| With the development of Internet applications,users’ digital identities are increasing.Whether digital identity can be managed safely and effectively directly restricts the service quality and security of information system.However,in many current identity management systems,the user’s identity is restricted to the closed trust domain,and can only be authenticated in the trust domain.When a user needs to access the services of other trust domains across domains,the user identity cannot be identified or needs to be authenticated at great cost.Especially in various industry scenarios such as the Internet of Things,medical treatment and 5G communication,the demand for interdomain sharing and interaction is increasing constantly.Therefore,it becomes particularly important to build a cross-domain identity management system.The system enables collaborative authentication and authorization of digital identities across different trust domains to facilitate cooperation and interaction.In recent years,due to the single point of failure and other security problems in the centralized cross-domain identity management system,decentralized cross-domain identity management has been widely concerned by the academic community.Among them,self-sovereign identity(SSI),as the core of the current concept of decentralized identity,has attracted more and more scholars’ attention.And compared with traditional identity models(such as centralized identity,federated identity,etc.),the most important feature of SSI is that users have full ownership and control of their identity.On the one hand,SSI employs a new type of decentralized identity identifier(DID)that is created by the user,independent of any organization,and owned by the user.On the other hand,users have full control over the registration,update and deregistration of DID.In order to bring the advantages of SSI into the system,this paper studies decentralized cross-domain identity management based on DID.However,there are still some limitations in this scheme at present,such as vulnerability to Sybil attack,excessive storage overhead on the blockchain,and lack of privacy and efficiency.To solve the above problems,this paper proposes a cross-domain identity management system framework based on DID,which has the characteristics of privacy protection and Sybil-resistance.Firstly,in order to resist Sybil attack and reduce the management burden of redundant identities,this paper designs a deduplication method in the identity registration protocol to limit the number of DID users,this method can resist Sybil attack by binding real life identity credentials.Secondly,in order to reduce storage overhead on the blockchain,a dynamic accumulator is utilized to store user identity information.In addition,to protect user privacy and improve efficiency,an efficient crossdomain anonymous authentication scheme is implemented using anonymous credentials and non-interactive zero-knowledge proofs(NIZKP).Furthermore,to address the difficulty of revoking anonymous identities,a method for effectively revoking anonymous credentials using dynamic accumulators is designed.Finally,this paper carries on the security analysis,performance comparison and scheme comparison of the proposed scheme,indicating that the proposed scheme has safety and feasibility. |
PDF Full Text Request