Oracle Based Privacy-Preserving Cross-Domain Authentication Scheme

IF 3 3区 计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Yuan Su;Yuheng Wang;Jiliang Li;Zhou Su;Witold Pedrycz;Qinnan Hu
{"title":"Oracle Based Privacy-Preserving Cross-Domain Authentication Scheme","authors":"Yuan Su;Yuheng Wang;Jiliang Li;Zhou Su;Witold Pedrycz;Qinnan Hu","doi":"10.1109/TSUSC.2024.3350343","DOIUrl":null,"url":null,"abstract":"The Public Key Infrastructure (PKI) system is the cornerstone of today’s security communications. All users in the service domain covered by the same PKI system are able to authenticate each other before exchanging messages. However, there is identity isolation in different domains, making the identity of users in different domains cannot be recognized by PKI systems in other domains. To achieve cross-domain authentication, the consortium blockchain system is leveraged in the existing schemes. Unfortunately, the consortium blockchain-based authentication schemes have the following challenges: high cost, privacy concerns, scalability and economic unsustainability. To solve these challenges, we propose a scalable and privacy-preserving cross-domain authentication scheme called Bifrost-Auth. Firstly, Bifrost-Auth is designed to use a decentralized oracle to directly interact with blockchains in different domains instead of maintaining a consortium blockchain and enables mutual authentication for users lying in different domains. Secondly, users can succinctly authenticate their membership of the domain by the accumulator technique, where the membership proof is turned into zero knowledge to protect users’ privacy. Finally, Bifrost-Auth is proven to be secure against various attacks, and thorough experiments are carried out and demonstrate the security and efficiency of Bifrost-Auth.","PeriodicalId":13268,"journal":{"name":"IEEE Transactions on Sustainable Computing","volume":"9 4","pages":"602-614"},"PeriodicalIF":3.0000,"publicationDate":"2024-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Sustainable Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10381788/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

The Public Key Infrastructure (PKI) system is the cornerstone of today’s security communications. All users in the service domain covered by the same PKI system are able to authenticate each other before exchanging messages. However, there is identity isolation in different domains, making the identity of users in different domains cannot be recognized by PKI systems in other domains. To achieve cross-domain authentication, the consortium blockchain system is leveraged in the existing schemes. Unfortunately, the consortium blockchain-based authentication schemes have the following challenges: high cost, privacy concerns, scalability and economic unsustainability. To solve these challenges, we propose a scalable and privacy-preserving cross-domain authentication scheme called Bifrost-Auth. Firstly, Bifrost-Auth is designed to use a decentralized oracle to directly interact with blockchains in different domains instead of maintaining a consortium blockchain and enables mutual authentication for users lying in different domains. Secondly, users can succinctly authenticate their membership of the domain by the accumulator technique, where the membership proof is turned into zero knowledge to protect users’ privacy. Finally, Bifrost-Auth is proven to be secure against various attacks, and thorough experiments are carried out and demonstrate the security and efficiency of Bifrost-Auth.
基于 Oracle 的隐私保护跨域身份验证方案
公钥基础设施(PKI)系统是当今安全通信的基石。同一 PKI 系统所覆盖的服务域中的所有用户都能在交换信息前相互认证。然而,不同域之间存在身份隔离,使得其他域的 PKI 系统无法识别不同域用户的身份。为了实现跨域身份验证,现有方案中采用了联盟区块链系统。遗憾的是,基于联盟区块链的身份验证方案存在以下挑战:成本高、隐私问题、可扩展性和经济不可持续性。为了解决这些难题,我们提出了一种可扩展且保护隐私的跨域身份验证方案--Bifrost-Auth。首先,Bifrost-Auth 设计为使用去中心化甲骨文直接与不同领域的区块链交互,而不是维护一个联盟区块链,从而实现不同领域用户的相互认证。其次,用户可以通过累加器技术简洁地认证自己的域成员身份,其中成员证明被转化为零知识,以保护用户的隐私。最后,Bifrost-Auth 被证明可以安全地抵御各种攻击,并进行了全面的实验,证明了 Bifrost-Auth 的安全性和高效性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IEEE Transactions on Sustainable Computing
IEEE Transactions on Sustainable Computing Mathematics-Control and Optimization
CiteScore
7.70
自引率
2.60%
发文量
54
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信