Cross Heterogeneous Authentication Domain Authentication Scheme Based On Blockchain

With the rising popularity of the Internet and the development of big data technology,an increasing number of organizations are opting to cooperate across domains to maximize their benefits.Most organizations use public key infrastructure(PKI)to ensure security in accessing their data and applications.However,with the continuous development of identity-based encryption(IBE)technology,small-and medium-sized enterprises are increasingly using IBE to deploy internal authentication systems.To solve the security problems of the certification process that arise when crossing heterogeneous authentication domains,we propose using blockchain technology to establish a reliable cross-domain authentication scheme.Using the distributed and tamper-resistant characteristics of the blockchain,we design a cross-domain authentication model based on blockchain to guarantee the security of the heterogeneous authentication process.To make our system more usable,on the premise of using the authentication framework and logic inside each authentication domain,use blockchain technology to establish authentication trust between authentication domains.Our system not only achieves the goal of cooperation but also can reduce the complexity of system,guarantee system security and traceability while having better flexibility.Aiming at the shortcomings of the cooperation model of heterogeneous authentication domains and the existing cross-heterogeneous domain authentication schemes,this paper proposes an authentication scheme suitable for heterogeneous authentication domains across PKI and IBE based on blockchain technology.Each authentication domain establishes a trust relationship on the blockchain through the inter domain interconnection module in the organization.The design goals are as follows:(1)Using distributed and multi-center characteristics of the blockchain,build a distributed authentication model that joins the consortium blockchain platform with inter-domain interconnect modules of multiple trust domains.On the premise of remaining the internal architecture and authentication logic of the original authentication domain,ensure the internal logic and hierarchy of each authentication domain is clear.Because the consortium blockchain is more centralized and the chain is limited to members within the consortium,a consensus has been reached when each authentication domain accesses the consortium chain,that is,the members of the access chain are all trusted members.(2)Use blockchain transactions to build trust and ensure the security of certificates through transparent audits.Inter-domain interconnection modules of multiple trust domains are used as the initiator or receiver of the transaction which published on the consortium blockchain platform to achieve authorized trust.Blocks are used to manage trust and authorization in the form of recorded transactions.Each cross-domain authentication process can be traced back,and records cannot be tampered.(3)Design a unique blockchain certificate named BCert for assembling blockchain transactions.Record the BCert on the blockchain by recording transactions on the blockchain ledger.Because the blockchain is distributed and stored in all the nodes of the blockchain network,all the inter-domain interconnect modules of multiple trust domains do not need to establish trust through trusted third parties.Just through query and compared the record which stored on the blockchain issued by the inter-domain interconnection module with hash value of BCert which provided by the target domain,to achieve the purpose of verifying the authenticity of the certificate held by the target domain.This solution not only simplifies the certification path in the cross-domain authentication process,but also can reduce the number of verifications and improve the verification efficiency during cross-domain authentication.This model does not change the internal trust structure of each authentication domain and is highly scalable.Furthermore,on the premise of ensuring security,the process of verifying the signature of the root certificate in the traditional cross-domain authentication protocol is improved to verify the hash value of the root certificate,thereby improving the authentication efficiency.The developed prototype exhibits generality and simplicity compared to previous methods.