A DID-based one-time session key authentication mechanism for secure human-AI chatbot communication

IF 4.9 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-08-19 DOI:10.1016/j.compeleceng.2025.110622

Wooyoung Son , Soonhong Kwon , Jong-Hyouk Lee

{"title":"A DID-based one-time session key authentication mechanism for secure human-AI chatbot communication","authors":"Wooyoung Son , Soonhong Kwon , Jong-Hyouk Lee","doi":"10.1016/j.compeleceng.2025.110622","DOIUrl":null,"url":null,"abstract":"<div><div>As generative Artificial Intelligence (AI) technology has recently gained popularity, society is undergoing a full-scale transformation centered around AI. This technology is attracting attention across various fields, particularly as it meets the growing demand for ‘24/7 availability’. Among these applications, AI chatbot-based Robotic Process Automation (RPA) systems have demonstrated the ability to automate tasks, and with the integration of generative AI, they can now handle more advanced operations such as sending emails and managing complex workflows. However, because AI chatbot-based RPA systems are required to perform sensitive and high-level tasks, secure identity authentication is essential. Traditional Public Key Infrastructure (PKI)-based authentication mechanisms pose risks, as they often require storing personal information within the AI chatbot system—potentially increasing the damage in the event of a security breach. To address this issue, this paper proposes an authentication mechanism that uses a Decentralized Identity (DID)-based one-time session key. By leveraging DID technology, the proposed mechanism ensures self-sovereignty and privacy. Furthermore, the use of a one-time session key guarantees session independence, non-reusability, and untraceability. A performance comparison with PKI-based mechanisms shows that when more than five authentications are performed, the proposed mechanism achieves higher time efficiency, highlighting its advantages in both security and effectiveness. Additionally, potential security threats in each step of the proposed system are analyzed probabilistically. A mathematical formula is presented to demonstrate that the likelihood of such threats occurring is very low. By performing partial differentiation on the attack success probability with respect to representative variables at each step, the analysis identifies which authentication process most significantly influences overall system security. This provides clear insights for designing secure authentication systems based on the proposed approach.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"127 ","pages":"Article 110622"},"PeriodicalIF":4.9000,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625005658","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

As generative Artificial Intelligence (AI) technology has recently gained popularity, society is undergoing a full-scale transformation centered around AI. This technology is attracting attention across various fields, particularly as it meets the growing demand for ‘24/7 availability’. Among these applications, AI chatbot-based Robotic Process Automation (RPA) systems have demonstrated the ability to automate tasks, and with the integration of generative AI, they can now handle more advanced operations such as sending emails and managing complex workflows. However, because AI chatbot-based RPA systems are required to perform sensitive and high-level tasks, secure identity authentication is essential. Traditional Public Key Infrastructure (PKI)-based authentication mechanisms pose risks, as they often require storing personal information within the AI chatbot system—potentially increasing the damage in the event of a security breach. To address this issue, this paper proposes an authentication mechanism that uses a Decentralized Identity (DID)-based one-time session key. By leveraging DID technology, the proposed mechanism ensures self-sovereignty and privacy. Furthermore, the use of a one-time session key guarantees session independence, non-reusability, and untraceability. A performance comparison with PKI-based mechanisms shows that when more than five authentications are performed, the proposed mechanism achieves higher time efficiency, highlighting its advantages in both security and effectiveness. Additionally, potential security threats in each step of the proposed system are analyzed probabilistically. A mathematical formula is presented to demonstrate that the likelihood of such threats occurring is very low. By performing partial differentiation on the attack success probability with respect to representative variables at each step, the analysis identifies which authentication process most significantly influences overall system security. This provides clear insights for designing secure authentication systems based on the proposed approach.

查看原文本刊更多论文

一种基于did的人与人工智能聊天机器人安全通信的一次性会话密钥认证机制

最近，随着生成式人工智能（AI）技术的普及，社会正在以AI为中心进行全面变革。这项技术正在吸引各个领域的关注，特别是因为它满足了对“24/7可用性”日益增长的需求。在这些应用中，基于人工智能聊天机器人的机器人过程自动化（RPA）系统已经展示了自动化任务的能力，并且通过生成式人工智能的集成，它们现在可以处理更高级的操作，例如发送电子邮件和管理复杂的工作流程。然而，由于基于AI聊天机器人的RPA系统需要执行敏感和高级任务，因此安全身份验证是必不可少的。传统的基于公钥基础设施（PKI）的身份验证机制会带来风险，因为它们通常需要在AI聊天机器人系统中存储个人信息，在发生安全漏洞时可能会增加损害。为了解决这个问题，本文提出了一种使用基于分散身份（DID）的一次性会话密钥的身份验证机制。通过利用DID技术，所提出的机制确保了自我主权和隐私。此外，一次性会话密钥的使用保证了会话独立性、不可重用性和不可追溯性。与基于pki的认证机制的性能比较表明，当执行5次以上的认证时，所提出的认证机制具有更高的时间效率，突出了其安全性和有效性的优势。此外，对系统每一步的潜在安全威胁进行了概率分析。提出了一个数学公式来证明这种威胁发生的可能性非常低。通过对每一步中具有代表性的变量的攻击成功概率执行偏微分，分析确定了哪个身份验证过程对整个系统安全性影响最大。这为基于所建议的方法设计安全身份验证系统提供了清晰的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.