Abstract
Nowadays, most of the federation chain identity authentication adopts the certificate authentication of CA (Certification Authority) under PKI (Public Key Infrastructure) system, but the authentication of CA is one-way authentication, and users cannot evaluate the trustworthiness of CA, and its centralized structure is prone to the single point of failure, which will bring great security risks. To address this problem, we propose an efficient and reliable two-way authentication scheme to achieve membership authentication of the federated chain through elliptic curves and bilinear pairs. Membership authentication is performed directly by the federated chain supervisor through smart contracts, and then key negotiation is conducted among members, and the shared key determined after key negotiation generates a hash digest through a hash function as the unique transaction address of the federated chain members. This scheme can effectively solve the problems of CA one-way authentication and the easy failure of centralized CA. Through experimental and theoretical analysis, the scheme is able to resist multiple attacks and performs better in terms of overhead compared with the same type of protocol. We also design a scheme using Lagrangian interpolation to cope with the necessary key recovery and key update.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
The data that support the findings of this study are available from the corresponding author upon reasonable request.
References
Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system. Decentralized Business Review p 21260
Wood G et al (2014) Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151(2014):1–32
Androulaki E, Barger A, Bortnikov V, et al (2018) Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the Thirteenth EuroSys Conference, pp 1–15
Perlman R (1999) An overview of pki trust models. IEEE Netw 13(6):38–43
Adkins H (2011) An update on attempted man-in-the-middle attacks
Ducklin P (2013) The turktrust ssl certificate fiasco-what really happened, and what happens next. SOPHOS 8
Constantin L (2012) Trustwave admits issuing man-in-the-middle digital certificate; mozilla debates punishment. Comput World
Keizer G (2011) Solo iranian hacker takes credit for comodo certificate attack. Comput World
31-MAR-2011 U (2011) Comodo detected and thwarted an intrusion on 26-mar-2011. https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
Prins JR (2011) Diginotar certificate authority breach - operation blacktulip. https://tweakimg.net/files/upload/Operation+Black+Tulip+v1.0.pdf
O’Brien D, Sleevi R, Whalley A (2017) Chrome plan to distrust symantec certificates. https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
Kakei S, Shiraishi Y, Mohri M et al (2020) Cross-certification towards distributed authentication infrastructure: a case of hyperledger fabric. IEEE Access 8(135):742–757
Sermpinis T, Vlahavas G, Karasavvas K et al (2021) Detract: a decentralized, transparent, immutable and open pki certificate framework. Int J Inf Secur 20(4):553–570
Zhao B, Xiao Y, Huang Y et al (2017) A private user data protection mechanism in trustzone architecture based on identity authentication. Tsinghua Sci Technol 22(2):218–225
Blanchet B, Smyth B, Cheval V et al (2018) Proverif 2.00: automatic cryptographic protocol verifier, user manual and tutorial. Version From pp 5–16
Wan C, Zhang J (2016) Identity-based key management for wireless sensor networks using lagrange interpolation. Secur Commun Netw 9(16):3713–3723
Namasudra S, Deka GC, Johri P et al (2021) The revolution of blockchain: State-of-the-art and research challenges. Arch Comput Methods Eng 28(3):1497–1515. https://doi.org/10.1007/s11831-020-09426-0
Sharma P, Moparthi NR, Namasudra S et al (2021) Blockchain-based iot architecture to secure healthcare system using identity-based encryption. Expert Syst. https://doi.org/10.1111/EXSY
Kumar R, Tripathi R (2021) Towards design and implementation of security and privacy framework for internet of medical things (iomt) by leveraging blockchain and ipfs technology. J Supercomput 77(8):7916–7955
Namasudra S, Sharma P, Crespo RG et al (2022) Blockchain-based medical certificate generation and verification for iot-based healthcare systems. IEEE Consum Electron Mag. https://doi.org/10.1109/MCE.2021.3140048
Kumar R, Tripathi R, Marchang N et al (2021) A secured distributed detection system based on ipfs and blockchain for industrial image and video data security. J Parallel Distrib Comput 152:128–143
Kumar A, Abhishek K, Shah K et al (2021) A novel elliptic curve cryptography-based system for smart grid communication. Int J Web Grid Serv 17(4):321–342
Kumar P, Kumar R, Srivastava G et al (2021) Ppsf: a privacy-preserving and secure framework using blockchain-based machine-learning for iot-driven smart cities. IEEE Trans Netw Sci Eng 8(3):2326–2341
Chen Y, Martínez JF, Castillejo P et al (2019) A bilinear map pairing based authentication scheme for smart grid communications: pauth. IEEE Access 7(226):33–43. https://doi.org/10.1109/access.2019.2898376
Wu TY, Lee YQ, Chen CM et al (2021) An enhanced pairing-based authentication scheme for smart grid communications. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-020-02740-2
Lee NY, Wu CN, Wang CC (2008) Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings. Comput Electr Eng 34(1):12–20. https://doi.org/10.1016/j.compeleceng.2006.11.005
Hölbl M, Welzer T, Brumen B (2010) Two proposed identity-based three-party authenticated key agreement protocols from pairings. Comput Secur 29(2):244–252. https://doi.org/10.1016/j.cose.2009.08.006
Zhao D, Peng H, Li S, et al (2013) An efficient dynamic id based remote user authentication scheme using self-certified public keys for multi-server environment. arXiv preprint arXiv:1305.6350
Xu Y, Zhang C, Wang G et al (2020) A blockchain-enabled deduplicatable data auditing mechanism for network storage services. IEEE Trans Emerg Top Comput 9(3):1421–1432. https://doi.org/10.1109/tetc.2020.3005610
Zhao Q, Chen S, Liu Z et al (2020) Blockchain-based privacy-preserving remote data integrity checking scheme for iot information systems. Inf Process Manag 57(6):102–355. https://doi.org/10.1016/j.ipm.2020.102355
Ye N, Zhu Y, Rc Wang et al (2014) An efficient authentication and access control scheme for perception layer of internet of things. Appl Math Inf Sci. https://doi.org/10.12785/amis/080416
Wang W, Huang H, Zhang L et al (2020) Secure and efficient mutual authentication protocol for smart grid under blockchain. Peer-to-Peer Netw Appl 14(5):2681–2693. https://doi.org/10.1007/s12083-020-01020-2
Castiglione A, De Santis A, Masucci B (2016) Key indistinguishability versus strong key indistinguishability for hierarchical key assignment schemes. IEEE Trans Dependable Secure Comput 13(4):451–460. https://doi.org/10.1109/TDSC.2015.2413415
Xu G, Dong J, Ma C (2020) A certificateless encryption scheme based on blockchain. Peer-to-Peer Netw Appl 14(5):2952–2960. https://doi.org/10.1007/s12083-021-01147-w
LaMacchia B, Lauter K, Mityagin A (2007) Stronger security of authenticated key exchange. In: International conference on provable security, Springer, pp 1–16
Sureshkumar V, Amin R, Anitha R (2017) An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment. Int J Commun Syst 30(17):e3358.1-e3358.16. https://doi.org/10.1002/dac.3358
Ruhul A, Islam SK, Pandi V et al (2017) A robust and efficient bilinear pairing based mutual authentication and session key verification over insecure communication. Multimed Tools Appl 77(9):11041–11066. https://doi.org/10.1007/s11042-017-4996-z
Fatemeh AS, Shaghayegh BC (2022) A cloud-based mobile payment system using identity-based signature providing key revocation. J Supercomput 78:2503–2527. https://doi.org/10.1007/s11227-021-03830-4
Doreswamy MK, Hooshmand IG (2020) Feature selection approach using ensemble learning for network anomaly detection. CAAI Trans Intell Technol 5(4):283–293. https://doi.org/10.1049/trit.2020.0073
Namasudra S (2020) Fast and secure data accessing by using dna computing for the cloud environment. IEEE Trans Serv Comput. https://doi.org/10.1109/TSC.2020.3046471
Ndichu S, Kim S, Ozawa S (2020) Deobfuscation, unpacking, and decoding of obfuscated malicious javascript for machine learning models detection performance improvement. CAAI Trans Intell Technol 5(3):184–192
Alguliyev RM, Aliguliyev RM, Sukhostat LV (2020) Efficient algorithm for big data clustering on single machine. CAAI Trans Intell Technol 5(1):9–14
Kumar R, Tripathi R (2021) Dbtp2sf: a deep blockchain-based trustworthy privacy-preserving secured framework in industrial internet of things systems. Trans Emerg Telecommun Technol 32(4):e4222
Kumar P, Kumar R, Gupta GP et al (2021) A distributed framework for detecting ddos attacks in smart contract-based blockchain-iot systems by leveraging fog computing. Trans Emerg Telecommun Technol 32(6):e4112
Kumar R, Kumar P, Tripathi R et al (2021) Sp2f: a secured privacy-preserving framework for smart agricultural unmanned aerial vehicles. Comput Netw 187(107):819
Kumar R, Tripathi R (2021) Scalable and secure access control policy for healthcare system using blockchain and enhanced bell-lapadula model. J Ambient Intell Humaniz Comput 12(2):2321–2338
Kumar R, Marchang N, Tripathi R (2021) Smdsb: Efficient off-chain storage model for data sharing in blockchain environment. Machine Learning and Information Processing. Springer, Singapore, pp 225–240
Acknowledgements
This study was supported by 1.2020 Key Project of Natural Science Research in Anhui Universities(KJ2020A0106).2.2020 Quality Project of Anhui Province(2020kfkc 185).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Li, Y., Xu, M. & Xu, G. Blockchain-based mutual authentication protocol without CA. J Supercomput 78, 17261–17283 (2022). https://doi.org/10.1007/s11227-022-04558-5
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-022-04558-5