Research And Application Of Platform Identity Authentication Based On Blockchain

Traditional authentication schemes are mainly centralized authentication.Authentication data and logs are easy to be tampered with and cannot be traced effectively.At present,many platforms have developed into a multi-level system architecture across regions and networks,and the ownership of the system is often not unified.Therefore,it is difficult to find a central authorization node trusted by all parties to provide identity authentication.In these systems,identity authentication is managed in a centralized way,which is easy to cause vulnerabilities during the permission configuration due to permission mismatch.Once these vulnerabilities are used by hackers,it will harm the data security of the whole system.Based on the characteristics of blockchain,which has no center and cannot be tampered with,this paper proposes an identity authentication system based on blockchain,which mainly solves two problems,namely tamper-proof authentication data and trusted storage of authentication log.In terms of anti-tampering of authentication data,this paper implements the RBAC model with smart contract,so that it can run on the alliance chain,so as to improve the credibility of the authentication process.In order to prevent violent polling and other attack means,this paper uses intelligent contract to implement an on-chain anti-tampering blacklist based on sliding time window algorithm.When the sliding time window algorithm is running,it is limited to a centralized node to store window data.However,this paper uses the characteristics of data consistency of each node of the alliance chain to implement the sliding time window blacklist method based on blockchain.In terms of authentication log storage trust,this paper proposes a trusted authentication log storage scheme based on associative chain and distributed database.In this scheme,authentication logs are processed by means of off-chain encryption storage and on-chain word segmentation index.After authentication logs are chained by keyword segmentation,key log information is retained,the space usage of the chain is reduced,the credibility of authentication logs is improved,and the query efficiency of logs is ensured.In this paper,the proposed dynamic intelligent contract-based authentication model and intelligent contract-based trusted log storage model are verified in the authentication system of A company.The results show that the proposed two schemes can effectively prevent authentication data from being tampered with,and thus improve the credibility of authentication logs.