Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized i...Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized identity management has received considerable attention in academia and industry.However,with the increasing sharing interaction among each domain,management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore.To solve these problems,we propose BIdM,a decentralized crossdomain identity management system based on blockchain.We design a decentralized identifier(DID)for naming identities based on the consortium blockchain technique.Since the identity subject fully controls the life cycle and ownership of the proposed DID,it can be signed and issued without a central authentication node’s intervention.Simultaneously,every node in the system can participate in identity authentication and trust establishment,thereby solving the centralized mechanism’s single point of failure problem.To further improve authentication efficiency and protect users’privacy,BIdM introduces a one-way accumulator as an identity data structure,which guarantees the validity of entity identity.We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation.The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.展开更多
基金Key-Area Research and Development Program of Guangdong Province(2020B0101090003)National Natural Science Foundation of China(62072012)+2 种基金Shenzhen Research Project(JSGG20191129110603831)Shenzhen Key Laboratory Project(ZDSYS201802051831427)the project PCL Future Regional Network Facilities for Large Scale Experiments and Applications。
文摘Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized identity management has received considerable attention in academia and industry.However,with the increasing sharing interaction among each domain,management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore.To solve these problems,we propose BIdM,a decentralized crossdomain identity management system based on blockchain.We design a decentralized identifier(DID)for naming identities based on the consortium blockchain technique.Since the identity subject fully controls the life cycle and ownership of the proposed DID,it can be signed and issued without a central authentication node’s intervention.Simultaneously,every node in the system can participate in identity authentication and trust establishment,thereby solving the centralized mechanism’s single point of failure problem.To further improve authentication efficiency and protect users’privacy,BIdM introduces a one-way accumulator as an identity data structure,which guarantees the validity of entity identity.We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation.The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.
