Skip to main content
SpringerLink
Log in

Decentralized Authorization and Authentication Based on Consortium Blockchain

  • Conference paper
  • First Online:
Book cover Blockchain and Trustworthy Systems (BlockSys 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1156))

Included in the following conference series:

Abstract

With the development of digital society, the number of Internet platforms increases rapidly and a huge amount of personal information is stored online. It is convenient for users to log in to all platforms with a common account. Third-party authorization protocols like OAuth 2.0 allow the delegation of access control to dedicated service providers. However, OAuth protocol follows the centralized approach to manage authorization and authentication information, which relies on a centralized party and makes it a target under attack. In practice, it is vulnerable to attacks like replay attack, cross-site request forgery (CSRF) attack, and so on. Also, the centralized party cannot provide customized access control for other platforms. To solve these problems, the paper proposes a consortium blockchain architecture and designs protocols for account management and distributed consensus. The paper discusses the potentials of the proposed approach to effectively address certain vulnerabilities in current OAuth-like authorization and authentication services with tolerable performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: using blockchain for medical data access and permission management. In: 2016 2nd International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016)

    Google Scholar 

  2. Castro, M., Liskov, B., et al.: Practical byzantine fault tolerance. In: OSDI, vol. 99, pp. 173–186 (1999)

    Google Scholar 

  3. Ding, S., Cao, J., Li, C., Fan, K., Li, H.: A novel attribute-based access control scheme using blockchain for IoT. IEEE Access 7, 38431–38441 (2019)

    Article  Google Scholar 

  4. Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749, October 2012. https://doi.org/10.17487/RFC6749. https://rfc-editor.org/rfc/rfc6749.txt

  5. Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (Draft). NIST Special Publication 800–162 (2013)

    Google Scholar 

  6. Nakamoto, S., et al.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf

  7. Zyskind, G., Nathan, O., et al.: Decentralizing privacy: using blockchain to protect personal data. In: 2015 IEEE Security and Privacy Workshops, pp. 180–184. IEEE (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Tsinghua university, Beijing, China

    Ao Zhang & Xiaoying Bai

Authors
  1. Ao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaoying Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Ao Zhang or Xiaoying Bai .

Editor information

Editors and Affiliations

  1. Sun Yat-sen University, Guangzhou, China

    Zibin Zheng

  2. Macau University of Science and Technology, Macau, China

    Hong-Ning Dai

  3. Guangdong University of Foreign Studies, Guangzhou, China

    Mingdong Tang

  4. Sun Yat-sen University, Guangzhou, China

    Xiangping Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, A., Bai, X. (2020). Decentralized Authorization and Authentication Based on Consortium Blockchain. In: Zheng, Z., Dai, HN., Tang, M., Chen, X. (eds) Blockchain and Trustworthy Systems. BlockSys 2019. Communications in Computer and Information Science, vol 1156. Springer, Singapore. https://doi.org/10.1007/978-981-15-2777-7_22

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-2777-7_22

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-2776-0

  • Online ISBN: 978-981-15-2777-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation