Supercomputing and Computation
Secure Token Authentication via Secure HashingMay 16, 2013
- Authentication through single-factor and current two factor methods is insecure. Pseudorandom number generators used in these methods are predictable in principle due to their inherent determinism. Unsecure seed lists can be retrieved from compromised servers, and hash functions can be reverse engineered.
- Our scheme combines tokens with a true random seed generated by a quantum mechanical process. The system removes the vulnerability associated with deterministic processes. We also provide time dependent seeds and hash chain switching, so that compromise of a single hash chain can be remedied by a switch to a new one. Seed lists are stored in protected memory with enforced time delays per seed hashed-seed request, dramatically increasing the time necessary for a seed dump.
- True random numbers make it impossible to guess seed
- Hash chain switching mitigates replacement cost
- Protected storage and query delays make stealing seed information from server much more difficult
- Lowest possible bias random number source due to automatic quantum control and bias reduction