基于MPT索引的高效链上PKI模型

doi:10.3969/j.issn.1671-1122.2022.08.009

信息网络安全 ›› 2022, Vol. 22 ›› Issue (8): 72-80.doi: 10.3969/j.issn.1671-1122.2022.08.009

基于MPT索引的高效链上PKI模型

黄保华¹(), 赵伟宏¹, 彭丽¹, 谢统义²

1.广西大学计算机与电子信息学院,南宁 530004
2.广西教育学院,南宁 530023

收稿日期:2022-04-11 出版日期:2022-08-10 发布日期:2022-09-15
通讯作者: 黄保华 E-mail:bhhuang66@gxu.edu.cn
作者简介:黄保华（1973—）,男,贵州,副教授,博士,主要研究方向为信息安全。|赵伟宏（1996—）,男,广西,硕士研究生,主要研究方向为信息安全|彭丽（1998—）,女,湖南,硕士研究生,主要研究方向为信息安全|谢统义（1976—）,男,广西,副教授,硕士,主要研究方向为信息安全
基金资助:
国家自然科学基金(61962005);国家重点研发计划(2018YFB1404404);广西高校中青年教师科研基础能力提升项目(2021KY1934)

Efficient Blockchain PKI Model Based on MPT Index

HUANG Baohua¹(), ZHAO Weihong¹, PENG Li¹, XIE Tongyi²

1. School of Computer and Electronic Information, Guangxi University, Nanning 530004, China
2. Guangxi Institute of Education, Nanning 530023, China

Received:2022-04-11 Online:2022-08-10 Published:2022-09-15
Contact: HUANG Baohua E-mail:bhhuang66@gxu.edu.cn

摘要/Abstract

摘要：

针对传统PKI存在的单点故障和CA操作不透明等问题,文章提出一种基于MPT索引的高效链上PKI模型。首先,将区块链作为证书库存储证书,将分布式CA节点作为区块链网络中的矿工节点处理证书请求,构建去中心化的PKI模型。同时,设计证书管理算法,通过在证书中记录证书操作类型,实现证书注册、更新和撤销功能。其次,在该模型的基础上,通过<证书ID,证书Hash>键值对为每个区块内存储的证书构建MPT索引,并设计基于MPT索引的证书查询算法,实现根据证书ID快速查询链上证书的功能,扩展了传统区块链的查询语义,提升了查询效率。对比分析和实验结果表明,该模型能够有效提升PKI的安全性,并拥有较高的证书查询效率。

关键词: 区块链, PKI, MPT

Abstract:

Aiming at the problems of single point of failure and opaque CA operation in traditional PKI, this paper proposes an efficient blockchain PKI model based on MPT index. Firstly, a decentralized PKI model is constructed by using blockchain as a certificate repository to store certificates and distributed CA nodes as miner nodes in blockchain network to process certificate requests. At the same time, a certificate management algorithm is designed to realize the functions of certificate registration, update and revocation by recording the certificate operation types in certificates. Secondly, on the basis of this model, a MPT index is built for the certificates stored in each block through < certificate ID, certificate Hash > key value pairs, and a certificate query algorithm based on the MPT index is designed, which realizes the function of quickly querying the certificates on the blockchain according to the certificate ID, expands the query semantics of the traditional blockchain, and improves the query efficiency. Comparative analysis and experimental results show that the model proposed in this paper can effectively improve the security of PKI, and has a high efficiency of certificate query.

Key words: blockchain, PKI, MPT

中图分类号:

TP309

黄保华, 赵伟宏, 彭丽, 谢统义. 基于MPT索引的高效链上PKI模型[J]. 信息网络安全, 2022, 22(8): 72-80.

HUANG Baohua, ZHAO Weihong, PENG Li, XIE Tongyi. Efficient Blockchain PKI Model Based on MPT Index[J]. Netinfo Security, 2022, 22(8): 72-80.

图/表 6

图1

图2

图3

表1

表2

图4

参考文献 17

[1]	TEWARI H. Blockchain Research Beyond Cryptocurrencies[J]. IEEE Communications Standards Magazine, 2019, 3(4): 21-25. doi: 10.1109/MCOMSTD.001.1900026 URL
[2]	LIN Jingqiang, JING Jiwu, ZHANG Qionglu, et al. Recent Advances in PKI Technologies[J]. Journal of Cryptologic Research, 2015, 2(6): 487-496. doi: 10.13868/j.cnki.jcr.000095
[3]	NAKAMOTO S. Bitcoin: A Peer-to-Peer Electronic Cash System[EB/OL]. [2022-02-11]. https://bitcoin.org/bitcoin.pdf.
[4]	LEWISON K, CORELLA F. Backing Rich Credentials with a Blockchain PKI^∗[EB/OL]. [2022-02-11]. https://pomcor.com/techreports/BlockchainPKI.pdf.
[5]	FROMKNECHT C, VELICANU D, YAKOUBOV S. CertCoin: A NameCoin Based Decentralized Authentication System 6.857 Class Project[EB/OL]. (2014-05-14)[2022-02-15]. http://courses.csail.mit.edu/6.857/2014/files/19-fromknecht-velicann-yakoubov-certcoin.pdf.
[6]	AXON L. Privacy-Awareness in Blockchain-Based PKI[EB/OL]. (2015-01-01)[2022-02-15]. https://ora.ox.ac.uk/objects/uuid:f8377b69-599b-4cae-8df0-f0cded53e63b/download_file?file_format=pdf&safe_filename=21-15. pdf&type_of_work=Working+paper.
[7]	LEIDING B, CAP C H, MUNDT T, et al. Authcoin: Validation and Authentication in Decentralized Networks[EB/OL]. [2022-02-15]. https://arxiv.org/ftp/arxiv/papers/1609/1609.04955. pdf.
[8]	QIN Bo, HUANG Jikun, WANG Qin, et al. Cecoin: A Decentralized PKI Mitigating MitM Attacks[J]. Future Generation Computer Systems, 2017, 107: 805-815. doi: 10.1016/j.future.2017.08.025 URL
[9]	DYKCIK L, CHUAT L, SZALACHOWSKI P, et al. BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure[C]//IEEE. 2018 IEEE International Conference on Data Mining Workshops(ICDMW). New York: IEEE, 2018: 105-114.
[10]	MATSUMOTO S, REISCHUK R M. IKP: Turning a PKI Around with Decentralized Automated Incentives[C]//IEEE. 2017 IEEE Symposium on Security and Privacy(SP). New York: IEEE, 2017: 410-426.
[11]	WAN Zhiguo, GUAN Zhangshuang, ZHUO Feng, et al. BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain[C]//Springer. International Conference on Security & Privacy in Communication Systems. Heidelberg: Springer, 2018: 644-658.
[12]	YUAN Yong, WANG Feiyue. Blockchain: the State of the Art and Future Trends[J]. Acta Automatica Sinica, 2016, 42(4): 481-494.
	袁勇, 王飞跃. 区块链技术发展现状与展望[J]. 自动化学报, 2016, 42(4):481-494.
[13]	DONET J A D, PÉREZ-SOLÀ C, HERRERA-JOANCOMARTÍ J. The Bitcoin P2P Network[C]//Springer. International Conference on Financial Cryptography and Data Security. Heidelberg: Springer, 2014: 87-102.
[14]	MATTILA J. The Blockchain Phenomenon-The Disruptive Potential of Distributed Consensus Architectures[EB/OL]. (2016-05-10)[2022-02-16]. https://www.etla.fi/wp-content/uploads/ETLA-Working-Papers-38. pdf.
[15]	CHRISTIDIS K, DEVETSIKIOTIS M. Blockchains and Smart Contracts for the Internet of Things[J]. IEEE Access, 2016, 4: 2292-2303. doi: 10.1109/ACCESS.2016.2566339 URL
[16]	WOOD G. Ethereum: A Secure Decentralised Generalised Transaction Ledger[EB/OL]. [ 2022-02-16]. http://gavwood.com/Paper.pdf.
[17]	ZHENG Haohan, SHEN Derong, NIE Tiezheng, et al. Queryability Optimization of Blockchain System for Hybrid Index[J]. Computer Science, 2020, 47(10): 301-308.
	郑浩瀚, 申德荣, 聂铁铮, 等. 面向混合索引的区块链系统的可查询性优化[J]. 计算机科学, 2020, 47(10):301-308.

符号	含义
A → B: m	实体A向实体B发送消息m
A: method() → r	实体A执行方法method(),得到结果r
certHolder	证书持有人
holderID	证书持有人ID
CA	CA节点
CAGroup	CA节点群
cert	区块链证书
certs	区块链证书集合
certID	区块链证书ID
block	区块
blockchain	区块链

方案功能	传统PKI	文献[5]	文献[7]	文献[10]	本文
证书注册	√	√	√	√	√
证书更新	√	√	×	×	√
证书撤销	√	√	×	×	√
单点故障	×	√	×	√	√
抢占式注册	×	×	√	×	√
证书透明	×	√	√	√	√
恶意CA	×	√	×	√	√

基于MPT索引的高效链上PKI模型

Efficient Blockchain PKI Model Based on MPT Index

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 17

相关文章 15

编辑推荐

Metrics

本文评价

[1]	胡艺, 佘堃. 基于区块链和智能合约的双链车联网系统[J]. 信息网络安全, 2022, 22(8): 26-35.
[2]	KELEKET GOMA Christy Junior Yannick, 易文哲, 王鹃. 一种基于SGX的轻量Fabric链码可信执行环境构建方法[J]. 信息网络安全, 2022, 22(7): 73-83.
[3]	王姝爽, 马兆丰, 刘嘉微, 罗守山. 区块链跨链安全接入与身份认证方案研究与实现[J]. 信息网络安全, 2022, 22(6): 61-72.
[4]	于克辰, 郭莉, 阴宏伟, 燕雪松. 面向数据中心场景的基于区块链与博弈论的高价值数据共享模型[J]. 信息网络安全, 2022, 22(6): 73-85.
[5]	冯景瑜, 张琪, 黄文华, 韩刚. 基于跨链交互的网络安全威胁情报共享方案[J]. 信息网络安全, 2022, 22(5): 21-29.
[6]	刘嘉微, 马兆丰, 王姝爽, 罗守山. 基于区块链的隐私信用数据受限共享技术研究[J]. 信息网络安全, 2022, 22(5): 54-63.
[7]	崔皓宇, 马利民, 王佳慧, 张伟. 基于区块链的属性加密多授权机构安全模型研究[J]. 信息网络安全, 2022, 22(5): 84-93.
[8]	石润华, 王树豪, 李坤昌. V2G中一种轻量级的跨域双向认证方案[J]. 信息网络安全, 2022, 23(3): 20-28.
[9]	陈彬杰, 魏福山, 顾纯祥. 基于KNN的具有隐私保护功能的区块链异常交易检测[J]. 信息网络安全, 2022, 23(3): 78-84.
[10]	王健, 张蕴嘉, 刘吉强, 陈志浩. 基于区块链的司法数据管理及电子证据存储机制[J]. 信息网络安全, 2022, 22(2): 21-31.
[11]	刘峰, 杨成意, 於欣澄, 齐佳音. 面向去中心化双重差分隐私的谱图卷积神经网络[J]. 信息网络安全, 2022, 22(2): 39-46.
[12]	侯雨桐, 马兆丰, 罗守山. 基于区块链的数据安全共享与受控分发技术研究与实现[J]. 信息网络安全, 2022, 22(2): 55-63.
[13]	刘忻, 王家寅, 杨浩睿, 张瑞生. 一种基于区块链和secGear框架的车联网认证协议[J]. 信息网络安全, 2022, 22(1): 27-36.
[14]	冯景瑜, 汪涛, 于婷婷, 张文波. 基于多云多链协同的医疗数据安全共享机制[J]. 信息网络安全, 2022, 22(1): 9-18.
[15]	孙力. 区块链+在线教育资源联盟信息保护机制研究与应用[J]. 信息网络安全, 2021, 21(9): 32-39.