Research On Cross-domain Authentication Technology Based On Blockchain

With the rapid development of digital information,each application domain has its own data storage server,and many data resources are the same.If they are stored separately,it will lead to a waste of equipment resources,and each resource application domain maintains its own separate scope.For users,when they want to obtain data in different application domains,they must switch back and forth between different application domains.For most data information,application domains generally require users to log in and verify before they can gain access,which will greatly increase the difficulty for users to obtain resources.How can users facilitate the acquisition of data information between various application domains?First of all,it is definitely unrealistic and unsafe for each application domain to share all of its data.Then,based on the Internet mechanism,we can establish a cross-domain access mechanism between various application domains,which is to establish a mechanism to identify and authenticate users.This mechanism can effectively solve the access control of users in different application domains.It can also prevent illegal access to resources in the network.When users are accessing across domains,the main problem is how to identify and authenticate users in different domains.In the traditional PKI(Public Key Infrastructure)infrastructure,inter-domain authentication can be achieved.This framework is easier to authenticate users than the authentication framework using symmetric keys.However,the authentication method it adopts is through the issuance of cross-certificates.This model has problems such as complicated certificate management,low efficiency,single point of failure,and high system construction and maintenance costs.These problems are also the concern and research direction of many scholars.Blockchain technology is a distributed ledger technology,It integrates technologies such as point-to-point transmission,consensus mechanism,and distributed storage,It has the characteristics of decentralization,transparency and credibility,anonymity,anti-tampering,traceability,and high security.This new application model constructed by computer technology has established a trust relationship in the Internet,and has been widely used in cross-domain authentication.The main work of this thesis is as follows:(1)We proposed a blockchain consensus algorithm based on credit mechanism and dynamic accumulatorThis thesis analyzes the deficiencies of the practical Byzantine fault-tolerant(PBFT)algorithm for blockchain consensus mechanism.The main problems of the PBFT algorithm are that the communication complexity is too high,the consistency protocol process is complicated,the process scalability is relatively low,the performance drops very fast with the increase of nodes,and the dynamic increase and deletion of nodes cannot be achieved.Aiming at these problems,a blockchain consensus algorithm based on credit mechanism and dynamic accumulator is designed.Using Ethereum to build a consortium chain as an experimental environment,security analysis and performance analysis of the algorithm in this thesis are carried out,including performance verification,fault tolerance analysis,and communication overhead performance analysis.(2)We proposed a cross-domain identity authentication solution based on blockchain technologyThis thesis analyzes the shortcomings of public key infrastructure(PKI)in the process of cross-domain identity authentication.The main problems are single point of failure,complicated certificate management,and difficulty in confirming the authentication path.In response to these problems,a cross-domain identity authentication solution based on blockchain technology is proposed,and the performance of this solution is analyzed,including security verification,resistance to replay attacks,resistance to distributed denial of service attacks,two-way authentication and Performance comparison.The main innovations of this thesis are as follows:(1)The consensus algorithm in this thesis improves the three-phase protocol of the PBFT algorithm,the method of ensuring the consistency of the node height and the view number through the synchronization mechanism and the view switching protocol replaces the confirmation phase,and the number of communication times of the algorithm is less than that of the PBFT consensus algorithm,which reduces the communication overhead.The algorithm introduces a credit mechanism,formulates a credit scoring system,and sets up a set of alternate nodes.It can better improve the enthusiasm of nodes,effectively prevent and exclude Byzantine nodes from participating in the consensus mechanism,Realize the dynamic addition and deletion of nodes,Reduced communication caused by view switching and improve the efficiency of consensus,Moreover,the algorithm uses dynamic accumulator technology to realize the synchronization of block data information for newly added nodes.(2)The cross-domain authentication scheme in this thesis uses the advantages of the bridge CA trust model,introduces blockchain technology,uses the bridge CA certificate server of the trust domain as the blockchain node to build a consortium blockchain,instead of the original PKI cross-domain authentication.The method solves the problems of single point of failure and complex certificate management.Perform performance analysis and comparison experiments of public key encryption and decryption,digital signature and verification,and hash operation with related documents,it is verified that the scheme in this thesis has the characteristics of high authentication efficiency and high performance.