CUIAS - A User Identity Authentication Service for Discovery Service

Discovery service (DS) is designed to serve the following lookup function: Given the RFID identifier of an object, it returns a list of Internet addresses of servers about this object across the supply chain, which offer detailed information about it. The information stored in DS is commercially sensitive, which can reveal flow patterns, trading relationships or inventory levels, etc. Therefore DS must authenticate the user´s identity first before this user is allowed to access DS. However, no user identity authentication schemes satisfying the actual requirements have been proposed until now. So this paper focuses on this problem and presents Centralized User Identity Authentication Service (CUIAS) based on SAML and PKI for DS, which is deployed as a DHT network, offering excellent performance scalability. Through CUIAS, once a user is authenticated, then it can access DS many times in a certain period, which not only simplifies the user´s access process but also reduces the user´s resource cost. To ensure the data availability and data confidentiality of CUIAS, the original data is split into multiple smaller blocks using Information Dispersal Algorithm (IDA) and then they are scattered within CUIAS. By analysis and evaluation, CUIAS can satisfy the actual requirements and offer reliable and secure service.