Blockchain-Assisted Transparent Cross-Domain Authorization and Authentication for Smart City

Secure cross-domain authorization and authentication (AA) enable application service providers (ASPs) to allow users for resource access from different trusted domains. In this article, we propose a unified blockchain-assisted secure cross-domain AA framework for smart city, which can guarantee transparent cross-domain resource access while preserving user privacy. In the framework, ASPs can flexibly delegate their authentication capabilities to the blockchain, and users authorized by different ASPs can be authenticated by the blockchain where the authentication events are publicly audited and traced. Since the blockchain is publicly accessible, users' sensitive identity attributes may be exposed during the authentication process. To address privacy leakage caused by the authentication events, several privacy-preserving techniques, including threshold-based homomorphic encryption, zero-knowledge proof, and random permutation, are exploited to hide users' sensitive information on the blockchain. Moreover, to improve user revocation efficiency, we integrate a cryptographic accumulator and secure hash functions into the framework where ASPs are allowed to revoke their users through a global revocation contract. Our security analysis shows that the proposed framework can achieve all desirable security and privacy properties, and a proof-of-concept prototype has been developed to demonstrate the correctness and efficiency of the proposed framework.