针对目前基于区块链的身份认证方案存在节点性能损耗严重的问题,提出一种基于双共识混合链的跨异构域身份认证方案。采用多因子分析方法对基于综合性能的Raft共识算法进行优化,实现了对节点综合性能的合理评估;选出综合性能优异的节点作为跨域节点,可避免因跨域节点性能不佳而引起的系统故障。该方案结合实用拜占庭容错共识机制并引入监督节点,增强了认证系统的拜占庭容错能力,解决了因恶意节点导致的域内错误认证问题。利用SM9广播密码算法对认证过程中的通信数据进行加密,实现了系统的双向认证和保密通信,确保了系统的安全性。实验表明:该方案的双共识认证机制相较于单一共识认证机制,具有较强的拜占庭容错能力和较高的吞吐量,不但能使系统更加安全稳定,而且减少了单对单加解密计算操作,降低了系统的计算开销和时间开销。
Aiming at the serious loss of node performance in current blockchain-based identity authentication schemes, a cross heterogeneous domain identity authentication scheme based on double consensus hybrid chain is proposed. Multi-factor analysis method is used to optimize the Raft consensus algorithm based on comprehensive performance, realizing a reasonable evaluation of the comprehensive performance of nodes. System failures caused by poor performance of cross domain nodes are avoided by selecting nodes with excellent comprehensive performance as cross domain nodes. By working in combination with practical Byzantine fault tolerant (PBFT) consensus mechanism in supervisory nodes, the Byzantine fault tolerance of the authentication system is enhanced, and the problem of intra domain false authentication caused by malicious nodes is solved. In addition, SM9 broadcast cipher algorithm is used to encrypt communication data in the authentication process, so as to realize the two-way authentication and communication confidence of the system, and ensure the security of the system. Experiments show that the dual consensus authentication mechanism has better Byzantine fault tolerance and higher throughput than the single consensus authentication mechanism, and makes the system more secure and stable. Moreover, it reduces the calculation operation in single to single encryption and decryption, and saves calculation overhead and time overhead of the system.
[1] Chen C M, Xiang B, Liu Y, et al.A secure authentication protocol for Internet of vehicles[J].IEEE Access, 2019, 7:12047-12057.
[2] Zúquete A, Gomes H, Amaral J, et al.Security-oriented architecture for managing IoT deployments[J].Symmetry, 2019, 11(10):1315-1331.
[3] Feng Q, He D, Zeadally S, et al.A survey on privacy protection in blockchain system[J].Journal of Network and Computer Applications, 2019, 126:45-58.
[4] 曾诗钦,霍如,黄韬,等.区块链技术研究综述:原理、进展与应用[J].通信学报, 2020, 41(1):134-151.Zeng S Q, Huo R, Huang T, et al.Review of blockchain technology research:principle, progress and application[J].Journal of Communications, 2020, 41(1):134-151.(in Chinese)
[5] Guo L, Xie H, Li Y.Data encryption based blockchain and privacy preserving mechanisms towards big data[J].Journal of Visual Communication and Image Representation, 2020, 70:102741-102752.
[6] Lee Y, Yoon J, Choi J, et al.A novel cross-layer authentication protocol for the Internet of things[J].IEEE Access, 2020, 8:196135-196150.
[7] Guo S, Wang F, Zhang N, et al.Master-slave chain based trusted cross-domain authentication mechanism in IoT[J].Journal of Network and Computer Applications, 2020, 172:102812-102823.
[8] Li X, Niu J, Bhuiyan M Z A, et al.A robust ECC-based provable secure authentication protocol with privacy preserving for industrial Internet of things[J].IEEE Transactions on Industrial Informatics, 2017, 14(8):3599-3609.
[9] Arasan A, Sadaiyandi R, Al-Turjman F, et al.Computationally efficient and secure anonymous authentication scheme for cloud users[J].Personal and Ubiquitous Computing, 2021:1-11.https://doi.org/10.1007/s00779-021-01566-9
[10] Hammi M T, Hammi B, Bellot P, et al.Bubbles of trust:a decentralized blockchain-based authentication system for IoT[J].Computers&Security, 2018, 78:126-142.
[11] Ryu J, Kang D, Lee H, et al.A secure and lightweight three-factor-based authentication scheme for smart healthcare systems[J].Sensors, 2020, 20(24):7136-7161.
[12] Wu H L, Chang C C, Zheng Y Z, et al.A secure IoT-based authentication system in cloud computing environment[J].Sensors, 2020, 20(19):5604-5618.
[13] Bao Z, Shi W, He D, et al.IoTChain:a three-tier blockchain-based IoT security architecture[J/OL].(2018-06-15)[2021-07-01].https://doi.org/10.48550/arXiv.1806.02008.
[14] Ma Z F, Meng J L, Wang J H, et al.Blockchain-based decentralized authentication modeling scheme in edge and IoT environment[J].IEEE Internet of Things Journal, 2020, 8(4):2116-2123.
[15] 魏松杰,李莎莎,王佳贺,等.基于身份密码系统和区块链的跨域认证协议[J].计算机学报, 2021, 44(5):908-920.Wei S J, Li S S, Wang J H, et al.Cross-domain authentication protocol based on identity cryptosystem and blockchain[J].Chinese Journal of Computers, 2021, 44(5):908-920.(in Chinese)
[16] Zhang S, Cao Y, Ning Z, et al.A heterogeneous IoT node authentication scheme based on hybrid blockchain and trust value[J].KSII Transactions on Internet and Information Systems, 2020, 14(9):3615-3638.
[17] Cui Z H, Fei X, Zhang S Q, et al.A hybrid blockchain-based identity authentication scheme for multi-WSN[J].IEEE Transactions on Services Computing, 2020, 13(2):241-251.
[18] Jia X, Hu N, Yin S, et al.A2 chain:a blockchain-based decentralized authentication scheme for 5G-enabled IoT[J].Mobile Information Systems, 2020(11):1-19.
[19] Li D, Yu J, Gao X, et al.Research on multidomain authentication of IoT based on cross-chain technology[J].Security and Communication Networks, 2020:1-12.
[20] 赖建昌,黄欣沂,何德彪.一种基于商密SM9的高效标识广播加密方案[J].计算机学报, 2021, 44(5):897-907.Lai J C, Huang X Y, He D B.An efficient identification broadcast encryption scheme based on commercial secret SM9[J].Chinese Journal of Computers, 2021, 44(5):897-907.(in Chinese)
[21] 田有亮,彭长根,马建峰,等.安全协议的博弈论机制[J].计算机研究与发展, 2014, 51(2):344-352.Tian Y L, Peng C G, Ma J F, et al.Game theory mechanism of security protocol[J].Computer Research and Development, 2014, 51(2):344-352.(in Chinese)
