Actions Speak Louder Than Passwords: Dynamic Identity for Machine−to−Machine Communication

Abstract

Machine-to-Machine (M2M) communication is communication between computers without a human user involved. This is a very common paradigm whenever automated tasks are executed routinely, e.g., backup data to cloud storage, update a local database cache, fetch the latest updates for software, etc. One challenge in this setting is that the credentials to establish secure connections between machines during execution must be available to the machines without any human interaction. Typically that means the credentials must reside on the machine itself, in the form of a secret such as a password, API key, single sign-on token, etc. In practice the secret is often embedded directly into an automatically executed script, but regardless it needs to be stored either in the clear or encrypted with another secret that is available to the machine during execution. This exposes the credentials to anyone who can gain access to the machine. In this paper we present ActionID, a scheme that mitigates the problem of credential exposure by making a desired sequence of actions for execution as part of the machine's identity. This way, even if the credentials are exposed, they are only temporarily valid for one particular action sequence that cannot be changed for future executions. We introduce a trusted third party who issues new identities, validates new action requests, and acts as a centralized location for managing access control policies for an arbitrary number of clients and servers. In addition to yielding strong security guarantees, it also simplifies the management of complex access control for an organization. We present detailed protocols for ActionID, along with a thorough security analysis. We implement ActionID as a Python library to show the ease of integration into existing applications, and to demonstrate the performance of the scheme, which is on par with SSH.