首页 | 本学科首页   官方微博 | 高级检索  
     

基于改进PBFT算法的PKI跨域认证方案
引用本文:钱思杰,陈立全,王诗卉. 基于改进PBFT算法的PKI跨域认证方案[J]. 网络与信息安全学报, 2020, 6(4): 37-44. DOI: 10.11959/j.issn.2096-109x.2020042
作者姓名:钱思杰  陈立全  王诗卉
作者单位:1. 东南大学信息科学与工程学院,江苏 南京 210096;2. 东南大学网络空间安全学院,江苏 南京 210096;3. 紫金山实验室,江苏 南京 211100
基金项目:国家自然科学基金(61571110)
摘    要:为解决现有公钥基础设施跨域认证方案的效率问题,利用具有分布式和不易被篡改优点的区块链技术,提出基于联盟区块链的跨域认证方案。一方面,该方案对联盟链在传统实用拜占庭共识算法(PBFT)的基础上加入了节点动态增减功能;改进了主节点选举方式;将三阶段广播缩减为两阶段广播,减少了通信开销。另一方面,该方案设计了联盟链跨域认证协议,给出了区块链证书格式,描述了跨域认证协议,并进行了安全和效率分析。分析表明,在安全方面,该方案具有抵抗分布式攻击等安全属性;在效率方面,与已有跨域认证方案相比,该方案在计算开销上、通信开销上都有优势。

关 键 词:跨域认证  区块链  拜占庭容错算法  公钥基础设施

PKI cross-domain authentication scheme based on advanced PBFT algorithm
Sijie QIAN,Liquan CHEN,Shihui WANG. PKI cross-domain authentication scheme based on advanced PBFT algorithm[J]. Chinese Journal of Network and Information Security, 2020, 6(4): 37-44. DOI: 10.11959/j.issn.2096-109x.2020042
Authors:Sijie QIAN  Liquan CHEN  Shihui WANG
Affiliation:1. School of Information Science and Engineering,Southeast University,Nanjing 210096,China;2. School of Cyber Science and Engineering,Southeast University,Nanjing 210096,China;3. Purple Mountain Laboratories,Nanjing 211100,China
Abstract:In order to solve the efficiency problem of the existing public key infrastructure cross-domain authentication scheme,a cross-domain authentication model based on the consortium blockchain which has the advantages of distributed and difficult to be tamperd with was proposed.On the one hand,the dynamic join and exit function was added to the practical Byzantine fault tolerant (PBFT) algorithm,the primary node election mode was improved,and the three-stage broadcast was reduced to two-stage broadcast for the reducation of communication overhead.On the other hand,the cross-domain authentication system architecture based on consortium chain was designed,the blockchain certificate format and the cross-domain authentication protocol were presented,the security and efficiency were analyzed.The results shows that in term of security,the proposed model has security attributes such as resisting distributed attacks.In terms of performance,the proposed model has advantages in both computational overhead and communication overhead when it was compared with the existing cross-domain authentication schemes.
Keywords:cross-domain authentication  blockchain  Byzantine fault tolerant algorithm  public key infrastructure  
本文献已被 维普 等数据库收录!
点击此处可从《网络与信息安全学报》浏览原始摘要信息
点击此处可从《网络与信息安全学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号