Abstract
As the most effective way to improve the efficiency of government work, e-government has been built at all levels of China, accompanied by the construction of hundreds of authentication centers, which cause serious isolation of different systems, waste of resources, inconveniences for users who have business requirements across departments and districts. Currently, users need to repeatedly register and manage multiple different accounts, or even multiple different authentication methods. In the context of population migration, cross-departmental and regional business operations are growing, it is of great significance to find trust transfer methods for different government applications.
To overcome the issue, in this paper, we first explicitly put forward a trust delivery model named “Tiger tally” that can use consensus of all the participants instead of traditional centralized structure by using blockchain. Then design a cross-domain authentication protocol that is compatible with different authentication mechanism. As our main contribution, our scheme is advanced to resolve the trust delivery issues and it is strictly considered from perspective of security, low cost and unified regulatory requirements. In particular, by integrating “HMAC”, traditionally the purview of message security with token standard, our scheme realized the idea of “Tiger tally” in ancient. It not only overcomes the long-standing trust delivery obstacles in e-government, but also achieves the traceability of responsibility and security guarantee beyond the isolated systems’ security bound.
Supported by National Key Research and Development Program of China (2017YFB0802300) and (2017YFB0802304), Science and technology projects in Sichuan Province (2017GZDZX0002) and Sichuan Science and Technology Program No.2018JY0370.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
State Council of PRC, Notice of the General Office of the State Council on Forwarding the Implementation Plan of the Ministry of National Development and Reform Commission and other departments to promote the “Internet + Government Affairs Service”. http://www.ndrc.gov.cn/zcfb/zcfbqt/201604/t20160426_799767.html. Accessed 4 July 2018
GOV.UK Verify. https://www.gov.uk/government. Accessed 4 July 2018
Weinberg, J.T.: Biometric identity. Soc. Sci. Electron. Publish. 59(1), 30–32 (2016)
Lewison, K., Corella, F.: Backing rich credentials with a blockchain PKI. Technical Report (2016)
Lewison, K., Corella, F.: Rich Credentials for Remote Identity Proofing[EB/OL]. https://pomcor.com/techreports. Accessed 4 July 2018
UK Government. Identity Proofing and Verification of an Individual [EB/OL]. https://www.gov.uk/government/uploads. Accessed 4 July 2018
Bonneau, J., Herley, C., Oorschot, P., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: Proceedings IEEE Symposium on Security And Privacy, pp. 553–567 (2012)
Katz, J., Ostrovsky, R., Yung, M.: Efficient and secure authenticated key exchange using weak passwords. J. ACM 57(1), 1–41 (2009)
Wang, D., Wang, P.: On the implications of Zipfs law in passwords. In: Proceedings ESORICS 2016, series LNCS, vol. 9878, pp. 1–21 (2016)
Camenisch, J., Lehmann, A., Neven, G.: Optimal distributed password verification. In: Proceedings ACM CCS 2015, pp. 182–194 (2015)
Li, Y., Li, X., Zhong, L., et al.: Research on the S/KEY one-time password authentication system and its application in banking and financial systems. In: International Conference on Networked Computing and Advanced Information Management (2010)
Wang, L., Zhang, R.: An security-enhanced authentication system based on OTP system in E-commerce. In: International Conference on Management and Service Science (2010)
Wang, D., He, D., Wang, P., Chu, C.-H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Depend. Secur. Comput. 12(4), 428–442 (2015)
Huang, X., Chen, X., Li, J., Xiang, Y., Xu, L.: Further observations on smart-card-based password-authenticated key agreement in distributed systems. IEEE Trans. Para. Distrib. Syst. 25(7), 1767–1775 (2014)
Wang, D., Gu, Q., Cheng, H., Wang, P.: The request for better measurement: a comparative evaluation of two-factor authentication schemes. In: Proceedings ACM ASIACCS 2016, pp. 475–486 (2016)
Wimberly, H., Liebrock, L.: Using fingerprint authentication to reduce security: an empirical study. In: IEEE IEEE Symposium on Security and Privacy 2011, pp. 32–46 (2011)
Zhang, F., Feng, D.G.: Fuzzy extractor based remote mutual biometric authentication. J. Comput. Res. Dev. 46(5), 850–856 (2009)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31
Myers, M., Ankney, R., Malpani, A., et al.: X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol. EITFRFC2560. PKIX Working Group, p. 6 (1999)
Perlman, R.: Overview of PKI trust models. IEEE Netw. 13(6), 38–43 (2002)
Lambrinoudakis, C., Gritzalis, S., Dridi, F., et al.: Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy. Comput. Commun. 26(16), 1873–1883 (2003)
Yu, J., Wang, G., Mu, Y., Gao, W.: An efficient generic framework for three-factor authentication with provably secure instantiation. IEEE Trans. Inform. Foren. Secur. 9(12), 2302–2313 (2014)
Odelu, V., Das, A., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inform. Foren. Secur. 10(9), 1953–1966 (2015)
Pashalidis, A., Mitchell, C.J.: A taxonomy of single sign 2 on systems. In: Proceedings of 8th Australasian Conference on the Information Security and Privacy, ACISP, pp. 249–264 (2003)
The OAuth 2.0 Authorization Protocol, IETF OAuth Working Group draft, work in progress, September 2011
Leiba, B.: OAuth web authorization protocol. IEEE Internet Comput. 16(1), 74–77 (2012)
The OAuth 2.0 Authorization Protocol: Bearer Tokens, IETF OAuth Working Group draft, work in progress, October 2011
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_1
Chinas office of security commercial code administration: specification of sm3 cryptographic hash function [EB/OL] (2010). http://www.oscca.gov.cn/UpFile/20101222141857786.pdf. Accessed Apr 2010
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. Rfc (1997)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Dong, G., Chen, Y., Hao, Y., Zhang, Z., Zhang, P., Yu, S. (2020). Tiger Tally: Cross-Domain Scheme for Different Authentication Mechanism. In: Wen, S., Zomaya, A., Yang, L. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2019. Lecture Notes in Computer Science(), vol 11944. Springer, Cham. https://doi.org/10.1007/978-3-030-38991-8_35
Download citation
DOI: https://doi.org/10.1007/978-3-030-38991-8_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-38990-1
Online ISBN: 978-3-030-38991-8
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)