Research And Implementation Of HSM-based Identity Management And Cryptographic Components In Consortium Blockchain

In recent years,blockchain technology has received extensive attention and research from academia and industry.The license chain represented by the consortium blockchain has been widely used in the industry.In the consortium blockchain,the identity management component is used to implement the user's identity authentication and permission admission mechanism,and the cryptographic component is used to implement the basic cryptographic algorithm that supports the platform operation,and both are important components of the security component in the consortium blockchain platform.The current open source consortium blockchain platform mostly uses identity management and cryptographic components based on international common cryptographic algorithms and software.This has certain security risks in the basic algorithms and implementation schemes,and does not meet the principle of autonomous control of key security components in blockchain applications.This is not conducive to the development and promotion of consortium chain technology in China.Based on the open source consortium blockchain platform Hyperledger Fabric,this paper studies and implements the identity management and cryptographic components based on hardware security module(HSM),and builds a high-security and usable blockchain platform based on hardware security module and china standard cryptographic algorithm.The main work of this paper is as follows:First,the certificate-based identity management strategy is designed.On the basis of supporting the original international common certificate,the algorithm options and certificate format are extended,and the support of china standard cryptographic algorithm is added to generate a certificate that conforms to the X.509 standard format for the node;improved client and CA certificate generation and verification algorithms,support generation,extraction,resolution and verification of china standard cryptographic certificate;Secondly,an improved scheme of the cryptographic component based on the hardware security module is designed,and the structure of the cryptographic service module is improved.First,the algorithm of the cryptographic service module of the consortium blockchain platform is extended to support the china standard cryptographic algorithm service;secondly,the design of the calling interface,communication layer and message layer of the hardware security module is completed,and the china standard cryptographic algorithm service based on the hardware security module is supported by the integration with the cryptographic service module.Among them,the adaptation of the hardware security module and different algorithms at the message layer is a major difficulty;Third,based on the above design scheme,the HSM-based identity management and cryptographic components were implemented and tested and evaluated in the Hyperledger Fabric.The system test shows that the improved solution improves the security of key storage and cryptographic operations of the blockchain platform,and realizes the identity authentication function based on the china standard cryptographic algorithm and digital certificate,which is conducive to the development and promotion of the consortium blockchain technology in China.