Yuan Su;Yuheng Wang;Jiliang Li;Zhou Su;Witold Pedrycz;Qinnan Hu
{"title":"Oracle Based Privacy-Preserving Cross-Domain Authentication Scheme","authors":"Yuan Su;Yuheng Wang;Jiliang Li;Zhou Su;Witold Pedrycz;Qinnan Hu","doi":"10.1109/TSUSC.2024.3350343","DOIUrl":null,"url":null,"abstract":"The Public Key Infrastructure (PKI) system is the cornerstone of today’s security communications. All users in the service domain covered by the same PKI system are able to authenticate each other before exchanging messages. However, there is identity isolation in different domains, making the identity of users in different domains cannot be recognized by PKI systems in other domains. To achieve cross-domain authentication, the consortium blockchain system is leveraged in the existing schemes. Unfortunately, the consortium blockchain-based authentication schemes have the following challenges: high cost, privacy concerns, scalability and economic unsustainability. To solve these challenges, we propose a scalable and privacy-preserving cross-domain authentication scheme called Bifrost-Auth. Firstly, Bifrost-Auth is designed to use a decentralized oracle to directly interact with blockchains in different domains instead of maintaining a consortium blockchain and enables mutual authentication for users lying in different domains. Secondly, users can succinctly authenticate their membership of the domain by the accumulator technique, where the membership proof is turned into zero knowledge to protect users’ privacy. Finally, Bifrost-Auth is proven to be secure against various attacks, and thorough experiments are carried out and demonstrate the security and efficiency of Bifrost-Auth.","PeriodicalId":13268,"journal":{"name":"IEEE Transactions on Sustainable Computing","volume":"9 4","pages":"602-614"},"PeriodicalIF":3.0000,"publicationDate":"2024-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Sustainable Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10381788/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
The Public Key Infrastructure (PKI) system is the cornerstone of today’s security communications. All users in the service domain covered by the same PKI system are able to authenticate each other before exchanging messages. However, there is identity isolation in different domains, making the identity of users in different domains cannot be recognized by PKI systems in other domains. To achieve cross-domain authentication, the consortium blockchain system is leveraged in the existing schemes. Unfortunately, the consortium blockchain-based authentication schemes have the following challenges: high cost, privacy concerns, scalability and economic unsustainability. To solve these challenges, we propose a scalable and privacy-preserving cross-domain authentication scheme called Bifrost-Auth. Firstly, Bifrost-Auth is designed to use a decentralized oracle to directly interact with blockchains in different domains instead of maintaining a consortium blockchain and enables mutual authentication for users lying in different domains. Secondly, users can succinctly authenticate their membership of the domain by the accumulator technique, where the membership proof is turned into zero knowledge to protect users’ privacy. Finally, Bifrost-Auth is proven to be secure against various attacks, and thorough experiments are carried out and demonstrate the security and efficiency of Bifrost-Auth.