S 3 Cross: Blockchain-Based Cross-Domain Authentication With Self-Sovereign and Supervised Identity Management

Abstract

Translate Article

The widespread deployment of Internet of Things (IoT) devices has driven their segmentation into distinct trust domains for the purpose of governance, creating a critical need for secure cross-domain authentication (CDA). CDA must preserve both anonymity and traceability of device identities to enable trustworthy data exchange. However, existing approaches, while exploring this trade-off, remain vulnerable to single points of failure and Sybil attacks—threats that are especially severe for unattended and resource-constrained devices. In this paper, we propose a Self-Sovereign and Supervised Cross-domain authentication scheme (SCross) to tackle these issues. The main building block we designed is a pseudonym management scheme (PMS) that allows devices to generate and use pseudonyms without relying on a trusted party. Although devices has full control of their identities, PMS still ensures traceability, Sybil resistance, and revocability. We define the formal security models of PMS, instantiate it under two different approaches, namely group signature (SCross-GS) and zero-knowledge succinct non-interactive arguments of knowledge (zkSNARKs, SCross-ZK), and present security proofs for our proposal. We implemented and evaluated SCross. The result shows that our scheme achieves an effective trade-off between security and efficiency.