New research from decentralized CPU-sharing network Golem shows a concept for identity authentication using Proof of Device, based around Intel’s SGX technology.
Decentralized CPU-sharing network, Golem, published its research into a Proof of Device, PoD, mechanism for user authentication, June 5. While still a proof of concept, the research outlines a method by which users can automatically validate their hardware, proving identity in an anonymous yet trusted manner.
Necessity is the mother of invention
The research stems from Golem’s need to secure its own permissionless, anonymous network against Sybil attacks. It considered whether something could be implemented using Intel’s Software Guard Extensions, or SGX, which are instructions built into modern CPUs.
When a suitable concept was devised, Golem realized that its applications went far beyond securing decentralized networks, and that in fact, it could be useful for any online service needing to authenticate users.
Complementary authentication technology
The PoD mechanism is designed to complement existing methods such as two factor authentication, or 2FA, and Universal 2nd Factor, or U2F. In it, the burden of storing keys to sign and prove identity is managed by the SGX enclave.
The enclave has to be assigned to the user in advance, meaning that the user can only access any service protected by PoD using pre-assigned devices. Not even the user has knowledge of the private key stored on the enclave, which must correlate with the public key stored by the service being accessed.
PoD proves that the user has physical access to a specified device, providing security even when a login and password have been stolen.
The proof of concept was demonstrated on an enhanced bank login service.