Attribute Signature Identity Authentication Scheme Based on Blockchain and Trusted Execution Environment

Ran Jinhao; Cai Dongliang

doi:10.7544/issn1000-1239.202330268

Journal of Computer Research and Development > 2023 > 60(11): 2555-2566. > DOI: 10.7544/issn1000-1239.202330268

Ran Jinhao, Cai Dongliang. Attribute Signature Identity Authentication Scheme Based on Blockchain and Trusted Execution Environment[J]. Journal of Computer Research and Development, 2023, 60(11): 2555-2566. DOI: 10.7544/issn1000-1239.202330268

Citation:

PDF (1347 KB)

Attribute Signature Identity Authentication Scheme Based on Blockchain and Trusted Execution Environment

Ran Jinhao,
Cai Dongliang^,

School of Computer Science, Fudan University, Shanghai 200433
Shanghai Engineering Research Center of Blockchain (Fudan University), Shanghai 200433
Yiwu Research Institute, Fudan University, Yiwu, Zhejiang 322000

Funds: This work was supported by the National Key Research & Development Program of China (2019YFB2101703)，the National Natural Science Foundation of China (62272107，U19A2066) ，the Innovation Action Plan of Shanghai Science and Technology (21511102200)，the Key-Area Research and Development Program of Guangdong Province (2020B0101090001).

More Information

Author Bio:
Ran Jinhao: born in 1998. Master candidate. His main research interests include blockchain, attribute based encryption, and trusted execution environment

Cai Dongliang: born in 2000. PhD candidate. His main research interests include blockchain, attribute based encryption, and zero-knowledge proof
Received Date: April 02, 2023
Revised Date: June 05, 2023
Available Online: June 25, 2023

Graphical Abstract

Abstract

Abstract

Identity authentication is a technology widely used in the current digital world. In the era of traffic supremacy, a secure and convenient identity authentication solution is crucial for attracting users to application services. Decentralized identity gives users complete control over their identity by using a fully decentralized technology such as blockchain. In order to further improve the security and convenience of identity authentication, an attribute signature authentication scheme based on blockchain and trusted execution environment is proposed. Existing identity verification methods have problems such as heavy management of user identity certificates and insufficient security. Attribute signatures are used by users to generate persistent credentials pointing to application services, and credentials are extensible. In the process of repeatedly expanding credentials, the user is more likely to be implanted with a Trojan horse than a single generation of credentials. The trusted execution environment can provide hardware-level protection during the signing process to avoid the leakage of intermediate parameters. At the same time, the audit of user identity leakage and fraudulent use is realized with a small additional verification cost, which further improves the security of the scheme.
- blockchain,
- trusted execution environment(TEE),
- attribute signature,
- decentralized identity,
- zero-knowledge proof

FullText(HTML)

References (36)

References

[1]	国家互联网信息办公室. 中央网信办等十六部门联合公布国家区块链创新应用试点名[EB/OL]. 2022[2023-02-28]. http://www.cac.gov.cn/2022−01/29/c_1645059212139691.htm Ciberspace Administration of China. Sixteen departments including the central network information office jointly announced the name of the national blockchain innovative application pilot[EB/OL]. 2022[2023-02-28]. http://www.cac.gov.cn/2022−01/29/c_1645059212139691.htm(in Chinese)
[2]	Gayvoronskaya T, Meinel C. Blockchain: Hype or Innovation[M]. Cham, Switzerland: Springer, 2020
[3]	Nakamoto S. Bitcoin: A peer-to-peer electronic cash system[EB/OL]. 2008[2023-02-28]. https://bitcoin.org/bitcoin.pdf
[4]	Haber S, Stornetta W S. How to Time-stamp a Digital Document[M]. Berlin: Springer, 1991
[5]	Dwork C, Naor M. Pricing via processing or combatting junk mail[C] //Proc of the 12th Annual Int Cryptology Conf on Advances in Cryptology. Berlin: Springer, 1993: 139−147
[6]	Back A. Hashcash−a denial of service counter-measure[EB/OL]. 2002[2023-05-23]. http://www.hashcash.org/papers/hashcash.pdf
[7]	Vukolic M. Eventually returning to strong consistency[J]. IEEE Data Engineering Bulletin, 2016, 39(1): 39−44
[8]	国家统计局. 中华人民共和国2022年国民经济和社会发展统计公报[EB/OL]. 2023[2023-02-28]. http://www.stats.gov.cn/xxgk/sjfb/zxfb2020/202302/t20230228_1919001.html National Bureau of Statistics. Statistical Bulletin of the People’s Republic of China on National Economic and Social Development in 2022[EB/OL]. 2023[2023-02-28]. http://www.stats.gov.cn/xxgk/sjfb/zxfb2020/202302/t20230228_1919001.html (in Chinese)
[9]	Avellaneda O, Bachmann A, Barbir A, et al. Decentralized identity: Where did it come from and where is it going?[J]. IEEE Communications Standards Magazine, 2019, 3(4): 10−13 doi: 10.1109/MCOMSTD.2019.9031542
[10]	魏亮,黄振杰,陈群山. 去中心基于属性不可否认签名[J]. 计算机工程与科学,2020,42(6):1003−1011 Wei Liang, Huang Zhenjie, Chen Qunshan. Decentralized attribute-based non-repudiation signature[J]. Computer Engineering and Science, 2020, 42(6): 1003−1011 (in Chinese)
[11]	Dib O, Toumi K. Decentralized identity systems: Architecture, challenges, solutions and future directions[J]. Annals of Emerging Technologies in Computing, 2020, 4(5): 19−40 doi: 10.33166/AETiC.2020.05.002
[12]	Dell’Amico M, Michiardi P, Roudier Y. Password strength: An empirical analysis[C] //Proc of IEEE INFOCOM 2010. Piscataway, NJ: IEEE, 2010: 1−9
[13]	Maler E, Reed D. The venn of identity: Options and issues in federated identity management[J]. IEEE Security & Privacy, 2008, 6(2): 16−23
[14]	Groß T. Security analysis of the SAML single sign-on browser/artifact profile[C] //Proc of 19th Annual Computer Security Applications Conf. Piscataway, NJ: IEEE, 2003: 298−307
[15]	Hardt D. The OAuth 2.0 authorization framework[EB/OL]. 2012[2023-05-30]. https://www.rfc-editor.org/rfc/rfc6749
[16]	Naik N, Jenkins P. uPort open-source identity management system: An assessment of self-sovereign identity and user-centric data platform built on blockchain[C] //Proc of 2020 IEEE Int Symp on Systems Engineering (ISSE). Piscataway, NJ: IEEE, 2020: 1−7
[17]	Ali M, Nelson J, Shea R, et al. Blockstack: A global naming and storage system secured by blockchains[C] //Proc of the 2016 USENIX Annual Technical Conf. Berkeley, CA: USENIX Association, 2016: 181−194
[18]	Maram D, Malvai H, Zhang Fan, et al. Candid: Can-do decentralized identity with legacy compatibility, sybil-resistance, and accountability[C] //Proc of 2021 IEEE Symp on Security and Privacy (SP). Piscataway, NJ: IEEE, 2021: 1348−1366
[19]	袁和昕,刘百祥,阚海斌,等. 基于区块链和去中心不可否认属性签名的分布式公钥基础设施方案[J]. 中国科学:信息科学,2022,52(6):1135−1148 Yuan Hexin, Liu Baixiang, Kan Haibin, et al. Distributed public key infrastructure scheme based on blockchain and decentralized non-repudiation attribute signature[J]. SCIENTIA SINICA Informationis, 2022, 52(6): 1135−1148 (in Chinese)
[20]	Alangot B, Szalachowski P, Dinh T T A, et al. Decentralized identity authentication with auditability and privacy[J]. Algorithms, 2022, 16(1): 4−25 doi: 10.3390/a16010004
[21]	Mckeen F , Alexandrovich I , Berenzon A , et al. Innovative instructions and software model for isolated execution[C/OL] //Proc of the 2nd Int Workshop on Hardware and Architectural Support for Security and Privacy. New York: ACM, 2013.[2023-05-30]. https://doi.org/10.1145/2487726.2488368
[22]	Hoekstra M , Lal R , Pappachan P , et al. Using innovative instructions to create trustworthy software solutions[C/OL] //Proc of the 2nd Int Workshop on Hardware and Architectural Support for Security and Privacy. New York: ACM, 2013[2023-05-30]. https://doi.org/10.1145/2487726.2488370
[23]	Weisse O, Bertacco V, Austin T. Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves[J]. ACM SIGARCH Computer Architecture News, 2017, 45(2): 81−93 doi: 10.1145/3140659.3080208
[24]	Zhang F, Cecchetti E, Croman K, et al. Town crier: An authenticated data feed for smart contracts[C] //Proc of the 2016 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2016: 270−282
[25]	Dong Chuntao, Shen Qingni, Ding Xuhua, et al. T-Counter: Trustworthy and efficient CPU resource measurement using SGX in the cloud[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(1): 867−885 doi: 10.1109/TDSC.2022.3145814
[26]	Schuster F, Costa M, Fournet C, et al. VC3: Trustworthy data analytics in the cloud using SGX[C] //Proc of 2015 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2015: 38−54
[27]	Song Tianlin, Wang Wei, Lang Fan, et al. P2A: Privacy preserving anonymous authentication based on blockchain and SGX[C] //Proc of the 16th Int Conf on Information Security and Cryptology. Berlin: Springer, 2021: 257−276
[28]	Zhao Bo, Xiao Yu, Huang Yuqing, et al. A private user data protection mechanism in TrustZone architecture based on identity authentication[J]. Tsinghua Science and Technology, 2017, 22(2): 218−225 doi: 10.23919/TST.2017.7889643
[29]	ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985, 31(4): 469−472 doi: 10.1109/TIT.1985.1057074
[30]	Damgård I. On Σ-protocols[EB/OL]. 2002[2023-05-30]. https://www.cs.au.dk/~ivan/Sigma.pdf
[31]	Schnorr C P. Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991, 4: 161−174 doi: 10.1007/BF00196725
[32]	Fiat A, Shamir A. How to prove yourself: Practical solutions to identification and signature problems[C]//Proc on Advances in Cryptology (CRYPTO’86). Berlin: Springer, 1987: 186−194
[33]	Zhang Qiong, Wang Yuke, Jue J P. A key management scheme for hierarchical access control in group communication[J]. International Journal of Network Security, 2008, 7(3): 323−334
[34]	Garg N, Wazid M, Das A K, et al. BAKMP-IoMT: Design of blockchain enabled authenticated key management protocol for Internet of medical things deployment[J]. IEEE Access, 2020, 8: 95956−95977 doi: 10.1109/ACCESS.2020.2995917
[35]	Ahmad S, Mehfuz S, Beg J. Cloud security framework and key management services collectively for implementing DLP and IRM[J]. Materials Today:Proceedings, 2022, 62(7): 4828−4836
[36]	Edgeless Systems. EGo [EB/OL]. [2023-02-28]. https://github.com/edgelesssys/ego

[1]	Hao Jiakun, Xiang Peng, He Yifei, Gao Jianbo, Guan Zhi, Xie Anming, Chen Zhong. Cross-Domain Data Trading System Based on Decentralized Identity[J]. Journal of Computer Research and Development, 2024, 61(10): 2570-2586. DOI: 10.7544/issn1000-1239.202440456
[2]	Zhang Chuan, Wang Zihao, Liang Jinwen, Liu Mengxuan, Deng Haotian, Zhu Liehuang. A Privacy-Preserving Data Element Trading Audit Scheme for Cross-Consortium-Blockchains[J]. Journal of Computer Research and Development, 2024, 61(10): 2540-2553. DOI: 10.7544/issn1000-1239.202440472
[3]	Zhang Zhanpeng, Li Kexin, Kan Haibin. An Open Blockchain Oracle Scheme Based on Decentralized Identity[J]. Journal of Computer Research and Development, 2023, 60(11): 2489-2503. DOI: 10.7544/issn1000-1239.202330200
[4]	Jiang Yihan, Li Yong, Zhu Yan. ACT: Auditable Confidential Transaction Scheme[J]. Journal of Computer Research and Development, 2020, 57(10): 2232-2240. DOI: 10.7544/issn1000-1239.2020.20200400
[5]	He Simeng, Yang Chao, Jiang Qi, Yang Li, Ma Jianfeng. Deduplication on Encrypted Data Based on Zero-Knowledge Proof and Key Transmission[J]. Journal of Computer Research and Development, 2018, 55(6): 1222-1235. DOI: 10.7544/issn1000-1239.2018.20170415
[6]	Zhang Pingyuan, Jiang Han, Cai Jie, Wang Chenguang, Zheng Zhihua, Xu Qiuliang. Recent Advances in Lattice-Based Cryptography[J]. Journal of Computer Research and Development, 2017, 54(10): 2121-2129. DOI: 10.7544/issn1000-1239.2017.20170628
[7]	Long Yu, Xu Xian, Chen Kefei. Two Identity Based Threshold Cryptosystem with Reduced Trust in PKG[J]. Journal of Computer Research and Development, 2012, 49(5): 932-938.
[8]	Zeng Xiao, Chen Zhenyong, Chen Ming, and Xiong Zhang. Invertible Image Watermarking Based on Zero Coefficient Index[J]. Journal of Computer Research and Development, 2010, 47(7): 1304-1312.
[9]	Xu Wenli, Yu Yeyun, Wang Yumin. Secure and Efficient Protocols for Watermark Verification[J]. Journal of Computer Research and Development, 2008, 45(3): 557-562.
[10]	Qin Bo, Qin Hui, Wang Shangping, Wang Yumin. A Practical Electronic Auction with Bids Confidential[J]. Journal of Computer Research and Development, 2006, 43(1): 28-32.

Cited By

Cited by

Periodical cited type(6)

1.	张晶辉，张起嘉，刘海，田有亮，李凤华. 面向数据出域安全的鲁棒认证密钥协商协议. 通信学报. 2025(02): 29-43 .
2.	孔燕燕，江明明，闫一然，葛徽. 格上高效的支持多属性机构属性签名方案. 淮北师范大学学报(自然科学版). 2025(01): 56-61 .
3.	徐鑫，高金，张千舸，于迎梅，杨景超. 基于AES加密的区块链节点授信与身份共识研究. 新乡学院学报. 2024(06): 34-39 .
4.	王波，徐昊. 多租户虚拟专用网跨域单点登录认证方法仿真. 计算机仿真. 2024(09): 407-411 .
5.	杨光. 融合支持向量内积与模糊搜索算法的区块链安全管理方法研究. 伊犁师范大学学报(自然科学版). 2024(03): 65-70 .
6.	Jing He，Xiaofeng Ma，Dawei Zhang，Feng Peng. Supervised and revocable decentralized identity privacy protection scheme. Security and Safety. 2024(04): 113-135 .