计算机科学与探索 ›› 2023, Vol. 17 ›› Issue (9): 1995-2014.DOI: 10.3778/j.issn.1673-9418.2211004

• 前沿·综述 • 上一篇    下一篇

面向区块链的物联网终端跨域认证方法综述

霍炜,张琼露,欧嵬,韩文报   

  1. 1. 清华大学 计算机科学与技术系,北京 100084
    2. 中国科学院 信息工程研究所 信息安全国家重点实验室,北京 100093
    3. 海南大学 网络空间安全学院(密码学院),海口 570228
  • 出版日期:2023-09-01 发布日期:2023-09-01

Survey on Blockchain-Based Cross-Domain Authentication for Internet of Things Terminals

HUO Wei, ZHANG Qionglu, OU Wei, HAN Wenbao   

  1. 1. Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
    2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
    3. School of Cyberspace Security (School of Cryptology), Hainan University, Haikou 570228, China
  • Online:2023-09-01 Published:2023-09-01

摘要: 物联网终端设备分布广、数量多、层次复杂,并且涉及多个管理域,常处于不可控的环境中,相比于传统互联网终端,更容易受到攻击,其安全管控面临着更为巨大的风险与挑战。身份认证作为物联网终端安全防护的“第一道防线”,对物联网安全发展起着不可替代的作用。区块链具有去中心化、分布式、不易篡改、可追溯等特点优势,能够有效解决物联网终端跨域身份认证中存在的可信第三方单点信任失效,多域异构性难以满足最小授权原则等安全问题,使用区块链技术是物联网终端跨域认证未来发展的重要方向。按照融合了PKI和IBS/IBC等传统身份认证机制、采用跨链技术以及基于区块链的跨域认证技术三种类别,对近年来基于区块链的物联网终端跨域认证主要研究成果进行了分类和总结,并对不同方案进行了技术特点及优缺点分析。在此基础上,总结归纳了目前物联网终端跨域认证领域存在的问题,并给出了物联网终端跨域认证未来的研究方向和发展建议,以实现对基于区块链的物联网终端跨域认证方案研究进展和发展趋势的总体把握。

关键词: 物联网, 跨域认证, 区块链, 身份认证

Abstract: Internet of things (IoT) devices are widely distributed, numerous and complex, which are involved in multiple management domains. They are often in uncontrollable environments and are more vulnerable to attacks than traditional Internet terminals, the security management and protection of IoT terminals face greater risks and challenges. As “the first line of defense” for the security protection of IoT devices, authentication plays an irreplaceable and important role in the development of IoT security. The blockchain technology has the characteristics and advantages of decentralization, distribution, immutability and traceability. And thus, it can effectively solve the single-point trust failure of trusted third parties and satisfy the principle of least authorization for multi-domain heterogeneity in cross-domain authentication for IoT terminals. Using the blockchain technology is an important trend in the future development of the IoT device cross-domain authentication. This paper categorizes and summarizes the main research achievements of IoT cross-domain authentication based on blockchain technology in recent years according to three categories: integrating traditional identity authentication mechanisms such as PKI and IBS/IBC, adopting inter-blockchain technology, and other cross-domain authentication technologies based on blockchain. Then this paper analyzes the technical characteristics, advantages and disadvantages of each different scheme. On this basis, the current problems and issues in the field of cross-domain authentication of IoT devices are summarized, and the future research directions and development suggestions for the cross-domain authentication of IoT terminals are given, so as to achieve a general and overall grasp of the research progress and development trend of IoT device cross-domain authentication schemes based on blockchain technology.

Key words: Internet of things, cross-domain authentication, blockchain, identity authentication