Efficient Distributed Anonymous Heterogeneous Cross-domain  Authentication Scheme for Industrial Internet of Things

Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (10): 964-.

Efficient Distributed Anonymous Heterogeneous Cross-domain Authentication Scheme for Industrial Internet of Things

Online:2022-10-25 Published:2022-10-24

工业互联网环境下高效分布式匿名异构跨域认证方案

邓淏天1彭洪涛2祝烈煌1安鹏2吴桐1,3张川1

1(北京理工大学网络空间安全学院北京100081)
2(北京明朝万达科技股份有限公司安元实验室北京100142)
3(北京理工大学长三角研究院浙江嘉兴314019)

通讯作者: 邓淏天博士研究生.主要研究方向为物联网安全、区块链技术. hdeng@bit.edu.cn
作者简介:邓淏天博士研究生.主要研究方向为物联网安全、区块链技术. hdeng@bit.edu.cn 彭洪涛主要研究方向为密码学与应用、数据安全治理、联邦学习、恶意代码分析. penghongtao@wondersoft.cn 祝烈煌博士，教授.主要研究方向为密码算法及安全协议、区块链技术、云计算安全. liehuangz@bit.edu.cn 安鹏硕士，工程师.主要研究方向为密码学与应用、数据安全治理、联邦学习. anpeng@wondersoft.cn 吴桐博士.主要研究方向为密码学与应用、云计算安全、区块链. tongw@bit.edu.cn 张川博士，副研究员.主要研究方向为云计算安全、密码学与应用、机器学习、区块链技术. chuanz@bit.edu.cn

Abstract

Abstract: The Industrial Internet of Things (IIoT) is considered by governments and businesses as the main battlefield for competition by the government and enterprises in the second half of the information age. As the IIoT becomes more powerful and complex, devices in IIoT not only need to build a connection or exchange information in the security domain where they are located but also need to cooperate with the devices in other domains to improve production efficiency. Crossdomain collaboration faces the problem of data security, secure identity authentication technologies are the guarantee of data security and the basis of privacy computing. However, the traditional crossdomain authentication has many limitations, such as the need to rely on trusted third parties, poor universality, centralized management, high cost, low efficiency, lack of privacy preserving, etc. In this paper, a distributed anonymous heterogeneous crossdomain authentication scheme based on certificateless linkable ring signature is proposed to address the aforementioned issues. For one thing, the linkable ring signature algorithm is innovatively applied to crossdomain authentication, which not only realizes heterogeneous crossdomain authentication but also implements anonymity authentication and identity protection; for another, the blockchain is used to build a crossdomain distributed storage network. The efficiency of blockchain data storage and the query is improved through IPFS (Inter Planetary File System) technology. Finally, security analysis, schemes comparison, and simulation experiments based on Ethereum are given to prove the security and effectiveness of our proposed scheme.

Key words: crossdomain authentication, ring signature, anonymous authentication, heterogeneous authentication, blockchain

摘要： 工业互联网被政府和企业认为是信息时代下半场竞争的主战场.随着工业互联网的功能日益强大，设备不仅需要在所在的安全域中相互连接和交换信息，还需要跨域协作来提高效率.跨域协作面临数据安全的问题，安全的身份认证技术是数据安全的保障、隐私计算的基础.然而传统的跨域认证存在诸多问题，如需要依赖可信第三方、普适性差、中心化管理、成本高、效率低、缺乏隐私保护等.针对以上问题，提出了基于无证书可链接环签名的分布式匿名异构跨域认证方案.该方案一方面创新性地将可链接环签名算法应用于跨域认证，既实现了异构跨域认证，又实现了设备的匿名认证与身份保护；另一方面，利用区块链构建跨域的分布式存储网络，通过IPFS(interplanetary file system)技术提高区块链数据存储和查询的效率.最后通过安全性分析、方案对比和基于以太坊的模拟实验证明了该方案的安全性和有效性.

关键词: 跨域认证, 环签名, 匿名认证, 异构认证, 区块链

邓淏天, 彭洪涛, 祝烈煌, 安鹏, 吴桐, 张川. 工业互联网环境下高效分布式匿名异构跨域认证方案[J]. 信息安全研究, 2022, 8(10): 964-.

References

［1］工业和信息化部. 《工业和信息化部办公厅关于推动工业互联网加快发展的通知》政策解读［EBOL］. (20200321) ［20220731］. http:www.gov.cnzhengce20200321content_5493935.htm［2］Meticulous Market Research. Industrial IoT Market by Component, Industry verticals forecast to 2029 ［EBOL］. 2022 ［20220731］. https:www.researchandmarkets.comreports5206798industrialiotmarketbycomponentindustry［3］闫寒, 李端. 工业互联网安全风险分析及对策研究［J］. 网络空间安全, 2020, 11(2): 8187［4］Sengupta J, Ruj S, Dasbit S. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT［J］. Journal of Network and Computer Applications, 2020, 149(1): 102481［5］Yu Xingjie, Guo Huaqun. A survey on IIoT security［C］ Proc of IEEE VTS Asia Pacific Wireless Communications Symposium (APWCS). Piscataway, NJ: IEEE, 2019: 15［6］Steiner J G, Neuman B C, Schiller J I. Kerberos: An authentication service for open network systems［C］ Proc of the USENIX. Berkelery, CA: USENIX Association, 1988［7］林俊燕. 基于树形桥CA的跨域身份认证解决方案［J］. 信息安全研究, 2019, 5(11): 10401043［8］Fromknecht C, Velicanu D, Yakoubov S. A namecoin based decentralized authentication system ［EBOL］. (20140514) ［20220731］. http:courses.csail.mit.edu6.8572014files19fromknechtvelicannyakoubovcertcoin.pdf［9］Malik N, Nanda P, Arora A, et al. Blockchain based secured identity authentication and expeditious revocation framework for vehicular networks［C］ Proc of the TrustComBigDataSE. New York: ACM, 2018: 674679［10］Wang Wentong, Hu Ning, Liu Xin. Blockcam: A blockchainbased crossdomain authentication model［C］ Proc of the 3rd IEEE Int Conf on Data Science in Cyberspace (DSC). Piscataway, NJ: IEEE, 2018: 896901［11］Zhang Hongxia, Chen Xingshu, Lan Xiao, et al. BTCAS: A blockchainbased thoroughly crossdomain authentication scheme［J］. Journal of Information Security and Applications, 2020, 55(12): 102538［12］Gu Pengpeng, Chen Liquan. An efficient blockchainbased crossdomain authentication and secure certificate revocation scheme［C］ Proc of the Int Conf on Computer and Communications (ICCC). Piscataway, NJ: IEEE, 2020: 17761782［13］Deng Lunzhi, Shi Hongyu, Gao Yan. Certificateless linkable ring signature scheme［J］. IEEE Access, 2020, 8(3): 5464154651［14］Benet J. IPFS—Content addressed, versioned, P2P file system［EBOL］. (20140714) ［20220731］. https:arxiv.orgabs1407.3561 ［15］Bai Qinghai, Zheng Ying, Zhao Linna, et al. Research on mechanism of PKI trust model［J］. Applied Mechanics and Materials, 2014, 536(4): 536537: 694697［16］Andersen M P, Kumar S, Abdelbaky M, et al. WAVE: A decentralized authorization framework with transitive delegation［C］ Proc of the 28th USENIX Security Symp (USENIX Security19). Berkelery, CA: USENIX Association, 2019: 13751392［17］Chen Jing, Yao Shixiong, Yuan Quan, et al. CertChain: Public and efficient certificate audit based on blockchain for TLS connections［C］ Proc of the IEEE Conf on Computer Communication(INFOCOM). Piscataway, NJ: IEEE, 2018: 20602068［18］Myk A, Msk B, Ham A. CertLedger: A new PKI model with certificate transparency based on blockchain［J］. Computers & Security, 2019, 85(8): 333352［19］Wang Ze, Lin Jingqiang, Cai Quanwei, et al. Blockchainbased certificate transparency and revocation transparency［J］. IEEE Trans on Dependable and Secure Computing, 2020: 11［20］范青, 何德彪, 罗敏, 等. 基于SM2数字签名算法的环签名方案［J］. 密码学报, 2021, 8(4): 710723［21］Liu J, Au M H, Susilo W, et al. Linkablering signature with unconditional anonymity［J］. IEEE Trans on Knowledge and Data Engineering, 2014, 26(1): 157165［22］Handschuh H. SHA Family (Secure Hash Algorithm) Encyclopedia of Cryptography and Security: Computing, Networking, and Services［M］. Berlin: Springer, 2005［23］国家标准化管理委员会. GBT 32918.1—2016 信息安全技术SM2 椭圆曲线公钥密码算法 第1部分: 总则［S］. 北京: 中华人民共和国国家质量监督检验检疫总局, 2016［24］国家密码管理局. 国家密码管理局关于发布《SM2密码算法使用规范》等14项密码行业标准公告［EBOL］. (20121122) ［20220731］. https:sca.gov.cnscaxwdt20121122content_1002397.shtml［25］Yang Yanyan, Hu Mingsheng, Kong shan, et al. Scheme on crossdomain identity authentication based on group signature for cloud computing［J］. Wuhan University Journal of Natural Science, 2019, 24(2): 134140［26］Ethereum.org. What is ethereum? ［EBOL］.2022 ［20220731］. https:ethereum.orgenwhatisethereum［27］Osterland T, Rose T. Model checking smart contracts for Ethereum［J］. Pervasive and Mobile Computing, 2020, 63(3): 101129［28］马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案［J］. 电子学报, 2018, 46(11): 25712579［29］杨绍禹, 王世卿, 郭晓峰. 一种基于环签名的跨域云服务资源远程证明方法［J］. 小型微型计算机系统, 2014, 35(2): 324328