Open Access

ARTICLE

Cross-Domain Authentication Scheme Based on Blockchain and Consistent Hash Algorithm for System-Wide Information Management

Lizhe Zhang^1,2,*, Yongqiang Huang², Jia Nie², Kenian Wang^1,2

1 Key Laboratory of Civil Aircraft Airworthiness Technology, Civil Aviation University of China, Tianjin, 300000, China
2 School of Safety Science and Engineering, Civil Aviation University of China, Tianjin, 300000, China

* Corresponding Author: Lizhe Zhang. Email:

Computers, Materials & Continua 2023, 77(2), 1467-1488. https://doi.org/10.32604/cmc.2023.042305

Received 25 May 2023; Accepted 12 August 2023; Issue published 29 November 2023

Abstract

System-wide information management (SWIM) is a complex distributed information transfer and sharing system for the next generation of Air Transportation System (ATS). In response to the growing volume of civil aviation air operations, users accessing different authentication domains in the SWIM system have problems with the validity, security, and privacy of SWIM-shared data. In order to solve these problems, this paper proposes a SWIM cross-domain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication. The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains. The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain. According to the dynamic change of user’s authentication requests, the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services. Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks, replay attacks, and Sybil attacks. Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse, difficulty in expansion, and uneven load. At the same time, it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.

---

Keywords

---