Blockchain-based Identity Authentication And Authorization Mechanism

The rapid development of the Internet has brought various services on the Web,such as e-mail,shopping,social chatting,banking services,entertainments,etc.People may have quite a few web identities(i.e.,login accounts and passwords),causing a security problem known as "password fatigue".The availability of rich Web services makes our life convenient,yet brings challenging issues as well,including password fatigue,brute force password cracking or other password attacks,phishing,data leaks,and even attacks from quantum computers.Users need to use accounts and passwords to access various platforms and systems.Weak passwords are easy to be remembered but vulnerable to attacks,while strong passwords are not easy-to-use.Single Sign On(SSO)mechanism is a widely-used mechanism,which authorizes a user by relying on an identifier provider,such as Facebook,to provide the user's identity.SSO alleviates password fatigue,making it easier and faster to access applications.However,SSO is a centralized authentication mechanism,whenever the identifier provider's service fails,the identification cannot be completed.These issues motivate us to find solutions that can alleviate and solve these issues effectively,and provide users with secure and convenient login services.To this end,a blockchain-based and decentralized identity authentication mechanism without traditional passwords is proposed.Instead of using the http/https protocols,the Whisper protocol in Ethereum is adopted.Each website is a node of the blockchain network,avoiding the vulnerability of single point failure or being attacked in the traditional centralized manner.More specifically,the website verifies the identity information of the user by receiving a content of a Whisper envelope,thus the website does not need to provide a web interface,in order to verify the identity information of the user.The communications between websites adopt the Whisper protocol,the content of the messages being passed are symmetric or asymmetrically encrypted by Whisper envelope,ensuring the security.As the size of a Whisper envelope may affect the speed,in which it broadcasts on the blockchain network.After uploading the content to IPFS to get the hash of the content,the Whisper only broadcasts the hash,so the size of the envelope becomes smaller.Using IPFS has another advantage.The centralized storage method cannot be retrieved once data is lost.But decentralized storage systems do not rely on a central service provider,and we use IPFS to store users' encrypted private information.The proposed identity authorization process in a decentralized manner has been verified to be defend against replay attack,phishing attack and impersonation attack,compared with OAuth2.0,Open ID and SAML.