工业物联网中基于区块链的跨域信任认证机制

Blockchain-based Cross-domain Trust Authentication Mechanism in Industrial Internet of Things

随着工业物联网(IIoT)制造流程变得越来越复杂,整个制造过程通常由多个管理域协作完成.IIoT设备的身份和可信度在跨域协作中难以得到保障,现有研究缺乏一种同时考虑设备可信度和身份认证的适当方法.此外,区块链因其可靠的特性在身份认证和信任管理领域得到了广泛的应用,但现有研究所采用的区块链单链架构无法满足大规模IIoT多域场景的可扩展性需求.因此,本文提出一种主从链架构以实现可扩展的跨域信任认证机制(MSBCTA).MSBCTA利用信任票据有效组合匿名身份认证和信任管理方法,既能实现跨域身份认证和隐私保护,又能动态评估设备的可信度.此外,MSBCTA采用单向哈希链实现高效的密钥协商方法,保证IIoT设备后续通信的安全.安全性分析和性能评估表明了MSBCTA的可行性和有效性.

As Industrial Internet of Things(IIoT)manufacturing processes are getting more sophisticated,the entire manufacturing process is usually completed through collaboration between multiple administrative domains.The identity and credibility of IIoT devices are hard to be guaranteed in cross-domain collaboration.Existing researches lack an appropriate approach that considers both credibility of devices and identity authentication.In addition,blockchain has been widely used in the fields of identity authentication and trust management due to its reliable characteristics.But the single-chain architecture of blockchain used in the existing research cannot meet the scalability requirements of large-scale IIoT multi-domain scenarios.Therefore,this paper proposes a master-slave chain architecture to implement a scalable cross-domain trust authentication mechanism(MSBCTA).MSBCTA uses trust tickets to effectively combine anonymous authentication and trust management methods,which not only enables cross-domain authentication and privacy protection,but also dynamically evaluates the trustworthiness of the device.In addition,MSBCTA uses one-way hash chain to realize efficient key agreement method,which ensures the security of subsequent communications of IIoT devices.Security analysis and performance evaluation demonstrate the feasibility and effectiveness of MSBCTA.