An Efficient Blockchain-based Cross-domain Authentication and Secure Certificate Revocation Scheme
Pengpeng Gu, Liquan Chen
Abstract
The existing cross-domain authentication mechanisms are established based on well-known Public Key Infrastructure (PKI) systems, where digital certificates issued by Certificate Authority(CA) serve to authenticate the identity of entities. The complex authentication path, accompanied by multiple signatures and verifications, causes low authentication efficiency. In addition, resulting from an “update gap” between Certificate Revocation List(CRL) and Online Certificate Status Protocol(OCSP) mechanism, the revoked certificates will be exposed to DDoS attacks. For addressing aforementioned two challenges, an efficient blockchain-based authentication and secure certificate revocation scheme is proposed. Based on the non-tamperability and traceability of the blockchain, the signature module of X.509 digital certificate is replaced by the certificate hash value which serves as the trust certificate between domains. Furthermore, a consensus algorithm is adopted for random number hash broadcasting to improve efficiency. Theoretical analysis shows the proposed scheme has the security characteristics of non-repudiation, anonymity and anti DDoS attack. The experimental results demonstrate the proposed scheme has the advantage over existing cross-domain authentication and certificate revocation scheme at communication and computing cost and security respectively.