Jie Xu,Kaiping Xue,Hangyu Tian,Jianan Hong,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tvt.2020.2986041

IF: 6.8

2020-01-01

IEEE Transactions on Vehicular Technology

Abstract:More and more users are eager to obtain more comprehensive network services without revealing their private information. Traditionally, in order to access a network, a user is authorized with an identity and corresponding keys, which are generated and managed by the network operator. All users' personally identifying information are centralized stored by the network operator. However, this approach makes users lose the control of their personally identifying information. Users are concerned about who can access these sensitive data and whether they have been compromised. In this paper, we propose a blockchain-based identity management and authentication scheme for mobile networks, where users' identifying information are controlled by the users themselves. Our scheme let users generate their self-sovereign identities (SSIs) and corresponding public keys and private keys. The private key used to authenticate the user's identifying information is only known to the user. We use blockchain to record SSIs and public keys of legitimate user, and adopt chameleon hash to delete illegal users' information on the blockchain, while keeping the block head unchanged. Furthermore, other service providers can obtain the user's SSI and public key and authenticate users by querying the blockchain. Experimental results confirm that our scheme can greatly reduce the revocation overhead and communication overhead.

Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.

Biao Ma,Haifeng Qian

DOI: https://doi.org/10.1007/s12083-024-01866-w

IF: 3.488

2024-11-28

Peer-to-Peer Networking and Applications

Abstract:Traditional identity management solutions currently encounter numerous challenges. (1) These solutions store user information in centralized databases, thereby exposing them to potential risks such as single points of failure and privacy breaches. (2) The lack of data compatibility between various applications leads to escalated communication expenses. (3) While existing solutions strive to tackle these challenges through blockchain, tracking malicious users often proves to be challenging. Moreover, due to the full-replication strategies of the blockchain, the storage overhead becomes excessive. To address these challenges, this paper introduces a scalable identity management scheme utilizing blockchain technology, with the primary goal of enhancing identity protection and traceability. We also integrate blockchain technology with Reed-Solomon (RS) encoding and Certificateless Aggregate Signature (CLAS) to safeguard user information, with each node specifically storing a portion of the encoded data block. In contrast to traditional identity management solutions. (1) Our approach tackles the single point of failure problem by blockchain. Simultaneously, it ensures the security of identity and the ability to track malicious users. Users need only upload information once to access different applications without maintaining multiple sets of account passwords. (2) Furthermore, compared to the traditional blockchain full replication strategy, our method significantly reduces storage overhead from O ( n ) to O (1), greatly improving scalability. Meanwhile, we eliminate time for block searches, accelerating the processes of authentication and information traceability. (3) Our scheme employs CLAS to verify data integrity, ensuring the reliability of received data. In the real world, our solution demonstrates high availability and scalability, with performance analysis and experimental evaluation providing relevant data for validation.

computer science, information systems,telecommunications

Jiahe Wang,Songjie Wei,Haozhe Liu

DOI: https://doi.org/10.1007/978-3-030-23404-1_14

2019-01-01

Abstract:To overcome the difficulties in the traditional password-based identity authentication procedure with high security risk and complexity, and to avoid the privacy leaking problems arising from a series of new techniques such as using biometrics as key, this paper proposes a universal solution for decentralized identity authentication by block chain integrated with a trusted execution environment, through a separate hardware to establish a secure area, enabling identity anonymity and avoiding feature disclosure. Smart contract and consensus mechanism are adopted for building trusted identity nodes between decentralized nodes by constructing a traceable identity data structure in blockchain. We conduct formal theoretical and empirical evaluations to show that the proposed can realize user identity registration, cross-platform authentication, and guarantee security in the whole procedure with efficiency and reliability.

Jing He,Xiaofeng MA,Dawei Zhang,Feng Peng

DOI: https://doi.org/10.1051/sands/2024013

2024-10-16

Security and Safety

Abstract:Decentralized identity represents an innovative approach based on blockchain to achieve effective identity management. This method utilizes decentralized identifiers and verifiable credential to enable trusted authentication, free circulation of identity information, and self-sovereign control over identity data functionalities. The current decentralized identity systems rely on entirely anonymous identifiers, lacking robust identity regulation. Furthermore, they face challenges such as identity attribute leakage during verifiable credential presentation and the issuers' struggle to reliably revoke credentials. To address these issues, efficient and practical schemes have been designed based on BBS signature, zero-knowledge proof, dynamic accumulator and blockchain technology: one for decentralized identifiers management and the other for verifiable credential privacy protection, both of which are supervised and revocable. The former ensures the privacy of subject identity while achieving regulatability and revocability of identity data by regulator. The latter facilitates selective disclosure of anonymous credentials and reliable revocation. A security analysis shows that the proposed scheme meets anonymity, non-forgeability, regulatory reliability, and revocability reliability, and offers comprehensive and effective privacy protection measures. The experimental results demonstrate that the algorithms designed operate at a millisecond level, which satisfies the demands of blockchain identity management scenarios.

Gao Yu-Long,Chen Xiu-Bo,Xu Gang,Liu Wen,Dong Mian-Xiong,Liu Xin

DOI: https://doi.org/10.1007/s11042-020-09867-6

IF: 2.577

2020-01-01

Multimedia Tools and Applications

Abstract:Nowadays, personal privacy disclosure issues become increasingly prominent in the process of data publishing. Targeting at this issue, a secure blockchain-based personal privacy protection scheme is proposed. In this paper, firstly, the information is stored in cloud service, and its hash value is used for the index, which is encrypted and stored on the blockchain. Secondly, based on the principles of cryptography and the characters of blockchain technology, we propose our scheme and use it to provide an access control mechanism for personal privacy. It can make the personal privacy protection easier and more efficient. At last, through our analysis, this scheme can sufficiently protect personal privacy in using mobile devices and provide a safe and trustworthy information acquisition method for data mining. More importantly, this proposed scheme also can provide a reliable and unique source tracing for multimedia copyright protection in terms of multimedia security.

Kaida Jiang,Yifei Gao,Jiawei Xiao,Futai Zou

DOI: https://doi.org/10.1109/iccc51575.2020.9344990

2020-01-01

Abstract:In traditional centralized application construction and data storage modes, the application servers and the users are not in equal position in user information management. The application server can store and abuse the user's information under the circumstances that the users are not aware, and the user cannot revoke the authorization from the application server. Therefore, this paper proposes an identity management system combined with blockchain technology, which can return the management right of user information to users. This system adopts a three-layer architecture composed of blockchain layer, virtual chain layer and storage layer, and encapsulates all functions in each layer. It has good flexibility, and is easy to add new technologies, with good extensibility. The blockchain records the user's information state to realize the consensus and integrity of the user's data. The virtual chain layer is responsible for the main logical functions and encapsulates the user's request into a blockchain transaction, maintaining a good portability. The storage layer is responsible for the actual file storage and is responsible for file routing, backup, and query. Comprehensively speaking, based on the above three layers' architecture, the system implements the user's privacy granularity control, the user file's external storage, and combines the zero-knowledge proof to update the user's private key. In view of the application environment of this system, the access time delay and efficiency of the P2P storage system are simulated. It solves the problems of centralized application construction and data storage mode under which users cannot fully control personal information and privacy protection.

Linsheng Yu,Mingxing He,Hongbin Liang,Ling Xiong,Yang Liu

DOI: https://doi.org/10.3390/s23031264

2023-01-22

Abstract:Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Xiushu Jin,Kazumasa Omote

DOI: https://doi.org/10.1371/journal.pone.0310094

IF: 3.7

2024-09-13

PLoS ONE

Abstract:In the development of web applications, the rapid advancement of Internet technologies has brought unprecedented opportunities and increased the demand for user authentication schemes. Before the emergence of blockchain technology, establishing trust between two unfamiliar entities relied on a trusted third party for identity verification. However, the failure or malicious behavior of such a trusted third party could undermine such authentication schemes (e.g., single points of failure, credential leaks). A secure authorization system is another requirement of user authentication schemes, as users must authorize other entities to act on their behalf in some situations. If the transfer of authentication permissions is not adequately restricted, security risks such as unauthorized transfer of permissions to entities may occur. Some research has proposed blockchain-based decentralized user authentication solutions to address these risks and enhance availability and auditability. However, as we know, most proposed schemes that allow users to transfer authentication permissions to other entities require significant gas consumption when deployed and triggered in smart contracts. To address this issue, we proposed an authentication scheme with transferability solely based on hash functions. By combining one-time passwords with Hashcash, the scheme can limit the number of times permissions can be transferred while ensuring security. Furthermore, due to its reliance solely on hash functions, our proposed authentication scheme has an absolute advantage regarding computational complexity and gas consumption in smart contracts. Additionally, we have deployed smart contracts on the Goerli test network and demonstrated the practicality and efficiency of this authentication scheme.

multidisciplinary sciences

Rui Mu,Bei Gong,Zhenhu Ning,Jiangjiang Zhang,Yang Cao,Zheng Li,Wei Wang,Xiaoping Wang

DOI: https://doi.org/10.1002/cpe.6545

2021-01-01

Abstract:Blockchain has decentralization characteristics and requires more targeted security schemes to protect user privacy. In contrast, existing signature schemes have many high‐complexity operations and impose an enormous computational burden on wireless nodes. This article proposes a light‐weighted identity privacy scheme for blockchain‐based on edge computing. We construct linkable identity privacy and non‐linkable identity privacy, which can resist collusion attacks while virtually guaranteeing blockchain nodes' identity privacy. Since edge computing offloads heavily, the proposed scheme has lower computational complexity than the existing techniques.

Yin Zhang,Ling Xiong,Fagen Li,Xianhua Niu,Hanzhou Wu

DOI: https://doi.org/10.1016/j.sysarc.2023.102949

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:Blockchain-based authentication mode, a fundamental solution to prevent unauthorized access behavior, gradually becomes a focus in future distributed mobile cloud computing (MCC) services. However, due to the transparent and immutable characteristics of blockchain, users' access behaviors are facing huge security and privacy threats. Storing the encrypted data on chain is an effective way to address these issues, but access permission confirmation and update in the form of ciphertext is the main bottleneck. To this end, this paper proposes a blockchain-based unified authentication and hierarchical access control scheme for the MCC environment, which provides both privacy protection and auditability. In the proposed scheme, users can access multiple MCC services with different access permissions using a single credential. To protect the privacy of both users and service providers, while still supporting auditability, the data on the public ledger is blinded using Pedersen commitments. Besides, the proposed scheme provides flexible dynamic updating in encrypted form. Theoretical analysis indicates that the proposed scheme can meet various security and privacy requirements in the MCC environment. Compared with related schemes, it has better communication efficiency. Therefore, the proposed scheme is more suitable for the actual MCC environment.

Kaiping Xue,Xinyi Luo,Hangyu Tian,Jianan Hong,David S. L. Wei,Jian Li

DOI: https://doi.org/10.1109/tvt.2021.3138203

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:In mobile communication networks, when a user roams to and accesses a foreign network, the foreign operator needs to request the user’s subscription data from a centralized authentication server, which is managed by the user’s home operator. However, centralized authentication introduces single point of failure. Meanwhile, the real-time participation of the home operator and the trust relationship between the foreign operator and the home operator are difficult to guarantee. In this paper, by adopting blockchain and smart contracts, we propose a secure and efficient access control scheme of user subscription data in roaming scenarios. We further design a flexible user authentication scheme, which utilizes derivable tokens based on the proposed access control scheme. By using blockchain to store and manage user subscription data, access control can be decentralized without any trusted third party. Besides, by implementing automatic verification of access privilege through smart contracts, the limitation of the home operators’ real-time participation is eliminated. In addition, to further improve security and reduce the on-chain storage overhead, we optimize the data encryption and storage scheme utilizing threshold secret sharing. Our security and performance analysis show that the proposed user subscription data access control scheme for roaming service provides high-level security while causing acceptable time and storage overhead.

Beini Zhou,Hui Li,Li Xu

DOI: https://doi.org/10.1109/iscc.2018.8538446

2018-01-01

Abstract:Identity-based encryption is a key distribution system in which the public key of a user is derived directly from his identity information. Compared with PKI, Identity-based encryption simplifies key management issue, but it still suffers from drawbacks inkey escrow and private key delivering. Motivated by this, we propose an improved key distribution solution called BIBE by integrating the technique of blockchain into the identity-based encryption. Specifically, we split the nodes in the chain to complete user authentication and private key protection, respectively. Furthermore, the two sides complete the mutual identity authentication with the identity information key pairs obtained from BIBE. Additionally, to prevent network attack, we employ timestamps, random numbers and hash algorithm in the process of identification. Through the rigorous and mathematical analysis, the proposed scheme demonstratesa far better performance on correctness, safety and efficiency.

Yukun Niu,Lingbo Wei,Chi Zhang,Jianqing Liu,Yuguang Fang

DOI: https://doi.org/10.1109/TVT.2022.3218528

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:Anonymous yet accountable authentication can protect users' privacy and security and prevent users from misbehaving when they access public Wi-Fi hotspots. However, most existing privacy-enhanced authentication schemes either do not meet the accountability requirements in public Wi-Fi hotspot access or they are inherently dependent on trusted third parties, and therefore are undeployable in practical settings. In this paper, we design and implement an access authentication scheme to simultaneously and efficiently provide anonymity and accountability without relying on any trusted third party by utilizing a permissionless blockchain (e.g., Bitcoin or Ethereum) and Intel SGX. Inspired by the recent progress on Bitcoin techniques such as Colored Coins, we utilize the unmodified Bitcoin blockchain as the powerful platform to manage access credentials without introducing any trusted third party. We leverage SGX-based mixer to allow users to anonymously exchange their access credentials and design the verification path of access credentials to support blacklisting misbehaving access credentials without compromising users' anonymity. By integrating with the anti-double-spending property of the Bitcoin blockchain, our scheme can simultaneously provide users' accountability and anonymity without involving any trusted third party. Finally, we demonstrate that our proposed scheme is compatible with the current Bitcoin system or other permissionless blockchains, and is highly effective and practical for public Wi-Fi hotspot access control systems.

Yukun Niu,Lingbo Wei,Chi Zhang,Jianqing Liu,Yuguang Fang

DOI: https://doi.org/10.1109/iccchina.2017.8330337

2017-01-01

Abstract:Anonymous authentication can protect users' privacy and security when they access public Wi-Fi hotspots. However, most of the existing privacy-enhanced authentication schemes either do not consider users' accountability or they are inherently dependent on trusted third parties, and therefore are undeployable in practical settings. In this paper, we design and implement an access authentication scheme to simultaneously and efficiently provide anonymity and accountability without relying on any trusted third party. Our scheme is inspired by the recent progress of Bitcoin techniques such as Colored Coins and CoinShuffle protocol. We utilize the unmodified Bitcoin blockchain as the powerful platform to manage and determine ownership of access credentials in a peer-to-peer fashion and introduce a completely decentralized Bitcoin mixing protocol that allows users to anonymously exchange their access credentials offline. The verification path of access credentials is designed to support blacklisting and punishing misbehaving anonymous users. Our proposed scheme is compatible with the current Bitcoin system, and its effectiveness and feasibility in Wi-Fi hotspot access scenario are also demonstrated by security analysis and performance evaluation.

Ke Huang,Xiaosong Zhang,Yi Mu,Fatemeh Rezaeibagha,Xiaojiang Du

DOI: https://doi.org/10.1016/j.ins.2020.07.016

IF: 8.1

2021-02-01

Information Sciences

Abstract:Internet-of-Things (IoT) envisions communications between heterogeneous devices and utilization of the associated data for smart decision making. Blockchain bridges the gap between widely-distributed IoT devices and the need for a universal trust-layer. When applying blockchain for IoT, some concerns can arise. Among them, scalability is a crucial factor because it decides whether blockchain can keep empowering IoT in the long term . According to a recent survey by Ali et al., some newly launched blockchains are suffering from powerful attacks (e.g. 51% attack) when the computing pool is small, and the number of participated nodes is inadequate (USENIX 2016). To ensure the scalability of initially-deployed blockchains, a proper countermeasure is important to be devised. Ateniese et al. proposed the notion of the redactable blockchain (EuroS&P 2017) which allows block history to be rewritten by using chameleon hash. However, the distribution and management of trapdoor key is crucial for the scalability of chameleon hash as well as redactable blockchain. To deal with the above problems, we propose two cryptographic schemes as the new theoretic tools for blockchain redaction: time updatable chameleon hash (TUCH) and linkable-and-redactable ring signature (LRRS). The use of TUCH and LRRS schemes enables redaction to take place scalably and anonymously where the spontaneous ring is generated for redaction, which costs little expenditures to rewrite a block content. Specifically, the redaction will be processed without assigning and splitting trapdoor key among multiple users in a complex way, and achieve transaction anonymity for users . What is more, we briefly instantiate how to build a redactable blockchain with update and anonymity (SRB) with our proposed TUCH and LRRS. While security analysis confirms that our proposals are theoretically secure, the experimental results show that our proposals are efficient for implementation purposes.

computer science, information systems

Li Zhiji,Zhiji Li

DOI: https://doi.org/10.4236/jis.2022.132003

2022-01-01

Journal of Information Security

Abstract:Decentralized identity authentication is generally based on blockchain, with the protection of user privacy as the core appeal. But traditional decentralized credential system requires users to show all the information of the entire credential to the verifier, resulting in unnecessary overexposure of personal information. From the perspective of user privacy, this paper proposed a verifiable credential scheme with selective disclosure based on BLS (Bohen- Lynn-Shacham) aggregate signature. Instead of signing the credentials, we sign the claims in the credentials. When the user needs to present the credential to verifier, the user can select a part of but not all claims to be presented. To reduce the number of signatures of claims after selective disclosure, BLS aggregate signature is achieved to aggregate signatures of claims into one signature. In addition, our scheme also supports the aggregation of credentials from different users. As a result, verifier only needs to verify one signature in the credential to achieve the purpose of batch verification of credentials. We analyze the security of our aggregate signature scheme, which can effectively resist aggregate signature forgery attack and credential theft attack. The simulation results show that our selective disclosure scheme based on BLS aggregate signature is acceptable in terms of verification efficiency, and can reduce the storage cost and communication overhead. As a result, our scheme is suitable for blockchain, which is strict on bandwidth and storage overhead.

Jiayue Zhou,Jianan Hong,Chengchen Zhu,Futai Zou,Cunqing Hua

DOI: https://doi.org/10.1109/icnc59896.2024.10556332

2024-01-01

Abstract:Blockchain technology has emerged as a popular research topic, particularly in the area of identity management, which provides with a decentralized ID system due to its inherent distributed architecture. This paper focuses on the security issues for vehicular ad-hoc networks (VANETs), where there exists significant obstacles to deploy blockchain-based identity manage-ment system. The idea of lightweight node seems to address such issues, as it provides a local transaction query method. However, it cannot directly suit the complex identity management scenario, as malicious revoked users can successfully exploit spoofing attacks to mislead the lightweight nodes. This paper therefore proposes a new blockchain-enabled identity management scheme for VANET system, which realizes extremely short-latency identity verification with the idea lightweight node. Especially, to achieve trustful revocation for lightweight node, we leverage the mechanism of redactable blockchain with chameleon hash, as well our tailored security protocols. The proposed scheme offers a highly secure, distributed and low-cost identity management system. The experimental result shows our advantage in terms of functionality and efficiency.

Ling Xiong,Fagen Li,Shengke Zeng,Tu Peng,Zhicai Liu

DOI: https://doi.org/10.1109/access.2019.2939368

IF: 3.9

2019-01-01

IEEE Access

Abstract:Multi-server authentication technology has become more and more popular with the extensive applications of networks. Although it has brought great convenience to people's life, security becomes a critical issue and attracts lots of attentions in both academia and industry. Over the past two decades, a series of multi-server authentication schemes without communication with the online registration center in each authentication phase using the self-certified public key cryptography have been proposed to enhance security. However, it may cause the single-point failure problem due to the centralized architecture. Besides, user revocation facility is not well resolved in these schemes. To the best of our knowledge, blockchain technology has lots of advantages, bringing a promising solution to the problems of single-point failure and user revocation compared with the traditional cryptography technologies. In this work, we apply the idea of blockchain technology to construct a privacy-awareness authentication scheme for the multi-server environment, which can achieve distributed registry and efficient revocation. Moreover, the proposed scheme not only provides multiple security requirements like mutual authentication, user anonymity and perfect forward secrecy, but also resists various kinds of malicious attacks. The security of the proposed scheme is proved by rigorous formal proof using the random oracle model. Compared with recently related schemes, the proposed scheme has better communication performance, which make it be very suitable for real-life applications.

Shlok Gilda,Tanvi Jain,Aashish Dhalla

DOI: https://doi.org/10.48550/arXiv.2207.02207

2022-07-06

Abstract:Authentication and authorization of a user's identity are generally done by the service providers or identity providers. However, these centralized systems limit the user's control of their own identity and are prone to massive data leaks due to their centralized nature. We propose a blockchain-based identity management system to authenticate and authorize users using attribute-based access control policies and privacy-preserving algorithms and finally returning the control of a user's identity to the user. Our proposed system would use a private blockchain, which would store the re-certification events and data access and authorization requests for users' identities in a secure, verifiable manner, thus ensuring the integrity of the data. This paper suggests a mechanism to digitize documents such as passports, driving licenses, electricity bills, etc., issued by any government authority or other authority in an immutable and secure manner. The data owners are responsible for authenticating and propagating the users' identities as and when needed using the OpenID Connect protocol to enable single sign-on. We use advanced cryptographic algorithms to provide pseudonyms to the users, thus ensuring their privacy. These algorithms also ensure the auditability of transactions as and when required. Our proposed system helps in mitigating some of the issues in the recent privacy debates. The project finds its applications in citizen transfers, inter-country service providence, banks, ownership transfer, etc. The generic framework can also be extended to a consortium of banks, hospitals, etc.

Cryptography and Security