Abstract
With the development of Public Key Infrastructure (PKI), there implements lots of identity management systems in enterprises, hospitals, government departments, etc. These systems based on PKI are typically centralized systems. Each of them has their own certificate authority (CA) as trust anchor and is designed according their own understanding, thus formalizing lots of trust domains isolated from each other and there is no unified business standards with regard to trust delivery of an identity system to another, which caused a lot of inconveniences to users who have cross-domain requirements, for example, repeatedly register same physical identity in different domains, hard to prove the validity of an attestation issued by a domain to another. Present PKI systems choose solutions such as Trust list, Bridge CA or Cross-authentication of CAs to break trust isolation, but practice shows that they all have obvious defects under existing PKI structure. We propose an open identity authentication structure based on blockchain and design 3 protocols including: Physical identity registration protocol, virtual identity binding protocol and Attribution attestation protocol. The tests and security analysis show that the scheme has better practice value compared to traditional ones.
Supported by National Key Research and Development Program of China (2017YFB0802300) and (2017YFB0802304). Science and technology projects in Sichuan Province (2017GZDZX0002) and Sichuan Science and Technology Program No. 2018JY0370.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ITU-T: NGN Identity Management Framework. http://www.itu.int/rec/T-REC-Y.2720-200901-I. Accessed 4 July 2018
Allen, C.: The Path to Self-Sovereign Identity. http://www.coindesk.com/path-self-sovereign-identity/. Accessed 4 July 2018
UK Government: Identity Proofing and Verification of an Individual. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/370033/GPG_45_. Accessed 4 July 2018
Guel, M.D.: A framework for choosing your next generation authentication/authorization system. Information Security Technical Report 7.1, pp. 63–78 (2002). https://doi.org/10.1016/S1363-4127(02)00107-3
Adams, C., Lioyd, S.: Understanding PKI: Concepts, Standards and Deployment Considerations, 2nd edn. Addison Wesley Professional, Reading (2002)
Myers, M., Ankney, R., Malpani, A., et al.: X.509 Internet Public Key Infrastructure: Online Certificate Status Protocols. EITFRFC 2560. PKIX Working Group (1999)
Weimerskirch, A., Thonet, G.: A distributed light-weight authentication model for ad-hoc networks. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 341–354. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45861-1_26
Ma, M., Meinel, C.: A proposal for trust model: independent trust intermediary service (ITIS). In: Proceedings of the ICWI 2002, pp. 785–790 (2002)
Thompson, M.R., Olson, D., Cowles, R., et al.: CA-Based trust model for grid authentication and identity delegation. In: Proceedings of the GGF7 (2003)
Comodo: PKI-Public Key Infrastructure - What is it?. https://www.comodo.com/resources/small-business/digital-certificates1.php. Accessed 4 July 2018
Peng, B., Liu, J., Gong, Z., et al.: Cross-domain Trust Model Based on Bridge CA. Ship Electronic Engineering (2017)
Leiba, B.: OAuth web authorization protocol. IEEE Internet Comput. 16(1), 74–77 (2012)
FIDO Alliance: The FIDO Alliance specification. http://fidoalliance.org. Accessed 4 July 2018
Lindemann, R., Baghdasaryan, D., Tiffany, E., et al.: FIDO UAF Protocol Specification v1.0: FIDO Alliance Proposed Standard. https://fidoalliance.org/spces/fido-uaf-v1.0-ps-20141208/fido-uaf-protocol-v1.0-ps-20141208.html. Accessed 4 July 2018
Lindemann, R., Baghdasaryan, D., Tiffany, E., et al.: FIDO UAF Protocol Specification v1.0: FIDO Alliance Proposed Standard. https://en.bitcoin.it/wiki/Block. Accessed 4 July 2018
Kexin, H.: Research on FIDO UAF Authentication Protocols Security. University of Science and Technology of China (2016)
Satoshi, N.: Bitcoin: A Peer-to-Peer Electronic Cash System (2009). http://bitcoin.org/bitcoin.pdf. Accessed 4 July 2018
Baars, D.: Towards Self-Sovereign Identity using Blockchain Technology. http://essay.utwente.nl/71274/1/Baars_MA_BMS.pdf. Accessed 4 July 2018
Antonopoulos, A.M.: Mastering Bitcoin: Unlocking Digital Crypto-Currencies. O’Reilly Media Inc, Sebastopol (2014)
Bergan, T., Anderson, O., Devietti, J., et al.: CryptoNote v 2.0. http://xueshu.baidu.com/s?wd=paperuri. Accessed 4 July 2018
Haber, S., Kaliski, B., Stornetta, S.: How do Digital Time-stamps Support Digital Signatures. http://www.x5.net/faqs/crypto/q108. html. Accessed 4 July 2018
Hyperledger: Project Charter. www.hyperledger.org/about/charter. Accessed 4 July 2018
Canetti, R., Shahaf, D., Vald, M.: Universally Composable Authentication and Key-Exchange with Global PKI. http://xueshu.baidu.com/s?wd=Universally+composable+authentication+and+key-exchange+with+global+PKI. Accessed 4 July 2018
Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_22
Canetti, R.: Universally composable signature, certification, and authentication. In: CSFW, p. 219. IEEE Computer society (2004)
Maurer, U., Tackmann, B., Coretti, S.: Key exchange with unilateral authentication: composable security definition and modular protocol design. IACR Cryptology ePrint Archive 2013, 555 (2013)
Kohlweiss, M., Maurer, U., Onete, C., Tackmann, B., Venturi, D.: (De-)Constructing TLS. IACR Cryptology ePrint Archive 2014, 20 (2014)
Weinberg, J.T.: Biometric identity. Soc. Sci. Electron. Publ. 59(1), 30–32 (2016)
Ding, W., Ping, W.: Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secure Comput. PP(99), 1 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, Y., Dong, G., Hao, Y., Zhang, Z., Peng, H., Yu, S. (2020). An Open Identity Authentication Scheme Based on Blockchain. In: Wen, S., Zomaya, A., Yang, L. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2019. Lecture Notes in Computer Science(), vol 11944. Springer, Cham. https://doi.org/10.1007/978-3-030-38991-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-38991-8_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-38990-1
Online ISBN: 978-3-030-38991-8
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)