DKSM: A Decentralized Kerberos Secure Service-Management Protocol for Internet of Things

Abstract

Kerberos is a widely used authentication protocol that protects distributed services on the Internet of Things (IoT) and big data. In a distributed scenario, entities must prove their identity to a trusted third party using shared secrets, such as secret keys. Traditional schemes typically use a trusted central organization, like a Key Distribution Center, for identity authentication. However, Kerberos has some downsides, such as a single point of failure, vulnerability to replay attacks, and potential credential exposure, which can compromise system security. To address these problems, researchers have been working on various solutions, but most have their own drawbacks. In this paper, we propose a Decentralized Kerberos Secure Service-Management Protocol (DKSM) based on blockchain technology and Ciphertext-policy Attribute-based Encryption (CP-ABE) schema. Compared with existing protocols, DKSM fulfills decentralization, fine-grained access control with effective cost, and scalability simultaneously. DKSM uses AES and Fast Attribute-Based Encryption with Optimal Security (FABEO) as its cryptographic basis. We also discuss the security of DKSM and demonstrate how our protocol can defend against attacks. Finally, tests on the Ethereum testnet and FISCO consortium platform have shown that our designed protocol is efficient and cost-effective.