公钥基础设施(public key infrastructure,PKI)体系为实施电子商务、电子政务、办公自动化等提供了非常重要的安全服务。该文以区块链和智能合约为基础构建了证书颁发机构(certificate authority,CA),提出基于双区块链的分布式PKI模型,以医疗PKI为应用场景,用区块链和智能合约技术管理证书和病人信息,保证了证书发布和撤销的透明性,实现了病人信息的隐私保护和访问控制,解决了传统的PKI中存在的单点故障、多CA互信、证书发放不安全、证书透明性以及快速验证等问题。安全性分析和实验表明该模型可以解决传统PKI和现有单链PKI模型中存在的多种问题,有效保护了病人的隐私,并显著提高了证书发放和验证的效率。
Public key infrastructure (PKI) system provides very important security services for the implementation of e-commerce, e-government and office automation. This paper builds a certificate authority (CA) based on blockchain and smart contract and proposes a dual blockchain-based distributed PKI model. As used in medical application scenarios, the PKI model can manage certificates and patient information with blockchain and smart contract technology, realize the privacy protection and access control of patient information, and solve the problems of single point of failure, multi-CA mutual trust, insecure certificate issuance, certificate transparency and rapid verification in traditional PKI. Security analysis and experiments show that the proposed model can solve a variety of problems existing in traditional and existing single-chain PKI models, effectively protect patient privacy, and significantly improve the efficiency of certificate issuance and validation.
[1] 罗靖玮,肖昌兴. PKI在电子信息安全中的应用研究[J].信息通信, 2017(1):171-172. Luo J W, Xiao C X. Application research of PKI in electronic information security[J]. Information&Communications, 2017(1):171-172.(in Chinese)
[2] 林璟锵,荆继武,张琼露. PKI技术的近年研究综述[J].密码学报, 2015, 2(6):487-496. Lin J Q, Jing J W, Zhang Q L. Recent research review of PKI technology[J]. Journal of Cryptologic Research, 2015, 2(6):487-496.(in Chinese)
[3] 康剑萍,王沈敏,杜竹青. PKI技术在信息安全中的应用[J].自动化仪表, 2020, 41(4):107-110. Kang J P, Wang S M, Du Z Q. Application of PKI technology in information security[J]. Process Automation Instrumentation, 2020, 41(4):107-110.(in Chinese)
[4] Zheng Z B, Xie S A, Dai H N, et al. An overview on smart contracts:challenges, advances and platforms[J]. Future Generation Computer Systems, 2020, 105:475-491.
[5] 郎芳.区块链技术下智能合约之于合同的新诠释[J].重庆大学学报(社会科学版), 2021, 27(5):169-182. Lang F. New interpretation of smart contract to contract based on blockchain technology[J]. Journal of Chongqing University (Social Science Edition), 2021, 27(5):169-182.(in Chinese)
[6] 孟博,刘加兵,刘琴.智能合约安全综述[J].网络与信息安全学报, 2020, 6(3):1-13. Meng B, Liu J B, Liu Q. A review of smart contract security[J]. Journal of Network and Information Security, 2020, 6(3):1-13.(in Chinese)
[7] 赵颖琪,朱雪阳,李广元.带时间约束的智能合约验证[J].应用科学学报, 2021, 39(1):1-16. Zhao Y Q, Zhu X Y, Li G Y. Verification of smart contract with time constraint[J]. Journal of Applied Sciences, 2021, 39(1):1-16.(in Chinese)
[8] Alexander Y, Wazen M, Anders W, et al. A blockchain-based PKI management framework[C]//2018 IEEE/IFIP Network Operations and Management Symposium, 2018:1-6.
[9] Murat Y K, Mehmet S K, Haci A M. CertLedger:a new PKI model with certificate transparency based on blockchain[J]. Computers&Security, 2019, 85:333-352.
[10] Patsonakis C, Samari K, Kiayias A, et al. On the practicality of a smart contract PKI[C]//2019 IEEE International Conference on Decentralized Applications and Infrastructures, 2019:109-118.
[11] Watanabe H, Fujimura S, Nakadaira A, et al. Blockchain contract:securing a blockchain applied to smart contracts[C]//2016 IEEE International Conference on Consumer Electronics (ICCE), 2016:467-468.
[12] Zakia E U, Hanan E B. Trust assessment of X.509 certificate based on certificate authority trustworthiness and its certificate policy[J]. International Journal of Internet Technology and Secured Transactions, 2018, 8(1):103.
[13] Laurie B. Certificate transparency[J]. Communications of the ACM, 2014, 57(10):40-46.
[14] Singla A, Bertino E. Blockchain-based PKI solutions for IoT[C]//2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), 2018:9-15.
[15] 陈武阳.基于区块链的PKI身份认证的研究[D].兰州:兰州理工大学, 2020.
