面向物联网的分布式身份管理和跨域认证方案

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

Future Generation Computer Systems-The International Journal of Escience Pub Date : 2025-03-21 DOI:10.1016/j.future.2025.107818

Miaomiao Wang, Ze Wang

{"title":"面向物联网的分布式身份管理和跨域认证方案","authors":"Miaomiao Wang, Ze Wang","doi":"10.1016/j.future.2025.107818","DOIUrl":null,"url":null,"abstract":"<div><div>Reliable identity management and authentication are prerequisites for secure information communication. Traditional centralized schemes rely on the Certificate Authority (CA), and their cross-domain authentication is complex, posing a risk of centralized data leakage. The advancement of blockchain technology has disrupted the traditional model, leading to the emergence of Self-Sovereign Identity (SSI) management and authentication schemes. However, the widespread adoption of SSI still faces some challenges, such as key loss and the inefficiency of MerkleTree verification. Therefore, we propose an improved distributed identity management and cross-domain authentication scheme for the Internet of Things (IoT). In this scheme, a key creation and recovery mechanism is first proposed to prevent identity unavailability caused by key loss. Then, a double one-way accumulator algorithm is designed to improve identity authentication and enhance the authentication efficiency. Our scheme has passed formal and informal security analyses, and has robust performance.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"169 ","pages":"Article 107818"},"PeriodicalIF":6.2000,"publicationDate":"2025-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A distributed identity management and cross-domain authentication scheme for the Internet of Things\",\"authors\":\"Miaomiao Wang, Ze Wang\",\"doi\":\"10.1016/j.future.2025.107818\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Reliable identity management and authentication are prerequisites for secure information communication. Traditional centralized schemes rely on the Certificate Authority (CA), and their cross-domain authentication is complex, posing a risk of centralized data leakage. The advancement of blockchain technology has disrupted the traditional model, leading to the emergence of Self-Sovereign Identity (SSI) management and authentication schemes. However, the widespread adoption of SSI still faces some challenges, such as key loss and the inefficiency of MerkleTree verification. Therefore, we propose an improved distributed identity management and cross-domain authentication scheme for the Internet of Things (IoT). In this scheme, a key creation and recovery mechanism is first proposed to prevent identity unavailability caused by key loss. Then, a double one-way accumulator algorithm is designed to improve identity authentication and enhance the authentication efficiency. Our scheme has passed formal and informal security analyses, and has robust performance.</div></div>\",\"PeriodicalId\":55132,\"journal\":{\"name\":\"Future Generation Computer Systems-The International Journal of Escience\",\"volume\":\"169 \",\"pages\":\"Article 107818\"},\"PeriodicalIF\":6.2000,\"publicationDate\":\"2025-03-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Future Generation Computer Systems-The International Journal of Escience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167739X2500113X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X2500113X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

可靠的身份管理和身份验证是安全信息通信的先决条件。传统的集中式方案依赖于CA (Certificate Authority)，其跨域认证复杂，存在集中数据泄露的风险。区块链技术的进步打破了传统模式，导致了自主身份（Self-Sovereign Identity， SSI）管理和认证方案的出现。然而，SSI的广泛采用仍然面临着一些挑战，如密钥丢失和MerkleTree验证的低效率。因此，我们提出了一种改进的物联网（IoT）分布式身份管理和跨域认证方案。在该方案中，首先提出了一种密钥创建和恢复机制，以防止由于密钥丢失而导致的身份不可用。然后，设计了一种双单向累加器算法来改进身份认证，提高认证效率。该方案通过了正式和非正式的安全分析，具有鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A distributed identity management and cross-domain authentication scheme for the Internet of Things

Reliable identity management and authentication are prerequisites for secure information communication. Traditional centralized schemes rely on the Certificate Authority (CA), and their cross-domain authentication is complex, posing a risk of centralized data leakage. The advancement of blockchain technology has disrupted the traditional model, leading to the emergence of Self-Sovereign Identity (SSI) management and authentication schemes. However, the widespread adoption of SSI still faces some challenges, such as key loss and the inefficiency of MerkleTree verification. Therefore, we propose an improved distributed identity management and cross-domain authentication scheme for the Internet of Things (IoT). In this scheme, a key creation and recovery mechanism is first proposed to prevent identity unavailability caused by key loss. Then, a double one-way accumulator algorithm is designed to improve identity authentication and enhance the authentication efficiency. Our scheme has passed formal and informal security analyses, and has robust performance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.