基于Whisper的身份识别机制

doi:10.12677/CSA.2021.113059

期刊菜单

基于Whisper的身份识别机制
Blockchain with Whisper Protocol for Identity Authentication

DOI: 10.12677/CSA.2021.113059, PDF,
作者: 吴鸿文, 周宇, 杨振国, 刘文印：广东工业大学计算机学院，广东广州
关键词: 区块链；以太坊；权威证明；密码；网络身份认证；单点登录；Blockchain； Ethereum； Proof of Authority； Password； Web Identity Authentication； SSO

摘要: 用户一般需要使用帐户和密码来访问各种平台和系统，如果用户使用弱密码的话，虽然很容易记住，但比较容易受到攻击；如果使用强密码，则使用起来不太方便，不容易记住。所以，我们提出了一种基于区块链的去中心化身份认证机制。该机制使用以太坊的Whisper协议来取代http/https协议；更具体地的说，接入该机制的网站通过接收来自Whisper的内容来验证用户的身份信息，不再需要让用户填写用户名与密码进行验证。这种机制也能防御“重放攻击”、“网络钓鱼攻击”和“模拟攻击”，最后本机制与“OAuth2.0”，“OpenID”和“SAML”进行对比，在“网络钓鱼攻击”方面更比其他机制更优，能够很好的防御此类攻击。

Abstract: Users need to use accounts and passwords to access various platforms and systems. Weak passwords are easy to be remembered but vulnerable to attacks, while strong passwords are not easy-to-use. To this end, a blockchain-based and decentralized identity authentication mechanism without traditional passwords is proposed. Instead of using the http/https protocols, the Whisper protocol in Ethereum is adopted. More specifically, the website verifies the identity information of the user by receiving a content of a Whisper envelope, thus the website does not need to provide a web interface, in order to verify the identity information of the user. The proposed identity authorization process in a decentralized manner has been verified to defend against replay attack, phishing attack and impersonation attack, compared with OAuth2.0, OpenID and SAML.

文章引用：吴鸿文, 周宇, 杨振国, 刘文印. 基于Whisper的身份识别机制[J]. 计算机科学与应用, 2021, 11(3): 579-587. https://doi.org/10.12677/CSA.2021.113059

参考文献

[1]	Bosnjak, L. (2018) Brute-Force and Dictionary Attack on Hashed Real-World Passwords. 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, 21-25 May 2018, 1161-1166. [Google Scholar] [CrossRef]
[2]	Whisper Protocol. https://github.com/ethereum/wiki/wiki/Whisper
[3]	Benet, J. (2014) IPFS-Content Addressed, Versioned, P2Ple System. https://arxiv.org/abs/1407.3561
[4]	Wilkinson, S., Boshevski, T., Brandoff, J. and Buterin, V. (2018) Storj a Peer-to-Peer Cloud Storage Network. White Paper. https://storj.io/storj.pdf
[5]	Vorick, D. and Champine, L. (2014) Sia: Simple Decentralized Storage. https://whitepaper.io/document/17/siacoin-whitepaper
[6]	OAuth 2.0. https://oauth.net/2
[7]	Sudhodanan, A., et al. (2018) Large-Scale Analysis & Detection of Authentication Cross-Site Request Forgeries. IEEE European Symposium on Security and Privacy, Paris, 26-28 April 2017, 350-365. [Google Scholar] [CrossRef]
[8]	Liu, W., Deng, X., Huang, G. and Fu, A.Y. (2006) An Anti-Phishing Strategy Based on Visual Similarity Assessment. IEEE Internet Computing, 10, 58-65. [Google Scholar] [CrossRef]
[9]	Liu, W., Liu, G., Qiu, B. and Quan, X. (2012) Anti-Phishing through Phishing Target Discovery. IEEE Internet Computing, 16, 52-61. [Google Scholar] [CrossRef]
[10]	Yang, F. and Manoharan, S. (2013) A Security Analysis of the OAuth Protocol. Proceedings of Communications, Computers and Signal Processing, Victoria, 27-29 August 2013, 271-276. [Google Scholar] [CrossRef]
[11]	Blockstack ID. https://blockstack.org
[12]	uPort. https://www.uport.me
[13]	Saritekin, R.A. (2018) Blockchain Based Secure Communication Application Proposal: Cryptouch. 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, 22-25 March 2018, 1-4. [Google Scholar] [CrossRef]
[14]	OpenID. https://openid.net
[15]	SAML2.0. https://wiki.oasis-open.org/security/FrontPage
[16]	袁勇, 王飞跃. 区块链技术发展现状与展望[J]. 自动化学报, 2016, 42(4): 481-494.

为你推荐

友情链接