基于区块链的物联网可追踪匿名跨域认证方案  

作　　者：汪秋丽 任志宇[1] 吴翔宇 管秋国 王海超 WANG Qiuli;REN Zhiyu;WU Xiangyu;GUAN Qiuguo;WANG Haichao(School of Cryptography Engineering,Information Engineering University,Zhengzhou 450001,China;National Computer Network Emergency Response Technical Team/Coordination Center of Jiangsu,Nanjing 210000,China)

机构地区：[1]信息工程大学密码工程学院,郑州450001 [2]国家计算机网络应急技术处理协调中心江苏分中心,南京210000

出　　处：《计算机科学》2025年第5期337-344,共8页Computer Science

基　　金：中原科技创新领军人才项目(224200510003)。

摘　　要：随着物联网技术的广泛应用,跨域信息共享需求日益迫切,跨域身份认证方案是确保跨域安全协作的基础。基于设备真实身份实现跨域认证存在隐私泄露的风险,而匿名认证方案又存在难以追踪恶意设备的隐患。针对上述问题,基于区块链技术提出了可追踪匿名跨域认证方案。结合单向哈希链和无证书密码,为设备生成多个无关联的假名身份及对应的公私钥对,利用动态累加器计算变更后的域信息,每次跨域认证使用不同的假名,依据域信息与密钥生成中心颁发的跨域凭证进行身份认证,既保护了设备隐私,又可以恢复恶意设备的真实身份,对其追责。BAN逻辑正确性分析和形式化安全证明表明,所提方案具有较高的安全性;与其他方案相比,认证过程中的计算开销和通信开销较低。With the wide application of Internet of things technology,there is an increasing demand for cross-domain information sharing,and cross-domain authentication scheme is the foundation for ensuring cross-domain secure collaboration.Realizing cross-domain authentication based on the real identity of the device has the risk of privacy leakage,while the anonymous authentication scheme has the hidden danger of making it difficult to track malicious devices.To address the above problems,a traceable and anonymous cross-domain authentication scheme based on blockchain technology is proposed.Combining one-way hash chain and certificateless cryptography,multiple unrelated pseudonym identities and corresponding public-private key pairs are generated for the device.Dynamic accumulator is used to calculate the changed domain information.Different pseudonyms are used for each cross-domain authentication,and identity authentication is performed based on the domain information and the cross-domain credentials issued by the key generation center,which not only protects the privacy of the device,but also recovers the real identity of the malicious device and holds them accountable.BAN Logic Correctness analysis and formal security proofs show that the proposed scheme has high security.Compared with other schemes,the calculation cost and communication cost in authentication process are lower.

关 键 词：跨域认证 可追踪性和匿名性 单向哈希链 动态累加器 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]