面向区块链的物联网终端跨域认证方法综述

doi:10.3778/j.issn.1673-9418.2211004

摘要/Abstract

摘要： 物联网终端设备分布广、数量多、层次复杂，并且涉及多个管理域，常处于不可控的环境中，相比于传统互联网终端，更容易受到攻击，其安全管控面临着更为巨大的风险与挑战。身份认证作为物联网终端安全防护的“第一道防线”，对物联网安全发展起着不可替代的作用。区块链具有去中心化、分布式、不易篡改、可追溯等特点优势，能够有效解决物联网终端跨域身份认证中存在的可信第三方单点信任失效，多域异构性难以满足最小授权原则等安全问题，使用区块链技术是物联网终端跨域认证未来发展的重要方向。按照融合了PKI和IBS/IBC等传统身份认证机制、采用跨链技术以及基于区块链的跨域认证技术三种类别，对近年来基于区块链的物联网终端跨域认证主要研究成果进行了分类和总结，并对不同方案进行了技术特点及优缺点分析。在此基础上，总结归纳了目前物联网终端跨域认证领域存在的问题，并给出了物联网终端跨域认证未来的研究方向和发展建议，以实现对基于区块链的物联网终端跨域认证方案研究进展和发展趋势的总体把握。

关键词: 物联网, 跨域认证, 区块链, 身份认证

Abstract: Internet of things (IoT) devices are widely distributed, numerous and complex, which are involved in multiple management domains. They are often in uncontrollable environments and are more vulnerable to attacks than traditional Internet terminals, the security management and protection of IoT terminals face greater risks and challenges. As “the first line of defense” for the security protection of IoT devices, authentication plays an irreplaceable and important role in the development of IoT security. The blockchain technology has the characteristics and advantages of decentralization, distribution, immutability and traceability. And thus, it can effectively solve the single-point trust failure of trusted third parties and satisfy the principle of least authorization for multi-domain heterogeneity in cross-domain authentication for IoT terminals. Using the blockchain technology is an important trend in the future development of the IoT device cross-domain authentication. This paper categorizes and summarizes the main research achievements of IoT cross-domain authentication based on blockchain technology in recent years according to three categories: integrating traditional identity authentication mechanisms such as PKI and IBS/IBC, adopting inter-blockchain technology, and other cross-domain authentication technologies based on blockchain. Then this paper analyzes the technical characteristics, advantages and disadvantages of each different scheme. On this basis, the current problems and issues in the field of cross-domain authentication of IoT devices are summarized, and the future research directions and development suggestions for the cross-domain authentication of IoT terminals are given, so as to achieve a general and overall grasp of the research progress and development trend of IoT device cross-domain authentication schemes based on blockchain technology.

Key words: Internet of things, cross-domain authentication, blockchain, identity authentication

霍炜, 张琼露, 欧嵬, 韩文报. 面向区块链的物联网终端跨域认证方法综述[J]. 计算机科学与探索, 2023, 17(9): 1995-2014.

HUO Wei, ZHANG Qionglu, OU Wei, HAN Wenbao. Survey on Blockchain-Based Cross-Domain Authentication for Internet of Things Terminals[J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(9): 1995-2014.

参考文献

[1] GSMA. The mobile economy 2022[EB/OL]. [2022-05-10]. https://www.gsma.com/mobileeconomy/wp-content/uploads/2022/02/280222-The-Mobile-Economy-2022.pdf.
[2] 深信服安全产品研发. Mirai物联网僵尸网络攻击事件深度剖析[EB/OL]. [2022-04-11]. https://bbs.sangfor.com.cn/forum.php?mod=viewthread&tid=22148.
Sangfor Security Product Development. In-depth analysis of Mirai IoT botnet attack incident[EB/OL]. [2022-04-11]. https://bbs.sangfor.com.cn/forum.php?mod=viewthread&tid= 22148.
[3] cnBeta. 2021物联网安全形势报告：去年有十亿级智能电子设备遭到攻击[EB/OL]. [2022-05-10]. https://netsecurity. 51cto.com/article/707523.html.
cnBeta. 2021 IoT security situation report: one billion smart electronic devices were attacked last year[EB/OL]. [2022-05-10]. https://netsecurity.51cto.com/article/707523.html.
[4] YU S J, PARK K S, PARK Y H. A secure lightweight three-factor authentication scheme for IoT in cloud computing environment[J]. Sensors, 2019, 19(16): 3598.
[5] LIN Y D, TRUONG D T, ALI A, et al. Proxy-based federated authentication: a transparent third-party solution for cloud-edge federation[J]. IEEE Network, 2020, 34(6): 220-227.
[6] 丁永善, 李立新, 李作辉. 基于证书的匿名跨域认证方案[J]. 网络与信息安全学报, 2018, 4(5): 32-38.
DING Y S, LI L X, LI Z H. Certificate-based cross-domain authentication scheme with anonymity[J]. Chinese Journal of Network and Information Security, 2018, 4(5): 32-38.
[7] 万雨薇. 物联网环境下的跨域认证机制研究[D]. 南昌：南昌大学, 2018.
WAN Y W. Research on the cross-domain authentication under the environment of the Internet of things[D]. Nanchang: Nanchang University, 2018.
[8] 吴卫. 边缘计算环境下物联网身份认证与隐私保护技术研究[D]. 西安: 西安电子科技大学, 2019.
WU W. Research on identity authentication and privacy protection technology of Internet of things in edge computing environment[D]. Xi’an: Xidian University, 2019.
[9] 毛浥龙. 物联网跨域身份认证研究[D]. 重庆: 重庆邮电大学, 2020.
MAO Y L. Research on cross domain authentication of Internet of things[D]. Chongqing: Chongqing University of Posts and Telecommunications, 2020.
[10] 季一木, 陆毅成, 刘尚东, 等. HIBE-MPJ: 一种基于 HIBE 的物联网环境下跨域通信机制研究[J]. 南京邮电大学学报(自然科学版), 2020, 40(4): 1-10.
JI Y M, LU Y C, LIU S D, et al. HIBE-MPJ: cross-domain communication mechanism based on HIBE in Internet of things environment[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science Edition), 2020, 40(4): 1-10.
[11] WANG W, HU N, LIU X. BlockCAM: a blockchain-based cross-domain authentication model[C]//Proceedings of the 2018 IEEE 3rd International Conference on Data Science in Cyberspace, Guangzhou, Jun 18-21, 2018. Piscataway:IEEE, 2018: 896-901.
[12] 周致成. 基于区块链的大数据安全应用跨域认证关键技术研究[D]. 郑州: 战略支援部队信息工程大学, 2018.
ZHOU Z C. Research on key technology of cross domain authentication for big data security application based on blockchain[D]. Zhengzhou: PLA Strategic Support Force Information Engineering University, 2018.
[13] CHEN Y, DONG G, BAI J, et al. Trust enhancement scheme for cross domain authentication of PKI system[C]//Proceedings of the 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, Guilin, Oct 17-19, 2019. Piscataway: IEEE, 2019: 103-110.
[14] 马晓婷. 基于区块链技术的证书管理与跨域认证方案[D]. 西安: 西安电子科技大学, 2019.
MA X T. Certificate management and cross-domain authentica- tion scheme based on blockchain[D]. Xi’an: Xidian University, 2019.
[15] KIM E, CHO Y S, KIM B, et al. Can we create a cross-domain federated identity for the industrial Internet of things without Google?[J]. IEEE Internet of Things Magazine, 2020, 3(4): 82-87.
[16] 黄穗, 李健, 范冰冰. IABC: 一种基于区块链和布谷鸟过滤器的跨域认证方法[J]. 小型微型计算机系统, 2020, 41(12): 2620-2625.
HUANG S, LI J, FAN B B. IABC: a cross-domain authentication method based on blockchain and cuckoo filter[J]. Journal of Chinese Computer Systems, 2020, 41(12): 2620-2625.
[17] 张金花, 李晓伟, 曾新, 等. 边缘计算环境下基于区块链的跨域认证与密钥协商协议[J]. 信息安全学报, 2021, 6(1): 54-61.
ZHANG J H, LI X W, ZENG X, et al. Cross domain authentication and key agreement protocol based on blockchain in edge computing environment[J]. Journal of Cyber Security, 2021, 6(1): 54-61.
[18] WANG X, GAO F, ZHANG J, et al. Cross-domain authentica-tion mechanism for power terminals based on blockchain and credibility evaluation[C]//Proceedings of the 5th Inter-national Conference on Computer and Communication Systems, Shanghai, May 15-18, 2020. Piscataway: IEEE, 2020: 936-940.
[19] LIU D, LI D, LIU X, et al. Research on a cross-domain authentication scheme based on consortium blockchain in V2G networks of smart grid[C]//Proceedings of the 2018 2nd IEEE Conference on Energy Internet and Energy System Integration, Beijing, Oct 20-22, 2018. Piscataway: IEEE, 2018: 1-5.
[20] LI G, WANG Y, ZHANG B, et al. Smart contract-based cross-domain authentication and key agreement system for heterogeneous wireless networks[J]. Mobile Information Systems, 2020. DOI:10.1155/2020/2964562.
[21] 郭炜立. 基于区块链的异构物联网跨域认证研究[D]. 北京: 北京工业大学, 2020.
GUO W L. Research on heterogeneous IOT cross-domain authentication based on blockchain[D]. Beijing: Beijing University of Technology, 2020.
[22] LIU J, LIU Y, LAI Y, et al. Cross-heterogeneous domain authentication scheme based on blockchain[J]. Journal of Artificial Intelligence and Technology, 2021, 1(2): 92-100.
[23] YANG Y, WU J, LONG C, et al. A blockchain-based cross-domain authentication for conditional privacy preserving in vehicular ad-hoc network[C]//Proceedings of the 3rd Inter-national Conference on Blockchain Technology, Shanghai, Mar 26-28, 2021. New York: ACM, 2021: 183-188.
[24] 魏欣, 王心妍, 于卓, 等. 基于联盟链的物联网跨域认证[J]. 软件学报, 2021, 32(8): 2613-2628.
WEI X, WANG X Y, YU Z, et al. Cross domain authentication for IoT based on consortium blockchain[J]. Journal of Software, 2021, 32(8): 2613-2628.
[25] CHEN J, ZHAN Z, HE K, et al. XAuth: efficient privacy-preserving cross-domain authentication[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(5): 3301-3311.
[26] SHEN M, LIU H, ZHU L, et al. Blockchain-assisted secure device authentication for cross-domain industrial IoT[J]. IEEE Journal on Selected Areas in Communications, 2020, 38(5): 942-954.
[27] JIA X, HU N, SU S, et al. IRBA: an identity-based cross-domain authentication scheme for the internet of things[J]. Electronics, 2020, 9(4): 634.
[28] 王弘洁. 智慧医疗场景下基于联盟区块链的跨域身份认证[D]. 南京: 南京邮电大学, 2021.
WANG H J. Research on cross-domain identity authentication scheme based on the consortium blockchain in the wise medical scenario[D]. Nanjing: Nanjing University of Posts and Telecommunications, 2021.
[29] 魏松杰, 李莎莎, 王佳贺. 基于身份密码系统和区块链的跨域认证协议[J]. 计算机学报, 2021, 44(5): 908-920.
WEI S J, LI S S, WANG J H. A cross-domain authentication protocol by identity-based cryptography on consortium blockchain[J]. Chinese Journal of Computers, 2021, 44(5):908-920.
[30] XU R H, CHEN Y, BLASCH E, et al. BlendCAC: a blockchain-enabled decentralized capability-based access control for IoTs[C]//Proceedings of the 2018 IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber, Physical and Social Computing and IEEE Smart Data, Halifax, Jul 30-Aug 3, 2018. Piscataway: IEEE, 2018: 1027-1034.
[31] 王思源. 融合区块链和权能的物联网跨域访问控制机制研究与实现[D]. 北京: 北京邮电大学, 2021.
WANG S Y. Research and implementation of a cross-domain access control mechanism of Internet of things with blockchain and capabilities[D]. Beijing: Beijing University of Posts and Teleconmmunications, 2021.
[32] LI C, LI F, YIN L, et al. A blockchain-based IoT cross-domain delegation access control method[J]. Security and Communication Networks, 2021. DOI:10.1155/2021/3091104.
[33] ZHANG Y, LUO Y, CHEN X, et al. A lightweight auth-entication scheme based on consortium blockchain for cross-domain IoT[J]. Security and Communication Networks, 2022. DOI:10.1155/2022/9686049.
[34] SHAMIR A. Identity-based cryptosystems and signature schemes[C]//LNCS 196: Proceedings of the Advances in Cryptology, Santa Barbara, Aug 19-22, 1984. Berlin, Heidelberg: Springer, 1985: 47-53.
[35] TARA M. What are layers of blockchain? Full guide to blockchain architecture[EB/OL]. [2022-10-11]. https://www. cryptologi.st/news/blockchain-layers-the-layered-structure-of-the-blockchain-architecture.
[36] PANDEY K. Understanding the basics of a blockchain is the building “block” of success in the crypto space[EB/OL]. [2022-10-11]. https://www.jumpstartmag.com/what-are-the-different-layers-of-blockchain-technology/.
[37] Shardeum Content Team. What are blockchain layers and how do they work?[EB/OL]. [2022-12-11]. https://shardeum. org/blog/what-are-blockchain-layers/.
[38] YAGA D, MELL P, ROBY N, et al. Blockchain technology overview[J]. arXiv:1906.11078, 2019.
[39] TONG W, DONG X W, SHEN Y L, et al. A hierarchical sharding protocol for multi-domain IoT blockchains[C]//Proceedings of the 2019 IEEE International Conference on Communications, Shanghai, May 20-24, 2019. Piscataway: IEEE, 2019: 1-6.
[40] LI D, YU J, GAO X, et al. Research on multidomain authentication of IoT based on cross-chain technology[J]. Security and Communication Networks, 2020. DOI:10.1155/ 2020/6679022.
[41] ZHANG S, CAO Y, NING Z, et al. A heterogeneous IOT node authentication scheme based on hybrid blockchain and trust value[J]. KSII Transactions on Internet and Infor-mation Systems, 2020, 14(9): 3615-3638.
[42] JIA X, HU N, YIN S, et al. A2 chain: a blockchain-based decentralized authentication scheme for 5G-enabled IoT[J]. Mobile Information Systems, 2020. DOI:10.1155/2020/8889192.
[43] ALI G, AHMAD N, CAO Y, et al. xDBAuth: blockchain based cross domain authentication and authorization framework for Internet of things[J]. IEEE Access, 2020, 8: 58800-58816.
[44] 张亚兵, 邢镔. 基于多层区块链的跨域认证方案[J]. 计算机应用研究, 2021, 38(6): 1637-1641.
ZHANG Y B, XING B. Cross domain authentication scheme based on multi layer blockchain[J]. Application Research of Computers, 2021, 38(6): 1637-1641.
[45] ALSAEED N, NADEEM F. A framework for blockchain and fogging-based efficient authentication in Internet of things[C]//Proceedings of the 2022 2nd International Conference on Computing and Information Technology, Tabuk, Jan 25-27, 2022. Piscataway: IEEE, 2022: 409-417.
[46] 赵平, 王赜, 李芳, 等. 主从区块链容错异构跨域身份认证方案[J]. 计算机工程与应用, 2022, 58(22): 79-88.
ZHAO P, WANG Z, LI F, et al. Master-slave blockchain fault-tolerant heterogeneous cross-domain identity authentication scheme[J]. Computer Engineering and Applications, 2022, 58(22): 79-88.
[47] ZHANG Z, ZHONG C, GUO S, et al. A master-slave chain architecture model for cross-domain trusted and authentication of power services[C]//Proceedings of the 2019 7th International Conference on Information Technology: IoT and Smart City, Shanghai, Dec 20-23, 2019. New York: ACM, 2019: 483-487.
[48] CUI Z, XUE F, ZHANG S, et al. A hybrid block-chain-based identity authentication scheme for multi-WSN[J]. IEEE Transactions on Services Computing, 2020, 13(2): 241-251.
[49] DONG S, YANG H, YUAN J, et al. Blockchain-based cross-domain authentication strategy for trusted access to mobile devices in the IoT[C]//Proceedings of the 2020 International Wireless Communications and Mobile Computing, Limassol, Jun 15-19, 2020. Piscataway: IEEE, 2020: 1610-1612.
[50] 李大伟, 霍瑛. 基于侧链技术的电力物联网跨域认证研究[J]. 电力工程技术, 2020, 39(6): 8-12.
LI D W, HUO Y. Cross domain authentication of power IoT based on side chain[J]. Electric Power Engineering Tech-nology, 2020, 39(6): 8-12.
[51] LIU B, YU K, FENG C, et al. Cross-domain authentication for 5G-enabled UAVs: a blockchain approach[C]//Proceedings of the 4th ACM MobiCom Workshop on Drone Assisted Wireless Communications for 5G and Beyond, New Orleans, Oct 25-29, 2021. New York: ACM, 2021: 25-30.
[52] WANG X, GARG S, LIN H, et al. Enabling secure authentica-tion in industrial IoT with transfer learning empowered blockchain[J]. IEEE Transactions on Industrial Informatics, 2021, 17(11): 7725-7733.
[53] XUE L, HUANG H, XIAO F, et al. A cross-domain authenti-cation scheme based on cooperative blockchains func-tioning with revocation for medical consortiums[J]. IEEE Transactions on Network and Service Management, 2022, 19(3): 2409-2420.
[54] YAO Y, CHANG X, MI?I? J, et al. BLA: blockchain-assisted lightweight anonymous authentication for distributed vehicular fog services[J]. IEEE Internet of Things Journal, 2019, 6(2): 3775-3784.
[55] HUANG C, XUE L, LIU D, et al. Blockchain-assisted transparent cross-domain authorization and authentication for smart city[J]. IEEE Internet of Things Journal, 2022, 9(18): 17194-17209.
[56] FU C, KEZMANE T, DU X, et al. An location-aware authentication scheme for cross-domain Internet of things systems[C]//Proceedings of the 2018 International Conference on Computing, Networking and Communications, Maui, Mar 5-8, 2018. Piscataway: IEEE, 2018: 452-456.
[57] GUO S, HU X, GUO S, et al. Blockchain meets edge computing: a distributed and trusted authentication system[J]. IEEE Transactions on Industrial Informatics, 2019, 16(3): 1972-1983.
[58] ZHANG K, ZHU Y, MAHARJAN S, et al. Edge intelligence and blockchain empowered 5G beyond for the industrial Internet of things[J]. IEEE Network, 2019, 33(5): 12-19.
[59] 董贵山, 陈宇翔, 李洪伟, 等. 异构环境中基于区块链的跨域认证可信度研究[J]. 通信技术, 2019, 52(6): 1450-1460.
DONG G S, CHEN Y X, LI H W, et al. Cross-domain authentication credibility based on blockchain in heterogeneous environment[J]. Communications Technology, 2019, 52(6): 1450-1460.
[60] XIAO X, GUO F, HECKER A. A lightweight cross-domain proximity-based authentication method for IoT based on IOTA[C]//Proceedings of the IEEE Globecom Workshops, GLOBECOM Workshops 2020, Dec 7-11, 2020. Piscataway: IEEE, 2020: 1-6.
[61] TAN L, SHI N, YU K, et al. A blockchain-empowered access control framework for smart devices in green Internet of things[J]. ACM Transactions on Internet Technology, 2021, 21(3): 1-20.
[62] XUAN S, XIAO H, MAN D, et al. A cross-domain auth-entication optimization scheme between heterogeneous IoT applications[J]. Wireless Communications and Mobile Com- puting, 2021. DOI:10.1155/2021/9942950.
[63] ZHAO H M. A cross-border E-commerce approach based on blockchain technology[J]. Mobile Information Systems, 2021. DOI:10.1155/2021/2006082.
[64] WANG L, TIAN Y, ZHANG D. Toward cross-domain dynamic accumulator authentication based on blockchain in Internet of things[J]. IEEE Transactions on Industrial Informatics, 2021, 18(4): 2858-2867.
[65] PAILLISSE J, SUBIRA J, LOPEZ A, et al. Distributed access control with blockchain[J]. arXiv:1901.03568, 2019.
[66] SUN S, CHEN S, DU R. Trusted and efficient cross-domain access control system based on blockchain[J]. Scientific Programming, 2020. DOI:10.1155/2020/8832568.