CD-BCM:Cross-Domain Batch Certificates Management Based On Blockchain

IF 1.5 4区计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Journal Pub Date : 2023-03-21 DOI:10.1093/comjnl/bxad025

Shixiong Yao, Pei Li, Jing Chen, Yuexing Zeng, Jiageng Chen, Donghui Wang

{"title":"CD-BCM:Cross-Domain Batch Certificates Management Based On Blockchain","authors":"Shixiong Yao, Pei Li, Jing Chen, Yuexing Zeng, Jiageng Chen, Donghui Wang","doi":"10.1093/comjnl/bxad025","DOIUrl":null,"url":null,"abstract":"Abstract With the development of information networks, the entities from different network domains interact with each other more and more frequently. Therefore, identity management and authentication are essential in cross-domain setting. The traditional Public Key Infrastructure (PKI) architecture has some problems, including single point of failure, inefficient certificate revocation status management and also lack of privacy protection, which cannot meet the demand of cross-domain identity authentication. Blockchain is suitable for multi-participant collaboration in multi-trust domain scenarios. In this paper, a cross-domain certificate management scheme CD-BCM based on the consortium blockchain is proposed. For the issue of Certificate Authority’s single point of failure, we design a multi-signature algorithm. In addition, we propose a unified structure for batch certificates verification and conversion, which improve the efficiency of erroneous certificate identification. Finally, by comparing with current related schemes, our scheme achieves good functionality and scalability in the scenario of cross-domain certificate management.","PeriodicalId":50641,"journal":{"name":"Computer Journal","volume":null,"pages":null},"PeriodicalIF":1.5000,"publicationDate":"2023-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/comjnl/bxad025","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Abstract With the development of information networks, the entities from different network domains interact with each other more and more frequently. Therefore, identity management and authentication are essential in cross-domain setting. The traditional Public Key Infrastructure (PKI) architecture has some problems, including single point of failure, inefficient certificate revocation status management and also lack of privacy protection, which cannot meet the demand of cross-domain identity authentication. Blockchain is suitable for multi-participant collaboration in multi-trust domain scenarios. In this paper, a cross-domain certificate management scheme CD-BCM based on the consortium blockchain is proposed. For the issue of Certificate Authority’s single point of failure, we design a multi-signature algorithm. In addition, we propose a unified structure for batch certificates verification and conversion, which improve the efficiency of erroneous certificate identification. Finally, by comparing with current related schemes, our scheme achieves good functionality and scalability in the scenario of cross-domain certificate management.

查看原文本刊更多论文

CD-BCM:基于区块链的跨域批量证书管理

摘要随着信息网络的发展，来自不同网络域的实体之间的交互越来越频繁。因此，在跨域设置中，身份管理和认证是必不可少的。传统的公钥基础设施(Public Key Infrastructure, PKI)体系结构存在单点故障、证书撤销状态管理效率低下以及缺乏隐私保护等问题，无法满足跨域身份认证的需求。区块链适用于多信任域场景下的多参与者协作。提出了一种基于联盟区块链的跨域证书管理方案CD-BCM。针对证书颁发机构的单点失效问题，设计了一种多重签名算法。此外，我们还提出了一种统一的批量证书验证和转换结构，提高了错误证书识别的效率。最后，通过与现有相关方案的比较，本方案在跨域证书管理场景下具有良好的功能性和可扩展性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Journal 工程技术-计算机：软件工程

CiteScore

3.60

自引率

7.10%

发文量

164

审稿时长

4.8 months

期刊介绍： The Computer Journal is one of the longest-established journals serving all branches of the academic computer science community. It is currently published in four sections.