一种基于区块链的多应用证书系统模型被引量：2

A Blockchain-based Multi-Application Certificate System Model

下载PDF

导出

摘要实现跨行业和跨平台的资源整合是当前社会发展的新趋势,集成的多应用证书管理系统能够提供多个行业的身份认证服务。传统中心化的公钥基础设施认证体系由于存在单点故障问题,给行业和用户带来了系统性风险。针对多行业的安全认证问题,利用去中心化和防篡改的分布式区块链技术构建一种多应用证书系统模型BMCS。该模型在区块链中构建跨行业的分布式信任结构,在获得多行业授权的BMCS区块链网络上部署各行业管理证书操作的智能合约,同时利用多应用文件系统在终端设备上存储多行业证书。实验结果表明,BMCS模型能够实现多行业证书的全生命周期管理,同时避免传统认证系统中的单点故障问题,能够为多行业终端设备的身份认证提供系统性的安全保障,实现具有低成本和高效性的证书服务。 It is a new trend of society development to realize cross-industry and cross-platform resource integration,the integrated multi-application certificate management systems should be able to provide identity authentication for multiple industries.However,the single point of failure of traditional centralized Public Key Infrastructure(PKI)authentication systems pose a systematic threat to industries and users.To address the security authentication problem of multiple industries,this paper uses the decentralized and tamper-resistant blockchain technology to construct a multi-application certificate system model,BMCS.The model establishes a cross-industry distributed trust structure in blockchain,and deploys multiple smart contracts on the BMCS blockchain network that has been authorized by multiple industries,so as to manage the certificate operations in industries.Also,the multi-application file system is used to realize the storage of multi-industry certificates on terminal devices.Experimental results show that BMCS can achieve the life-cycle management of multi-industry certificates and avoid the single point of failure in traditional authentication systems.It can ensure systematic security for the identity authentication of terminal devices in multiple industries,reduce the cost and improve the efficiency of certificate services.

作者刘亚雪杨小宝刘圆惠小强 LIU Yaxue;YANG Xiaobao;LIU Yuan;XI Xiaoqiang(School of Electronic Engineering,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;Institute of Internet of Things and IT-based Industrialization,Xi’an University of Posts and Telecommunications,Xi’an 710061,China)

机构地区西安邮电大学电子工程学院西安邮电大学物联网与两化融合研究院

出处《计算机工程》 CAS CSCD 北大核心 2020年第9期44-53,共10页 Computer Engineering

基金国家自然科学基金(61741216)。

关键词区块链技术多应用设备证书系统分布式信任结构智能合约单点故障 blockchain technology multi-application devices certificate system distributed trust structure smart contract single point of failure

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献3

1冒小乐,陈鼎洁,孙国梓.基于区块链的电子数据存证的设计与实现[J].中兴通讯技术,2018,24(6):28-34. 被引量：10
2杨小宝,谢璇,肖跃雷.一种多应用智能卡数据的保护方法[J].电视技术,2015,39(14):25-30. 被引量：2
3张亮,刘百祥,张如意,江斌鑫,刘一江.区块链技术综述[J].计算机工程,2019,45(5):1-12. 被引量：272

二级参考文献21

1BANASZAK B, RODZIEWICZ K. Trust and security, digital citi- zen cards in Poland [M]. [S.1.]:Springer Berlin Heidelberg, 2004.
2MARKANTONAKIS K, TUNSTALI, M, HANCKE G, et al. At- tacking smart card systems:theory and practice[J]. Information Se- curity Technical Report, 2009, 14(2): 46-56.
3STANDAERT F X. Introduction to side-channel attacks[M].[S.1.]: Springer Berlin Heidelberg, 2010.
4SOOD S K. An Improved and secure smart card based dynamic identity authentication protocol[J]. IJ Network Security, 2012, 14 (1): 39-46.
5LU C,SANTOS A L M, PIMENTEL F R. Implementation of fast RSA key generation on smart eards[C]//Proc. 2002 ACM sympo- sium on Applied computing.[S.l.] : ACM Press, 2002: 214-220.
6PLATFORM G. Global platform card specifications, version 2.2 [S]. 2006.
7ISO/IEC7816-4:2005 (E) , ldentifieation cards - Integrated cir- euit cards - Part 4: Organization security and commands for in- terchange[S]. 2005.
8NIU Y C. Fast implementation of publie key eryptographic algo- rithm sm2 based on elliptic curves[D]. Jinan: Shandong Universi-ty, 2013.
9MALAN D J, WELSH M, SMITH M D. A public-key infrastruc- ture for key distribution in TinyOS based on elliptic curve cryp- tography[C]//Proc. 2004 First Annual IEEE Communications Soci- ety Conference on Sensor and Ad Hoc Communications and Net- works. [S.I.]:IEEE Press, 2004: 71-80.
10JOHNSON D, MENEZES A, VANSTONE S. The elliptic curve digital signature algorithm (ECDSA)[J]. International Journal of Information Security, 2001, 1 (1 ) : 36-63.