区块链跨链安全接入与身份认证方案研究与实现

doi:10.3969/j.issn.1671-1122.2022.06.007

摘要/Abstract

摘要：

文章提出一种区块链跨链安全接入与身份认证方案,针对跨链技术中的接入链安全接入与跨链身份认证问题,设计安全的跨链模型架构,采用数字身份ID作为区块链整个跨链网络的全局标识符,完成跨链交易的身份认定。文章提出了基于中继链的IBE的跨链身份认证方案,通过中继链进行接入链安全接入与跨链身份认证,同时采用安全密钥协商策略,对进行跨链交易的两条链进行交易信息加密传输,确保交易信息的匿名安全性,解决了现有跨链模型中的安全性和数据孤岛问题。实验分析和评估表明该方案是安全可行的。

关键词: 区块链跨链, 身份认证, IBE认证, 密钥协商

Abstract:

This paper proposes a blockchain cross-chain secure access and identity authentication scheme. Aiming at the research on access chain secure access and cross-chain identity authentication in cross-chain technology, a secure cross-chain model architecture is designed. The digital identity is used as the global identifier of the whole cross chain network of the blockchain to complete the identity identification of cross-chain transactions. A cross-chain identity authentication scheme of IBE based on relay chain is proposed. The access chain security access and cross-chain identity authentication are carried out through relay chain. At the same time, the transaction information of the two chains carrying out cross-chain transactions is encrypted and transmitted by using security key negotiation strategy, so as to ensure the anonymity security of transaction information and solve the problems of security and isolated data island in the existing cross-chain model. Finally, the experimental analysis and evaluation show that the scheme is safe and feasible.

Key words: cross-chain, identity authentication, IBE authentication, key agreement

中图分类号:

TP309

王姝爽, 马兆丰, 刘嘉微, 罗守山. 区块链跨链安全接入与身份认证方案研究与实现[J]. 信息网络安全, 2022, 22(6): 61-72.

WANG Shushuang, MA Zhaofeng, LIU Jiawei, LUO Shoushan. Research and Implementation of Cross-Chain Security Access and Identity Authentication Scheme of Blockchain[J]. Netinfo Security, 2022, 22(6): 61-72.

图/表 16

图1

表1

图2

图3

图4

图5

图6

表2

图7

图8

表3

图9

表4

表5

图10

表6

参考文献 30

[1]	SCHULTE S, SIGWART M, FRAUENTHALER P, et al. Towards Blockchain Interoperability[C]// Springer. International Conference on Business Process Management. Berlin: Springer, 2019: 3-10.
[2]	QASSE I A, ABU T M, NASIR Q. Inter Blockchain Communication: A Survey[C]// ArabWIC. Proceedings of the ArabWIC 6th Annual International Conference Research Track. Arab: ArabWIC, 2019: 1-6.
[3]	LI Fang, LI Zhuoran, ZHAO He. Research on the Progress of Blockchain Cross Chain Technology[J]. Journal of Software, 2019, 30(6): 1649-1660.
	李芳, 李卓然, 赵赫. 区块链跨链技术进展研究[J]. 软件学报, 2019, 30(6): 1649-1660.
[4]	XIAO Zhifei. Design and Research of IP Secure Communication System Based on Combined Public Key[J]. Network Security Technology and Application, 2022(1): 23-24.
	肖智飞. 基于组合公钥的IP安全通信系统设计研究[J]. 网络安全技术与应用, 2022(1):23-24.
[5]	QIU Suhua. Research and Implementation of Unified Authentication System Based on Identity Authentication Technology[J]. China Informatization, 2021(12): 59-60.
	邱素华. 基于身份认证技术的统一认证系统研究与实现[J]. 中国信息化, 2021(12): 59-60.
[6]	VELÁSQUEZ I, CARO A, RODRÍGUEZ A. Authentication Schemes and Methods: A Systematic Literature Review[J]. Information and Software Technology, 2018, 94: 30-37. doi: 10.1016/j.infsof.2017.09.012 URL
[7]	CHEN Yuxiang, DONG Guishan, BAI Jian, et al. Trust Enhancement Scheme for Cross Domain Authentication of PKI System[C]// IEEE. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery(CyberC). New York:IEEE, 2019: 103-110.
[8]	MA Zhaofeng, WANG Xiaochang, JAIN D K, et al. A Blockchain-Based Trusted Data Management Scheme in Edge Computing[J]. IEEE Transactions on Industrial Informatics, 2019, 16(3): 2013-2021. doi: 10.1109/TII.2019.2933482 URL
[9]	LIU Mingda, CHEN Zuoling, SHI Yijuan, et al. Research Progress of Blockchain in the Field of Data Security[J]. Journal of Computer Science, 2021, 44(1): 1-27.
	刘明达, 陈左宁, 拾以娟, 等. 区块链在数据安全领域的研究进展[J]. 计算机学报, 2021, 44(1):1-27.
[10]	GU Yan. Design and Implementation of Identity Authentication System Based on Blockchain[D]. Beijing: Beijing University of Posts and Telecommunications, 2018.
	顾燕. 基于区块链的身份认证系统的设计与实现[D]. 北京: 北京邮电大学, 2018.
[11]	MA Zhaofeng, WANG Lingyun, WANG Xiaochang, et al. Blockchain-Enabled Decentralized Trust Management and Secure Usage Control of IoT Big Data[J]. IEEE Internet of Things Journal, 2019, 7(5): 4000-4015. doi: 10.1109/JIOT.2019.2960526 URL
[12]	DONG Guishan, CHEN Yuxiang, FAN Jia, et al. Research on Privacy Protection Strategies in Blockchain Applications[J] Computer Science, 2019, 46(5): 29-35.
	董贵山, 陈宇翔, 范佳, 等. 区块链应用中的隐私保护策略研究[J]. 计算机科学, 2019, 46(5):29-35.
[13]	ZHANG Linlin, ZOU Xiang, YANG Minghui. Identity Authentication Chain Based on Encrypted Database in Heterogeneous Alliance Network[C]// IEEE. Proceedings of the 2019 7th International Conference on Information Technology:IoT and Smart City. New York: IEEE, 2019: 353-356.
[14]	SHAO Sisi, CHEN Fei, XIAO Xiaoying, et al. IBE-BCIOT: An IBE Based Cross-Chain Communication Mechanism of Blockchain in IoT[J]. World Wide Web, 2021, 24(5): 1665-1690. doi: 10.1007/s11280-021-00864-9 URL
[15]	WANG Xiaoyi, QIU Weiwei, ZENG Lei, et al. A Credible Transfer Method of Cross-Chain Assets Based on DID and VC[C]// IEEE. 2021 IEEE 4th International Conference on Information Systems and Computer Aided Education(ICISCAE). New York:IEEE, 2021: 238-242.
[16]	XIE Tianxiu, ZHANG Yue, GAI Keke, et al. Cross-Chain-Based Decentralized Identity for Mortgage Loans[C]// Springer. International Conference on Knowledge Science, Engineering and Management. Berlin: Springer, 2021: 619-633.
[17]	MA Zhaofeng, MENG Jialin, WANG Jihui, et al. Blockchain-Based Decentralized Authentication Modeling Scheme in Edge and IoT Environment[J]. IEEE Internet of Things Journal, 2020, 8(4): 2116-2123. doi: 10.1109/JIOT.2020.3037733 URL
[18]	ZHANG Hongxia, CHEN Xingshu, LAN Xiao, et al. BTCAS: A Blockchain-Based Thoroughly Cross-Domain Authentication Scheme[EB/OL]. [2021-12-16]. https://xueshu.baidu.com/usercenter/paper/show?paperid=11550m20k01p0gq0tp480vd01d695917.
[19]	SHEN Meng, LIU Huisen, ZHU Liehuang, et al. Blockchain-Assisted Secure Device Authentication for Cross-Domain Industrial IoT[J]. IEEE Journal on Selected Areas in Communications, 2020, 38(5): 942-954. doi: 10.1109/JSAC.2020.2980916 URL
[20]	CONTI M, HASSAN M, LAL C. BlockAuth: BlockChain Based Distributed Producer Authentication in ICN[EB/OL]. [2021-12-20]. https://xueshu.baidu.com/usercenter/paper/show?paperid=103n0xt0mk0u0ed0yy5p04e0fm076091.
[21]	YANG Chun, LI Jingwei, LI Hongwei, et al. Research on Unified Identity Model of Heterogeneous Identity Alliance[J]. Information Security and Communication Confidentiality, 2019(6): 27-35.
	杨淳, 李经纬, 李洪伟, 等. 异构身份联盟统一身份标识模型研究[J]. 信息安全与通信保密, 2019(6):27-35.
[22]	YANG Guanqun, LIU Yin, XU Hao, et al. Power Grid Trusted Distributed Identity Authentication System Based on Blockchain[J]. Journal of Network and Information Security, 2021, 7(6): 88-98.
	杨冠群, 刘荫, 徐浩, 等. 基于区块链的电网可信分布式身份认证系统[J]. 网络与信息安全学报, 2021, 7(6):88-98.
[23]	WANG Sasa, DAI Bingrong, ZHU Menglu, et al. User Identity Authentication Model for Cross Chain System[J]. Computer Engineering and Application, 2021(11):1-8.
	王洒洒, 戴炳荣, 朱孟禄, 等. 面向跨链系统的用户身份标识认证模型[J]. 计算机工程与应用, 2021(11):1-8.
[24]	MICHAEL J, COHN A, BUTCHER J R. Convergence of Blockchain and IoT: An Edge Over Technologies[EB/OL]. [2021-12-15]. https://link.springer.com/chapter/10.1007/978-3-030-24513-9_17.
[25]	PILKINGTON M. Blockchain Technology: Principles and Applications[M]. UK: Edward Elgar Publishing, 2016.
[26]	CASINO F, DASAKLIS T K, PATSAKIS C. A Systematic Literature Review of Blockchain-Based Applications: Current Status, Classification and Open Issues[J]. Telematics and Informatics, 2019, 36: 55-81. doi: 10.1016/j.tele.2018.11.006 URL
[27]	YE Shaojie, WANG Xiaoyi, XU Caichao, et al. Bitxhub: Heterogeneous Blockchain Interoperability Platform Based on Side Chain Relay[J]. Computer Science, 2020, 47(6): 294-302.
	叶少杰, 汪小益, 徐才巢, 等. BitXHub: 基于侧链中继的异构区块链互操作平台[J]. 计算机科学, 2020, 47(6):294-302.
[28]	ZHAO Dongfang. Li T. Distributed Cross-Blockchain Transactions[EB/OL]. [2021-12-18]. https://xueshu.baidu.com/usercenter/paper/show?paperid=1a3v00706k6s0mv0k95e0gj05j583896.
[29]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer. Workshop on the Theory and Application of Cryptographic Techniques. Heidelberg: Springer, 1984: 47-53.
[30]	DENG H, QIN Z, WU Q, et al. Identity-Based Encryption Transformation for Flexible Sharing of Encrypted Data in Public Cloud[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 3168-3180. doi: 10.1109/TIFS.2020.2985532 URL

区块链	集中度	共识范围	共识机制	花费	效率
公有链	去中心化	所有成员和机构	POW/POS	高	低
联盟链	多中心	不同组织	PBFT	中	中
私有链	单中心	组织内	RPCA	低	高

参数	参数含义
RC	中继链
ACi	应用链i
Pier	跨链网关
ID	数字身份标识
r	种子随机数
Pub	中继公钥
s	中继私钥
$\left( \theta,\sigma,R,\varepsilon \right)$	签名信息
ID	身份信息
XID	数字身份标识

序号	应用链身份标识	注册提案
1	did:fabric:app-chain01: 0xBCD99f9C10b7836D765ba35Fa82c70B1D3c93caD:	0xBCD99f9C10b7836D765ba35Fa82c70B1D3c93caD-0
2	did:fabric:app-chain01: 0x793D7F0B6E41DB41e38E229E9ee1dBBB77F231E9:	0x793D7F0B6E41DB41e38E229E9ee1dBBB77F231E9-0

序号	交易类型	交易ID	区块Hash	时间戳	交易Payload
1	链内交易	0c8d0734353983fdb811eca43eea4fda87e3f9370b4ee3c7b4465e0abc75b62f	0x2D1b227D0b1Ae21C8Ba4852253101c4c25008c1873d57Da9ab10Dd73e32e1517	2022-01-22T13: 18:47.769	初始化Alice拥有资产9000元
2	链内交易	ea7e34814f930e83a7b81ee62eba4f77da93badfa7d26796059b6c134935b892	0xE61ED7874DA939aa4c14663d9f1902b3F3915a36B62959bF0875F89Ca476DDE8	2022-01-22T14: 03:47.770	Alice向Bob转账100元
3	跨链交易	e42f1f2b280a00349aa96def72c1d08f5c7a0fb0e9c5ccb37103b4db5f46c5a	0x7166b32Ae51CC411bC7A1AabaE9011C23d5C6c6636C351ae5D8C6463cBFe2629	2022-01-22T23: 16:40.59	Bob_A链向Bob_B链转账200元
4	中继链交易	ee62eba4f77da93badfa7d26796059b6c134935b892e42f1f2b280a00349aa	0x1E249da3558Da2891054e10de7B1077E49eA86d139333D6Dca49acc95F1feE5d	2022-01-23T08: 16:40.59	接入链发起注册请求
5	中继链交易	0734353983fdb811eca43eea4fda87e3f9370b4ea7e34814f930e83a7b81e	0x336bcdBb0689d5ef70425320A5aB52de553399316Eb3f6c5c6d86c0F7B63b8Fd	2022-01-24T11: 16:40.59	节点对注册请求进行投票

节点	平均响应时间/s
节点	注册请求	中继投票	交易查询	跨链交易
Node1	2.352	2.345	2.696	3.237
Node2	2.322	2.845	2.447	3.712
Node3	2.316	3.165	2.477	4.962
Node4	2.325	2.682	2.515	3.584