hua, ZHAO Kai. Personalized (α,l)-diversity k-anonymity Model for Privacy Preservation [J]. Computer Science, 2018, 45(11): 180-186.
[12] CAO Chun-ping and XU Bang-bing. Research of Privacy-preserving Tag-based Recommendation Algorithm [J]. Computer Science, 2017, 44(8): 134-139.
[13] DAI Hua, YE Qing-qun, YANG Geng, XIAO Fu and HE Rui-liang. Overview of Secure Top-k Query Processing in Two-tiered Wireless Sensor Networks [J]. Computer Science, 2017, 44(5): 6-13.
[14] PENG Rui-qing and WANG Li-na. Fined-grained Location Privacy Protection System for Android Applications [J]. Computer Science, 2016, 43(Z11): 398-402.
[15] XU Jun-feng,DING Xue-feng,SI Cheng-xiang and ZHANG Wei. Certificateless Anonymous Authentication Protocol for Vehicle Ad-hoc Network [J]. Computer Science, 2013, 40(9): 152-155.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.