PPCA: Privacy-Preserving Continuous Authentication Scheme With Consistency Proof for Zero-Trust Architecture Networks

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Internet of Things Journal Pub Date : 2025-02-03 DOI:10.1109/JIOT.2025.3537980

Tianqi Wu;Guyue Li;Jiaheng Wang;Bin Xiao;Yubo Song

{"title":"PPCA: Privacy-Preserving Continuous Authentication Scheme With Consistency Proof for Zero-Trust Architecture Networks","authors":"Tianqi Wu;Guyue Li;Jiaheng Wang;Bin Xiao;Yubo Song","doi":"10.1109/JIOT.2025.3537980","DOIUrl":null,"url":null,"abstract":"Continuous authentication (CA) has been widely applied by network service providers to verify user identities in finance, healthcare, and e-commerce fields. However, in next-generation networks, CA faces the risk of user privacy leakage due to its dependence on a verifier-centric authentication model, and verifiers may not always be trustworthy, particularly in zero-trust architecture networks. Existing privacy protection schemes face challenges in solving this problem because these schemes will weaken the linkability of context requests, leading to difficulties in consistency checks for fine-grained CA. To fill the gap, this article proposes a privacy-preserving CA (PPCA) scheme by incorporating anonymous self-sovereign identity and fine-grained CA. Specifically, PPCA exploits subset proof to enable users to reveal only the minimum necessary identity data for selective disclosure. To support fine-grained CA, we construct a new consistency proof for the anonymous user to prove that the different credentials are bound to the same attributes set, where the user is responsible for deciding whether to send the consistency proof. PPCA is formalized, defined, and constructed based on BLS signatures, Set Commitment, and Sigma Protocol. The security analysis shows that PPCA is correct and sound and supports user anonymity and credential consistency at the same time. The performance evaluation shows that PPCA requires only minimal additional time cost, achieving an optimal balance between security and efficiency.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 11","pages":"17596-17609"},"PeriodicalIF":8.9000,"publicationDate":"2025-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10870196/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Continuous authentication (CA) has been widely applied by network service providers to verify user identities in finance, healthcare, and e-commerce fields. However, in next-generation networks, CA faces the risk of user privacy leakage due to its dependence on a verifier-centric authentication model, and verifiers may not always be trustworthy, particularly in zero-trust architecture networks. Existing privacy protection schemes face challenges in solving this problem because these schemes will weaken the linkability of context requests, leading to difficulties in consistency checks for fine-grained CA. To fill the gap, this article proposes a privacy-preserving CA (PPCA) scheme by incorporating anonymous self-sovereign identity and fine-grained CA. Specifically, PPCA exploits subset proof to enable users to reveal only the minimum necessary identity data for selective disclosure. To support fine-grained CA, we construct a new consistency proof for the anonymous user to prove that the different credentials are bound to the same attributes set, where the user is responsible for deciding whether to send the consistency proof. PPCA is formalized, defined, and constructed based on BLS signatures, Set Commitment, and Sigma Protocol. The security analysis shows that PPCA is correct and sound and supports user anonymity and credential consistency at the same time. The performance evaluation shows that PPCA requires only minimal additional time cost, achieving an optimal balance between security and efficiency.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

PPCA：零信任体系网络中具有一致性证明的隐私保护连续认证方案

持续认证（CA）已被网络服务提供商广泛应用于金融、医疗、电子商务等领域的用户身份验证。然而，在下一代网络中，由于CA依赖于以验证者为中心的身份验证模型，因此面临用户隐私泄露的风险，并且验证者可能并不总是值得信赖的，特别是在零信任架构网络中。现有的隐私保护方案在解决这一问题时面临挑战，因为这些方案会削弱上下文请求的可链接性，导致细粒度CA的一致性检查困难。为了填补这一空白，本文提出了一种隐私保护CA （PPCA）方案，该方案将匿名自主权身份和细粒度CA结合在一起。具体而言，PPCA利用子集证明，使用户能够仅显示最小必要的身份数据以进行选择性披露。为了支持细粒度CA，我们为匿名用户构造了一个新的一致性证明，以证明不同的凭据绑定到相同的属性集，其中用户负责决定是否发送一致性证明。PPCA是基于BLS签名、Set Commitment和Sigma协议形式化、定义和构建的。安全性分析表明，PPCA算法正确、可靠，同时支持用户匿名性和凭证一致性。性能评估表明，PPCA只需要最小的额外时间成本，实现了安全性和效率之间的最佳平衡。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.