当前位置:
X-MOL 学术
›
Comput. Commun.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
TDS-NA: Blockchain-based trusted data sharing scheme with PKI authentication
Computer Communications ( IF 6 ) Pub Date : 2024-02-19 , DOI: 10.1016/j.comcom.2024.02.018 Zhenshen Ou , Xiaofei Xing , Siqi He , Guojun Wang
Computer Communications ( IF 6 ) Pub Date : 2024-02-19 , DOI: 10.1016/j.comcom.2024.02.018 Zhenshen Ou , Xiaofei Xing , Siqi He , Guojun Wang
Data sharing has received much attention and research as an excellent way to unlock the value of data. Trusted data storage servers will participate in the data-sharing system to provide users with convenient data access and storage services. Currently, the vast majority of researchers design data-sharing systems based on centralized trusted authorities and key management centers, but they tend to ignore the problems of trust dependency and data leakage that exist in centralized trust and lead to the overall untrustworthiness of the system. To solve the above problems, this paper considers the use of public key infrastructure (PKI) to provide trusted authentication for data-sharing entities, but the traditional PKI has CA root trust and scenario adaptation problems, so we optimize the traditional PKI model for data-sharing scenarios and call it an improved PKI. Combining the decentralized trust property of blockchain, this paper proposes a TDS-NA scheme based on blockchain and improved PKI to build a distributed trusted, and secure data-sharing system in a semi-trusted network environment. TDS-NA can secure shared data in data sharing, and provide digital certificates that support entity-trusted authentication and reliable access control while designing digest blocks for efficient data auditing. In this paper, we demonstrate that the TDS-NA scheme is able to resist man-in-the-middle attacks and certificate forgery attacks through formal security analysis while satisfying the necessary security properties of data-sharing systems. We implement a prototype of the TDS-NA scheme in ethereum smart contracts and finally verify the security and feasibility of TDS-NA through experimental comparison and analysis.
中文翻译:
TDS-NA:基于区块链的PKI认证可信数据共享方案
数据共享作为释放数据价值的绝佳方式受到了广泛的关注和研究。可信数据存储服务器将参与数据共享系统,为用户提供便捷的数据访问和存储服务。目前,绝大多数研究人员设计基于中心化可信机构和密钥管理中心的数据共享系统,但往往忽视中心化信任中存在的信任依赖和数据泄露问题,导致系统整体不可信。针对上述问题,本文考虑利用公钥基础设施(PKI)为数据共享实体提供可信认证,但传统PKI存在CA根信任和场景适配问题,因此我们针对数据对传统PKI模型进行了优化-共享场景并称之为改进的PKI。结合区块链去中心化的信任特性,提出一种基于区块链和改进的PKI的TDS-NA方案,在半信任的网络环境下构建分布式可信、安全的数据共享系统。TDS-NA可以保护数据共享中的共享数据,并提供支持实体可信身份验证和可靠访问控制的数字证书,同时设计摘要块以进行高效的数据审计。在本文中,我们通过形式化安全分析证明了TDS-NA方案能够抵御中间人攻击和证书伪造攻击,同时满足数据共享系统必要的安全属性。我们在以太坊智能合约中实现了TDS-NA方案的原型,并最终通过实验比较和分析验证了TDS-NA的安全性和可行性。
更新日期:2024-02-19
中文翻译:
TDS-NA:基于区块链的PKI认证可信数据共享方案
数据共享作为释放数据价值的绝佳方式受到了广泛的关注和研究。可信数据存储服务器将参与数据共享系统,为用户提供便捷的数据访问和存储服务。目前,绝大多数研究人员设计基于中心化可信机构和密钥管理中心的数据共享系统,但往往忽视中心化信任中存在的信任依赖和数据泄露问题,导致系统整体不可信。针对上述问题,本文考虑利用公钥基础设施(PKI)为数据共享实体提供可信认证,但传统PKI存在CA根信任和场景适配问题,因此我们针对数据对传统PKI模型进行了优化-共享场景并称之为改进的PKI。结合区块链去中心化的信任特性,提出一种基于区块链和改进的PKI的TDS-NA方案,在半信任的网络环境下构建分布式可信、安全的数据共享系统。TDS-NA可以保护数据共享中的共享数据,并提供支持实体可信身份验证和可靠访问控制的数字证书,同时设计摘要块以进行高效的数据审计。在本文中,我们通过形式化安全分析证明了TDS-NA方案能够抵御中间人攻击和证书伪造攻击,同时满足数据共享系统必要的安全属性。我们在以太坊智能合约中实现了TDS-NA方案的原型,并最终通过实验比较和分析验证了TDS-NA的安全性和可行性。
京公网安备 11010802027423号