Cross-Domain Authentication Scheme Based on Blockchain and Consistent Hash Algorithm for System-Wide Information Management

Abstract

System-wide information management (SWIM) is a complex distributed information transfer and sharing system for the next generation of Air Transportation System (ATS). In response to the growing volume of civil aviation air operations, users accessing different authentication domains in the SWIM system have problems with the validity, security, and privacy of SWIM-shared data. In order to solve these problems, this paper proposes a SWIM cross-domain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication. The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains. The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain. According to the dynamic change of user’s authentication requests, the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services. Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks, replay attacks, and Sybil attacks. Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse, difficulty in expansion, and uneven load. At the same time, it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.