Long String Authentication (LSA)
For IoT devices and sensors, no existing authentication can provide security in the context of their use requirements and their resource limitations.
- Fixed passwords are inadequate. Managing numerous communications devices/systems with different and changing passwords is complex and costly.
- Typical challenge-response tokens and PKI do not meet systems use requirements in CPU and bandwidth. Also are too complex and costly.
LSA ends eavesdropping, key stroke logging, or brute force attacks as an authentication is used only once in a response to a specific challenge. It combines shared secret with a dynamic challenge response capability to provide unique keycodes to every authentication.
LSA uses a pre-shared long digital string to allow answering each challenge vector uniquely. It can be understood by almost anyone in a few minutes. It has no complex math, or logic.
It uses very little CPU, memory, or bandwidth and can be implemented without requiring round trip authentications which is ideal for sensor data authentication.
LSA acknowledges that virtually any electronic device, computing device, file, etc. contains millions of good passwords. This is especially true of high-definition recording files (photos, movies, audio, etc.) that have unique background spectrum recorded in them and can not be exactly recreated for that reason. LSA provides the mechanism to use them easily.
The components of LSA are the keyroot, key root ID, vector, vector processing rule/s, and key code.
- The “keyroot” is the primary authentication data structure. It is simply a pre-shared long digital string or array selected by the user/builder.
- The “key root ID”, identifies the keyroot group to be used for this authentication group. A device can belong to many groups.
- The “vector” (challenge) identifies arithmetic codes and component locations in the keyroot
- The “keyroot processing rule/s” process the vector in arithmetic terms and locations in the keyroot from which to create the unique “keycode” authentication which can be any length desired. In the simplest form it is the challenge string location and length.
A simple app figures the number of keycodes the keyroot and processing rule/s required, and it guides the user in the selection of one or more appropriate input sources (noted above) to build the keyroot from. These inputs are then combined with simple arithmetic codes processing rules, cleaned of duplicates, and used to populate the keyroot structure.
Once the keyroot is built, it is given a digital identifier (name) and it can be loaded on whatever devices/systems the user/implementor for authentication to each other.
An app of less than a megabyte with an embedded LS of less than 200K could open and close your garage door or start your car for 15 years never re-using a response “passcode.”
The LSA can also be used for encryption crypto agility.
LSA fills a major gap in security for the IoT and IIoT, is much better than passwords, and much less costly to implement and maintain than PKI or token solutions.