基于区块链的跨数据中心匿名可监管身份认证方案
Blockchain-based cross-data center anonymous and verifiable identity authentication scheme
徐淑奖 1张朝阳 1王连海 1张淑慧 1邵蔚1
作者信息
- 1. 齐鲁工业大学(山东省科学院)山东省计算中心(国家超级计算济南中心)算力互联网与信息安全教育部重点实验室,山东 济南 250014;山东省基础科学研究中心(计算机科学)山东省计算机网络重点实验室,山东 济南 250014
- 折叠
摘要
随着大数据和云计算技术的发展,金融机构之间跨机构数据共享交互日益增多.由于隐私泄露事件的频繁发生,数据安全保护面临着严峻的挑战,也对跨数据中心的身份认证等数据安全管理技术提出了更高的要求.传统的中心化身份认证方案在安全性和可扩展性方面存在缺陷,难以满足高频跨中心数据共享的应用需求.区块链具有分布式、难以篡改、可追溯、多方共识等优异特性,为跨数据中心身份认证提供了崭新的思路.在实际应用场景中,不仅要对用户的身份隐私进行保护,还需要对用户的匿名身份进行有效的监管.提出了一种基于区块链的匿名可监管的跨数据中心身份认证方案,不改变各数据中心原有架构,以各数据中心的管理节点为中心建立分布式多中心的联盟链;利用区块链技术,保障身份认证过程的透明性和可信性;采用属性签名保护用户身份隐私,并建立身份映射表追踪用户真实身份,实现用户身份隐私保护和监管兼顾的跨数据中心身份认证.安全性分析和仿真实验结果表明,该方案无须用户再次注册,具有不可伪造性和可追踪等特性,能够抵御重放攻击、拒绝服务攻击、篡改攻击、中间人攻击等网络攻击.
Abstract
With the progression of big data and cloud computing technologies,there has been an escalating trend in cross-institutional data sharing and interaction within the financial sector.However,the frequent occurrence of privacy breaches poses significant challenges to ensuring data security protection.This necessitates the elevation of requirements for identity authentication across data centers and other technologies related to data security management.The traditional centralized identity authentication schemes are inherently flawed in security and scalability,which hampers their ability to meet the demands of high-frequency cross-center data sharing applications.The blockchain technology has emerged as a potential solution,offering exceptional characteristics such as a distributed nature,tamper-proof properties,traceability,and the ability to achieve multi-party consensus.In practical application scenarios,it is essential to not only protect the privacy of user identities but also to effectively regulate anonymous identities.An anonymous and supervisable cross-data center identity authentication scheme based on blockchain was proposed.This scheme did not necessitate alterations to the original architecture of each data center.Instead,a distributed multi-center consortium blockchain was formed by leveraging more than one server from each data center to establish a data center union.Blockchain technology was utilized to ensure the transparency and reliability of the identity authentication process.Additionally,attribute signatures were employed to safeguard user identity privacy while simultaneously creating an identity mapping table that facilitated the tracking of real user identities.Consequently,the scheme was designed to protect user privacy during cross-data center identity authentication and to enable effective supervision over anonymous identities.A thorough security analysis and the results of experiments demonstrate that the proposed scheme possesses the following attributes:it does not require users to re-register,it exhibits characteristics of unforgeability and traceability,and it is capable of withstanding various network attacks,including replay attacks,denial of service attacks,tampering attacks,and man-in-the-middle attacks.
关键词
数据安全/区块链/身份认证/隐私保护/身份监管Key words
data security/blockchain/identity authentication/privacy protection/identity regulation引用本文复制引用
基金项目
山东省重点研发计划(2021CXGC010107)
山东省"泰山学者"项目(tsqn202312231)
济南市新高校二十条项目(202228017)
出版年
2024
国家科技期刊平台
NSTL
万方数据