System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation ai...System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation air operations,users accessing different authentication domains in the SWIM system have problems with the validity,security,and privacy of SWIM-shared data.In order to solve these problems,this paper proposes a SWIM crossdomain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication.The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains.The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain.According to the dynamic change of user’s authentication requests,the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services.Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks,replay attacks,and Sybil attacks.Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse,difficulty in expansion,and uneven load.At the same time,it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.KEYWORDS System-wide information management(SWIM);consortium blockchain;consistent hash;cross-domain authentication;load balancing.展开更多
When initializing cryptographic systems or running cryptographic protocols, the randomness of critical parameters, like keys or key components, is one of the most crucial aspects. But, randomly chosen parameters come ...When initializing cryptographic systems or running cryptographic protocols, the randomness of critical parameters, like keys or key components, is one of the most crucial aspects. But, randomly chosen parameters come with the intrinsic chance of duplicates, which finally may cause cryptographic systems including RSA, ElGamal and Zero-Knowledge proofs to become insecure. When concerning digital identifiers, we need uniqueness in order to correctly identify a specific action or object. Unfortunately we also need randomness here. Without randomness, actions become linkable to each other or to their initiator’s digital identity. So ideally the employed (cryptographic) parameters should fulfill two potentially conflicting requirements simultaneously: randomness and uniqueness. This article proposes an efficient mechanism to provide both attributes at the same time without highly constraining the first one and never violating the second one. After defining five requirements on random number generators and discussing related work, we will describe the core concept of the generation mechanism. Subsequently we will prove the postulated properties (security, randomness, uniqueness, efficiency and privacy protection) and present some application scenarios including system-wide unique parameters, cryptographic keys and components, identifiers and digital pseudonyms.展开更多
基金funded by the National Natural Science Foundation of China(62172418)the Joint Funds of the National Natural Science Foundation of China and the Civil Aviation Administration of China(U2133203)+1 种基金the Education Commission Scientific Research Project of Tianjin China(2022KJ081)the Open Fund of Key Laboratory of Civil Aircraft Airworthiness Technology(SH2021111907).
文摘System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation air operations,users accessing different authentication domains in the SWIM system have problems with the validity,security,and privacy of SWIM-shared data.In order to solve these problems,this paper proposes a SWIM crossdomain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication.The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains.The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain.According to the dynamic change of user’s authentication requests,the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services.Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks,replay attacks,and Sybil attacks.Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse,difficulty in expansion,and uneven load.At the same time,it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.KEYWORDS System-wide information management(SWIM);consortium blockchain;consistent hash;cross-domain authentication;load balancing.
文摘When initializing cryptographic systems or running cryptographic protocols, the randomness of critical parameters, like keys or key components, is one of the most crucial aspects. But, randomly chosen parameters come with the intrinsic chance of duplicates, which finally may cause cryptographic systems including RSA, ElGamal and Zero-Knowledge proofs to become insecure. When concerning digital identifiers, we need uniqueness in order to correctly identify a specific action or object. Unfortunately we also need randomness here. Without randomness, actions become linkable to each other or to their initiator’s digital identity. So ideally the employed (cryptographic) parameters should fulfill two potentially conflicting requirements simultaneously: randomness and uniqueness. This article proposes an efficient mechanism to provide both attributes at the same time without highly constraining the first one and never violating the second one. After defining five requirements on random number generators and discussing related work, we will describe the core concept of the generation mechanism. Subsequently we will prove the postulated properties (security, randomness, uniqueness, efficiency and privacy protection) and present some application scenarios including system-wide unique parameters, cryptographic keys and components, identifiers and digital pseudonyms.
