research-article

Blockchain-based Certificateless Identity Management Mechanism in Cloud-native Environments

Authors:

Jingjian Zhang,

Jianfeng GuanAuthors Info & Claims

ACM ICEA '21: Proceedings of the 2021 ACM International Conference on Intelligent Computing and its Emerging Applications

Pages 139 - 145

https://doi.org/10.1145/3491396.3506537

Published: 07 January 2022 Publication History

Abstract

With the widespread development of cloud-native technologies, the security of cloud-native system has gradually attracted attention. Cloud-native uses PKI (Public Key Infrastructure) to provide an important guarantee for cloud-native network security, however the heavy certificate management gradually makes the PKI mechanism be a bottleneck for cloud-native systems. In constract with PKI, the certificateless public key mechanism has many advantages such as lightness, which is very suitable for authentication in cloud-native environment. However, before introducing the certificateless public key mechanism into the cloud-native environment, the first problem that must be solved is the identity management. This paper proposes a blockchain-based certificateless identity management (BCL-IM) mechanism for cloud-native environment, which uses blockchain as a trust endorsement for service identity and service public key distribution records, and ensures the timeliness of identity management by blockchain node notification. In addition, a communication disconnect mechanism is also proposed and the usage scenarios of this mechanism are analyzed to ensure the data security. Finally, we give security analysis and performance evaluation to show that our scheme satisfies the requirements for secure service-to-service communication in cloud-native environments based on the certificateless public key mechanism.

References

[1]

CNCF, "CNCF Cloud Native Definition v1.0" Mar 2021, [Online; accessed 21. Oct. 2021]. [Online]. Available: https://github.com/cncf/toc/blob/main/DEFINITION.md

[2]

Khatri A, Khatri V. Mastering Service Mesh: Enhance, secure, and observe cloud-native applications with Istio, Linkerd, and Consul[M]. Packt Publishing Ltd, 2020.

[3]

Melton R. Securing a Cloud-Native C2 Architecture Using SSO and JWT[C]//2021 IEEE Aerospace Conference (50100). IEEE, 2021: 1--8.

[4]

Lim S Y, Kiah M L M, Ang T F. Security issues and future challenges of cloud service authentication[J]. Acta Polytechnica Hungarica, 2017, 14(2): 69--89.

[5]

Adja Y C E, Hammi B, Serhrouchni A, et al. A blockchain-based certificate revocation management and status verification system[J]. Computers & Security, 2021, 104: 102209.

[6]

KURT BAUMGARTNER. Jan 2013, [Online; accessed 22 Oct. 2021]. [Online]. Available: https://securelist.com/turktrust-ca-problems-21/34893/

[7]

Microsoft. Mar 2015, [Online; accessed 22 Oct. 2021]. [Online]. Available: https://docs.microsoft.com/zh-cn/security-updates/securityadvisories/2015/3050995

[8]

Khieu B, Moh M. CBPKI: cloud blockchain-based public key infrastructure[C]//Proceedings of the 2019 ACM Southeast Conference. 2019: 58--63.

[9]

Toorani M, Gehrmann C. A decentralized dynamic PKI based on blockchain[C]//Proceedings of the 36th Annual ACM Symposium on Applied Computing. 2021: 1646--1655.

[10]

Mendki P. Securing Cloud Native Applications Using Blockchain[C]//2021 12th International Conference on Information and Communication Systems (ICICS). IEEE, 2021: 419--423.

[11]

Al-Riyami S S, Paterson K G. Certificateless public key cryptography[C]//International conference on the theory and application of cryptology and information security. Springer, Berlin, Heidelberg, 2003: 452--473.

[12]

Hussain S, Ullah S S, Ali I, et al. Certificateless signature schemes in Industrial Internet of Things: A comparative survey[J]. Computer Communications, 2021.

[13]

Zhou F, Li Y, Lin C.A Revocable Certificateless Aggregate Signature Scheme with Enhanced Security [J]. International Journal of Network Security, 2020, 22(4): 645--654.

[14]

Sun Y, Zhang F, Fu A. Revocable Certificateless Encryption with Ciphertext Evolution[C]//Australasian Conference on Information Security and Privacy. Springer, Cham, 2018: 741--749.

[15]

Zhou F, Li Y, Lin C.A Revocable Certificateless Aggregate Signature Scheme with Enhanced Security [J]. International Journal of Network Security, 2020, 22(4): 645--654.

[16]

Gervais M, Sun L, Wang K, et al. Certificateless Authenticated Key Agreement for Decentralized WBANs[C]//International Conference on Frontiers in Cyber Security. Springer, Singapore, 2019: 268--290.

[17]

Yuen T H, Heng S H. Security-Mediated Certificateless Undeniable Signature Scheme[C]//Third International Congress on Information and Communication Technology. Springer, Singapore, 2019: 25--32.

[18]

Yang X, Chen G, Wang M, et al. Multi-Keyword certificateless searchable public key authenticated encryption scheme based on blockchain[J]. IEEE Access, 2020, 8: 158765--158777.

[19]

Cheng G, Chen Y, Deng S, et al. A Blockchain-Based Mutual Authentication Scheme for Collaborative Edge Computing[J]. IEEE Transactions on Computational Social Systems, 2021.

[20]

Wang W, Xu H, Alazab M, et al. Blockchain-Based Reliable and Efficient Certificateless Signature for IIoT Devices [J]. IEEE Transactions on Industrial Informatics, 2021.

[21]

Li K, Lau W F, Au M H, et al. Efficient message authentication with revocation transparency using blockchain for vehicular networks [J]. Computers & Electrical Engineering, 2020, 86: 106721.

[22]

PrimeKey Solutions AB, "EJBCA" Mar 2021, [Online; accessed 15 Oct. 2021]. [Online]. Available: https://www.ejbca.org/

Cited By

Zang HKim HKim J(2024)Blockchain-Based Decentralized Storage Design for Data Confidence Over Cloud-Native Edge InfrastructureIEEE Access10.1109/ACCESS.2024.338301012(50083-50099)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3383010
Ngo TDang THuynh VCong Le T(2023)A Systematic Literature Mapping on Using Blockchain Technology in Identity ManagementIEEE Access10.1109/ACCESS.2023.325651911(26004-26032)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3256519
Ahmed MIslam AShatabda SIslam S(2022)Blockchain-Based Identity Management System and Self-Sovereign Identity Ecosystem: A Comprehensive SurveyIEEE Access10.1109/ACCESS.2022.321664310(113436-113481)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3216643

Index Terms

Blockchain-based Certificateless Identity Management Mechanism in Cloud-native Environments
1. Security and privacy
  1. Network security

Recommendations

A new definition of homomorphic signature for identity management in mobile cloud computing

In this paper, we define a new homomorphic signature for identity management in mobile cloud computing. A mobile user firstly computes a full signature on all his sensitive personal information (SPI), and stores it in a trusted third party (TTP). During ...
A dynamic federated identity management approach for cloud-based environments
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing

Federated Identity Management (FIM) systems are well-known for achieving reliable and effective collaboration among various organizations; they are becoming the dominant trend in identity management of cloud environment today. Despite the numerous ...
Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services
CLOUDCOM '12: Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom)

The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ACM ICEA '21: Proceedings of the 2021 ACM International Conference on Intelligent Computing and its Emerging Applications

December 2021

241 pages

ISBN:9781450391603

DOI:10.1145/3491396

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 January 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACM ICEA '21

Sponsor:

SIGAPP

ACM ICEA '21: 2021 ACM International Conference on Intelligent Computing and its Emerging Applications

December 28 - 29, 2021

Jinan, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
169
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zang HKim HKim J(2024)Blockchain-Based Decentralized Storage Design for Data Confidence Over Cloud-Native Edge InfrastructureIEEE Access10.1109/ACCESS.2024.338301012(50083-50099)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3383010
Ngo TDang THuynh VCong Le T(2023)A Systematic Literature Mapping on Using Blockchain Technology in Identity ManagementIEEE Access10.1109/ACCESS.2023.325651911(26004-26032)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3256519
Ahmed MIslam AShatabda SIslam S(2022)Blockchain-Based Identity Management System and Self-Sovereign Identity Ecosystem: A Comprehensive SurveyIEEE Access10.1109/ACCESS.2022.321664310(113436-113481)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3216643

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten