Recent Advances in Cloud-Aware Mobile Fog Computing 2020View this Special Issue
Research Article | Open Access
Huijuan Wang, Yong Jiang, "A Novel Blockchain Identity Authentication Scheme Implemented in Fog Computing", Wireless Communications and Mobile Computing, vol. 2020, Article ID 8849363, 7 pages, 2020. https://doi.org/10.1155/2020/8849363
A Novel Blockchain Identity Authentication Scheme Implemented in Fog Computing
In a fog computing environment, lots of devices need to be authenticated in order to keep the platform being secured. To solve this problem, we turn to blockchain techniques. Unlike the identification cryptographic scheme based on elliptic curves, the proposed 2-adic ring identity authentication scheme inherits the high verification efficiency and high key distribution of sequence ciphers of 2-adic ring theory, and this algorithm adds identity hiding function and trading node supervision function by design. The main designed application scenario of this solution is applicable to the consortium blockchain, and the master nodes are mutually trusting cooperative relations. The node transaction verification and block generation consensus algorithm designed in this solution can be implemented in a set of algorithms, which has higher verification efficiency and easier to be deployed than other solutions. This scheme can be widely used in the fog computing environment.
Security is very important in each network. The fog computing, which extends the function of cloud computing, has attracted lots of attention . The main idea is pushing the centralized function to decentralized function. There are many varieties, such as edge computing and cloudlet [2–4]. The decentralized network means that there needs to be an identity authentication scheme to keep the environments being secured. The blockchain has built a new trusted large-scale assistance method based on the information Internet to solve the trust problem of the development of the digital economy. As a new technology, blockchain technology has the characteristics required by various application scenarios such as transparency and credibility, tamper resistance, traceability, and decentralization. Applications have been extended from the financial field to supply chain management, government services, energy copyright storage, Internet of Things , fog computing, and other fields. In a narrow sense, a blockchain is a type of chained data that combines data blocks in a chronological order in a sequential manner and uses cryptography to ensure a tamper-proof and unforgeable distributed ledger. Broadly speaking, blockchain technology uses blockchain data structure blocks to verify and store data, uses distributed node consensus algorithms to generate and update data, and uses cryptography to ensure the security of data transmission and access. A smart contract composed of script code turns into and operates a new distributed infrastructure and computing paradigm for data. Unlike the traditional centralized structure, the blockchain mechanism does not rely on a specific central node to process and store data, so information leakage caused by malicious centers or other reasons can be avoided. In the actual application scenarios of blockchain, hash functions and digital signature algorithms are widely used in blockchain to verify the correctness of blocks and transactions. The traditional PKI mechanism does not conform to the “decentralized” characteristics of the blockchain because the weight of the trusted center is too large, so certificateless encryption and signature schemes are mostly used in blockchain technology.
There are actually two functions in the blockchain that need to be appropriately adapted to the practical application. One is how to increase the supervision function in the decentralized architecture, and the other is how to ensure the privacy of user information under supervision. In 2012, Yu et al.  proposed a certificateless signature scheme that can be proved safe under the standard model. However, this scheme requires more than 5 bilinear pairing operations, and the calculation efficiency is low. In the same year, Gong and Li  proposed a certificateless password mechanism based on elliptic curves, but the resistance to participating node attacks was weak. In 2013, Miers and others  proposed an anonymous blockchain digital currency scheme based on Bitcoin. This scheme uses zero-knowledge proof cryptography technology to ensure the transaction by hiding the user address and cutting off the contact between the two parties. The nonrelevance of the system can achieve the untraceable effect, but the scheme needs to maintain the currency revocation list at the node to ensure the uniqueness of the transaction, which affects the efficiency of the transaction to a certain extent. In 2016, Shen and Adam proposed ring-based signatures. In 2016, Shen and Adam  proposed a ring-based signature secret transaction scheme. This scheme randomly selects irrelevant addresses and performs ring signatures together with the transaction initiator to achieve the purpose of confusing the identity of the transaction user. However, both the scheme and the zero-coin scheme have the problem of poor traceability due to the cutoff of the transaction association, which is difficult to be applied in actual scenarios, and the amount of single transaction information is too large. The anonymity of the scheme depends on the number of addresses participating in the ring signature. To reduce the amount of transaction information and reduce the number of addresses, you will also face the risk of deanonymization. The combination of blockchain and identification password can solve part of the problem of blockchain decentralization supervision. SM9 is an identification password, and there are a large number of blockchain identification password systems designed based on SM9 at home and abroad. Taking the consortium blockchain in the blockchain as the application environment, performing exponential operation and bilinear pairing operation can be the consortium blockchain. The application provides effective security and privacy protection support.
In this paper, we introduce an identification cryptographic scheme suitable for consortium blockchain based on the 2-adic ring algorithm. The 2-adic ring  is a finite ring that can correspond to any bit string in a finite field. When designing with this theoretical basis, it can inherit the recognition and verification efficiency of binary sequence ciphers in computer communication and can solve a large number of node verification of key distribution issues. Part of the security of passwords is based on the 2-adic ring theory. For an attacker, you need to be familiar with the 2-adic ring theory to recognize the algorithm and increase the difficulty of supply.
This article is mainly composed of the following parts. The second part introduces the basic preliminaries; this part introduces the blockchain and consortium blockchain and the identification password and introduces the basic knowledge of the 2-adic ring to facilitate the reader to understand the subsequent security proof; the third part describes the design of the main cryptographic scheme in this article, the blockchain identification authentication scheme based on the 2-adic ring algorithm, and introduces the node composition and transaction implementation process of the scheme in the consortium blockchain; the fourth part proves and analyzes the security of the scheme attack resistance and finally summarizes the applicable scenarios of the program and suggestions for improvement.
2. Preliminary Knowledge
2.1. Blockchain and Consortium Blockchain
Blockchain technology is built on the Internet. Using P2P, distributed storage, and distributed key ideas, a chronological sequence of data blocks is combined into a specific data structure in a chain. The chain structure of the blockchain uses cryptographic signatures to ensure that the chain connection of the data cannot be tampered with or forged. It can store a full amount of light time-series fingerprint data. The blockchain can be used as a data record database. The database is shared by network nodes. When nodes update data, they submit data records. Through the consensus mechanism, the data consistency between nodes is ensured. After the consistency is determined, the records like blockchain will never be changed or deleted.
The blockchain will also have different architectures due to different deployment environment models, such as public chain/consortium chain/private chain and side chain/crosschain. The encryption scheme in this article is mainly implemented in the consortium chain. In the consortium chain, the validity of the blockchain and the validity of the transaction are determined by a predetermined group of validators. This verification group forms a consortium chain. The consortium chain has the verification nodes and data changes initiated by the group of validators. The shared participating nodes are composed together.
2.2. Identification Password Algorithm
The identification cryptosystem means that the signer holds an identification and a corresponding private key. The private key is generated by the Key Generation Center (KGC) through the combination of the private key and the signer’s identification. The signer uses his own private key to generate a digital signature on the data, and the verifier uses the signer’s logo to generate his public key to verify the validity/authenticity/integrity and legal identity of the signature. SM9 logo ciphers generally involve the calculation of bilinear pairs on finite fields/elliptic curves/elliptic curves. The 2-adic ring algorithm logo ciphers designed in this paper involve knowledge of finite field 2-adic rings.
Identification password verification steps are as follows: (i)Create a polynomial identification cryptographic algorithm to produce public and private keys(ii)Set up a management node and establish an interactive protocol with the user. Executing this protocol can generate the private key and member certificate of the management node and use the private key of the group member of the group administrator(iii)Using an identification password signature algorithm, after entering a message and a member private key, the signature of the message is output(iv)Verify the original message/message signature/public key(v)Confirm the legality of the signature
2.3. 2-Adic Integer and Arithmetic Crosscorrelation
Let binary strictly periodic sequence have the least period , . A 2-adic integer is a formal power series , with . The set of the 2-adic integers forms a ring under the operations of addition and multiplication with carry , the string as merely, and the string as 1, and define , the infinite string is a base 2 expansion of a negative integer -1.
Specifically, the addition of integers is given by
, are carry integers, such that , and for all .
Similarly, there are multiplications of integers .
Let be an odd integer, then the negative integer is associated to the product
In , the formal power series has a unique (multiplicative) inverse
Thus, the ring contains every rational number provided is odd.
Proposition 1 (see ). There is a one-to-one correspondence between rational numbers (where is an odd number) and eventually periodic binary sequences , which associates to each rational number and the bit sequence of its 2-adic expansion. The sequence is strictly periodic if and only if and .
In this correspondence, we use the operations in to introduce the arithmetic crosscorrelation.
Definition 2 (see ). Let and be two strictly binary periodic sequences with period , and let and be the shift of . Denote and as the 2-adic integers corresponding to the sequences and . Then, the corresponding sequence of is strictly periodic or eventually periodic, and its period divides . The shift arithmetic crosscorrelation of and is the number of zeros minus the number of ones in one period of length of .
3. Identity Authentication Scheme Based on 2-Adic Ring AC Algorithm
This paper proposes an information authentication scheme suitable for consortium blockchain technology. By broadcasting transaction information encrypted by user identity information in transaction information, multi-KGC signature calculation is performed to hide user identity and transaction continuity.
3.1. Node Composition
The nodes in this scheme are divided into a primary node and a secondary node. The primary node is responsible for initializing the parameters of the AC algorithm and KGC signature used in the blockchain, executing the consensus algorithm for generating new blocks in the blockchain, participating in the continuous generation of blocks, and managing the joining of secondary nodes and distribution of related key. There can be multiple KGCs in a system, and new KGCs can only be added after they are approved by other KGCs. Each KGC has its own specific ID number and at a fixed time interval randomly generates an ID-based ID based on an algorithm . In a fixed period of time, KGC generates a large prime based on according to the self-energy contract code. The secondary node and transaction information generates random numbers and and generates . Each KGC generates its own key . Secondary node receives , and secondary node receives .
Secondary nodes and generate and based on their ID numbers. Generate verification key pairs and according to contract algorithm. The secondary node holds its own signature key pair, and the secondary node is the user who signs the KGC. Conduct transactions between secondary nodes to complete the peer-to-peer transaction information transfer process. After the KGC negotiates the transaction, it will be broadcasted to the entire network, and the new block will write the transaction, which will be confirmed and effective by each KGC master node.
3.2. Transaction Process
The network transaction process is as follows.
3.2.1. Signature Generation
The secondary node has to conduct transactions with the secondary node , and the transaction task is . The secondary nodes and broadcast to the primary node KGC, and the secondary nodes and generate verification keys and according to their unique ID numbers IDA and IDB. Secondary node retains and secondary node retains . The main node KGC has its own characteristic ID number and generates an identification number identifier during the time period of transaction , . The contract can generate a large prime number based on the identification , and send to each KGC, to the secondary node , and to the secondary node . The primary node KGC holds , the secondary node holds , and the secondary node holds .
3.2.2. Signature Verification
The secondary nodes and conduct transactions, the secondary node generates a key sequence based on , the secondary node generates a key sequence based on , and the secondary nodes and send and to each other. The secondary node verifies the legality of the other party, and the formula is then the identity is legal. If , it means that the secondary nodes and have not obtained the identification key issued by KGC and are not in the transaction, or the transaction has expired.
Compared with the verification algorithm of the identification standard, considering that there can be multiple KGC functional requirements in the consortium blockchain, the main KGC functions of the multi-KGC mode in this paper are allocated to the master node. The master node jointly participates in parameter maintenance and key generation, which meets the requirements of partial decentralization of the consortium blockchain. After verifying the identity and transaction legitimacy of the secondary nodes and , they are sent to KGC. Each KGC is calculated according to the competition and broadcasted to the main node KGC of the entire network. Each KGC writes a block after verification and broadcasts the secondary to the entire network. The transactions of nodes and are successfully included in the blockchain, and each KGC stores transaction information. Each KGC calculates according to the competition of and broadcasts it to the main node KGC of the whole network. Each KGC writes the block after verification and broadcasts the transactions of the secondary nodes and to the whole network, storing transaction information.
In a blockchain transaction, when a node interacts with information, it needs to check the other party’s information. KGC can find the key to which user belongs according to the user information IDA it holds and check whether it is revoked and changed to determine the time of the transaction and legality. When revoking the secondary node, record the “obsolete” mark in the ID number of the member information to be revoked. Second, when the system parameters need to be updated, KGC can regenerate the system parameters and update the user information while retaining the system coefficients that were used.
3.3. Blockchain Generation and Verification
This paper proposes an authentication scheme based on the 2-adic ring algorithm, which is mainly applicable to the design architecture of the consortium blockchain. The main node KGC is responsible for the generation of the blockchain. Since the designed scenario is a cooperative relationship of KGC for mutual trust, the consensus algorithm for block generation designed by this scheme does not have strong block generation rewards and competition. We use semicompetitive and semirandom blockchain accounting right allocation to complete block generation. Since the various KGCs do not trust and cooperate with each other, we rule out malicious forks of the blockchain.
When the secondary nodes and initiate the transaction , the number to which the last associated transaction information belongs and the hash value to which belongs to in the last associated transaction need to be added. The master node KGC needs to publish whether transaction is the last related transaction of and confirm whether the transaction between nodes and is legal. The block record information of is generated after the transaction.
The new block needs to record the number and hash value of the previous block to ensure the continuity of the block. Each node needs to confirm the legality of generating the identity of the master node when receiving the heart block, and after the latest block is associated, the transaction information verification process is performed.
3.4. Specific Process
Based on the ID number of the secondary node in this solution, the identification authentication key can be generated, which can protect the privacy information of the secondary node, and can be designed to add the identification information of KGC to the ID when generating , so that KGC can be authorized under certain conditions and it can identify the identity of secondary nodes and realize the supervision of individuals and transactions. In actual scenarios, it can be used for Internet transactions based on citizen ID numbers. Each KGC can include a supervisory unit that issues citizen ID numbers. Internet applications that require identification, banks, governments, communication companies, schools, and other departments, need to confirm their identities and business handling and transactions.
The specific process is as follows (Figure 1): (i)The secondary nodes and initiate the creation of transaction , and the secondary nodes and each verify the legitimacy of . According to the last associated transaction , both parties send a transaction request to the primary node, KGC, after authentication by both parties(ii)After receiving the transaction request , each KGC generates a time-stamped large prime number at a time interval and generates a verification key ; each KGC generates its own key , sends to the secondary node , and sends to the secondary node (iii)The secondary nodes and generate and through the smart contract encryption algorithm according to their respective ID numbers, generate authentication keys and , and send it to each other(iv)Secondary nodes and verify if each other’s identity is legal and send to all KGC after authentication(v)After each KGC receives , it competes to calculate , obtain accounting power, and broadcast to the entire network, and the transaction validation process ends
4. Solution Security Analysis
4.1. Proof of Correctness
We introduce the nature of the sequence; for the detailed proof, please refer to the literature .
For each integer , is satisfied on the Galois ring . There is a maximum period sequence , sequence maximum period is . Ring maximum sequence composition of the sequence set is defined as . The sequence generated by is defined by the following: where ; ; ; .
The sequences generated by the largest periodic sequence of integers in the form a binary periodic sequence set. The largest periodic sequences make up the set and period is . Any two sequences , in set , satisfy .
The key point of the 2-adic ring AC algorithm proves is the arithmetic correlation property of sequence S, it has been proven readers may refer to .
4.2. Solution Security Analysis
4.2.1. Unforgeability Analysis
Identification signature of the secondary node : because the IDA number is generated based on identity , if the attacker forges identity and forges the verification sequence password , it is necessary to verify whether it is legal. Because the attacker cannot get , so this scheme can resist identity forgery.
Forged identity signature on KGC attack on master node : due to the overall design of the scheme, each KGC does not participate in the transaction, but only serves as transaction authentication and block generation, and the generation of block accounting rights is semirandom and does not rely too much on computing power and rights. Therefore, the attacker attacks KGC to obtain its own possibility of accounting rights. During the attack, there is no valuable information interaction between the malicious primary node and the malicious secondary node. Therefore, as long as there is any credible KGC, this scheme can resist forged malicious attacks.
4.2.2. Forward and Backward Security
When the system parameters of the identification password scheme need to be updated, KGC needs to renegotiate a new random number, determine a new identification signature based on its ID number, and issue new transaction keys to participating nodes. The previous system parameters should still be retained, and the node can verify the signature before the update based on the parameters in effect at the time. As for the system parameters, since the random numbers are randomly selected, there is no connection between the two before and after the update, and the attacker cannot forge the key before the update based on the key at the current stage. If the attacker holds the key before the update, he cannot join the participating nodes to forge the signature at the current stage.
4.3. Solution Efficiency and Safety Analysis
This solution is based on the 2-adic arithmetic correlation algorithm design. The legality verification key between nodes is a binary sequence string, which inherits the efficiency of sequence verification in communication. And each KGC competes to generate blocks with a simple polynomial time complexity, so the overall design scheme has higher verification block efficiency. In order to illustrate the operational efficiency and safety of this solution, this article lists several typical solutions for comparison (Table 1); represents exponential calculation time, represents the dot multiplication operation time of the elements in the ring, and represents the homomorphic mapping operation time. Performance comparison and analysis table is available.
This article turns to the basic design ideas of the identification password and the functions of the main nodes of the consortium blockchain as the entry point. Using 2-adic ring theory and arithmetic related algorithms, a new identification password authentication scheme applied in consortium blockchain is designed to serve the fog computing devices. Under the premise that the master node trusts each other, the scheme designs the master node to bear the relevant functions of KGC and bear the responsibility of block generation and accounting. Through security proof and efficiency analysis, this scheme has signatures that cannot be forged, transaction node anonymity, and forward security. Because the scheme is designed to be in a trusted environment, transaction authentication and consensus protocols can be implemented with a set of algorithm schemes, so the computational efficiency is greatly improved compared to classic identification passwords such as SM9. This solution can realize the identity verification between nodes in terms of computing time and security and protect the privacy of the nodes, which meets the functional requirements of consortium blockchain multicentralization and protection of node identity information. How to generate blocks between master nodes with competitive interests will be the next step of research work.
The mathematical formula data used to support the findings of this study are included within the article.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
- X. An, X. Zhou, X. Lü, F. Lin, and L. Yang, “Sample selected extreme learning machine based intrusion detection in fog computing and MEC,” Wireless Communications and Mobile Computing, vol. 2018, Article ID 7472095, 2018.
- H. Hui, C. Zhou, S. Xu, and F. Lin, “A novel secure data transmission scheme in industrial Internet of things,” China Communications, vol. 17, no. 1, pp. 73–88, 2020.
- M. Anwesha, D. Debashis, and G. Deepsubhra, “A power and latency aware cloudlet selection strategy for multi-cloudlet environment,” IEEE Transactions on Cloud Computing, vol. 7, no. 1, pp. 141–154, 2019.
- F. Lin, Y. Zhou, X. An, I. You, and K.-K. R. Choo, “Fair resource allocation in an intrusion-detection system for edge computing: ensuring the security of Internet of things devices,” IEEE Consumer Electronics Magazine, vol. 7, no. 6, pp. 45–50, 2018.
- C. Gong, F. Lin, X. Gong, and Y. Lu, “Intelligent cooperative edge computing in the Internet of things,” IEEE Internet of Things Journal, 2020.
- Y. Yu, Y. Mu, G. Wang, Q. Xia, and B. Yang, “Improved certificateless signature scheme provably secure in the standard model,” IET Information Security, vol. 6, no. 2, pp. 102–110, 2012.
- P. Gong and P. Li, “Further improvement of a certificateless signature scheme without pairing,” International Journal of Communication Systems, vol. 27, no. 10, pp. 2083–2091, 2014.
- I. Miers, C. Garman, M. Green, and A. D. Rubin, “Zerocoin: anonymous distributed E-cash from Bitcoin,” in 2013 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 2013.
- N. Shen and M. Adam, “Ring confidential transactions,” Ledger, vol. 1, no. 1, pp. 1–18, 2016.
- M. Goresky and A. Klapper, “Arithmetic crosscorrelations of feedback with carry shift register sequences,” IEEE Transactions on Information Theory, vol. 43, no. 4, pp. 1342–1345, 1997.
- A. Klapper and M. Goresky, “Feedback shift registers, 2-adic span, and combiners with memory,” Journal of Cryptology, vol. 10, no. 2, pp. 111–147, 1997.
- H. J. Wang, Q. Y. Wen, and J. Zhang, “GLS: new class of generalized Legendre sequences with optimal arithmetic cross-correlation,” RAIRO - Theoretical Informatics and Applications, vol. 47, no. 4, pp. 371–388, 2013.
- Y. Q. Li, J. G. Li, and Y. C. Zhang, “Certificateless signature scheme without random oracles,” Journal on Communications, vol. 36, no. 4, pp. 185–194, 2015.
Copyright © 2020 Huijuan Wang and Yong Jiang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.