A blockchain and signature based scheme for cross-domain authentication with decentralized identity

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2025-03-13 DOI:10.1016/j.csi.2025.103994

Zinuo Zhang , Wei Ren , Xianchao Zhang , Yani Sun , Tianqing Zhu , Kim-Kwang Raymond Choo

{"title":"A blockchain and signature based scheme for cross-domain authentication with decentralized identity","authors":"Zinuo Zhang , Wei Ren , Xianchao Zhang , Yani Sun , Tianqing Zhu , Kim-Kwang Raymond Choo","doi":"10.1016/j.csi.2025.103994","DOIUrl":null,"url":null,"abstract":"<div><div>Currently, users access various network services without a unified identity authentication among domains, which not only obliges users to numerous network accounts, but also creates significant inconvenience for cross-domain authentication. Most existing schemes rely on the Public Key Infrastructure (PKI) system, which depends on the trustworthiness of Certificate Authorities (CAs). However, this poses challenges to maintaining user identity privacy. Addressing this issue, this paper proposes a blockchain-based cross-domain identity authentication scheme utilizing decentralized identity management, where users only need to register an account within one domain and can access services in other domains through verifiable credentials (VC). The scheme designs two types of VC, namely, directional VCs and general VCs. General VCs use threshold signatures allowing access to a larger number of domains. It also introduces proxy signatures to design a method for credential borrowing, further enhancing user convenience. Logical analysis using the Subject–Verb–Object (SVO) structure confirms the scheme’s viability, while security analysis indicates its resilience against various attacks, including replay, impersonation, and internal threats. Moreover, the scheme provides substantial benefits for safeguarding user privacy and data security.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"94 ","pages":"Article 103994"},"PeriodicalIF":4.1000,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548925000236","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Currently, users access various network services without a unified identity authentication among domains, which not only obliges users to numerous network accounts, but also creates significant inconvenience for cross-domain authentication. Most existing schemes rely on the Public Key Infrastructure (PKI) system, which depends on the trustworthiness of Certificate Authorities (CAs). However, this poses challenges to maintaining user identity privacy. Addressing this issue, this paper proposes a blockchain-based cross-domain identity authentication scheme utilizing decentralized identity management, where users only need to register an account within one domain and can access services in other domains through verifiable credentials (VC). The scheme designs two types of VC, namely, directional VCs and general VCs. General VCs use threshold signatures allowing access to a larger number of domains. It also introduces proxy signatures to design a method for credential borrowing, further enhancing user convenience. Logical analysis using the Subject–Verb–Object (SVO) structure confirms the scheme’s viability, while security analysis indicates its resilience against various attacks, including replay, impersonation, and internal threats. Moreover, the scheme provides substantial benefits for safeguarding user privacy and data security.

查看原文本刊更多论文

一种基于区块链和签名的分散身份跨域认证方案

目前，用户在访问各种网络服务时，没有统一的域间身份认证，这不仅使用户需要使用众多的网络账号，而且给跨域认证带来了极大的不便。大多数现有方案依赖于公钥基础设施（PKI）系统，该系统依赖于证书颁发机构（ca）的可信度。然而，这给维护用户身份隐私带来了挑战。为了解决这个问题，本文提出了一种基于区块链的跨域身份认证方案，利用分散的身份管理，用户只需要在一个域中注册一个帐户，就可以通过可验证的凭据（VC）访问其他域中的服务。该方案设计了两种类型的风险投资，即定向风险投资和通用风险投资。一般的vc使用阈值签名，允许访问更多的域。引入代理签名，设计了一种凭据借用方法，进一步提高了用户使用的便利性。使用主语-动词-对象（SVO）结构的逻辑分析确认了方案的可行性，而安全性分析表明其对各种攻击的弹性，包括重播、模拟和内部威胁。此外，该方案为保障用户隐私和数据安全提供了实质性的好处。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.