Dynaseal: A Backend-Controlled LLM API Key Distribution Scheme with Constrained Invocation Parameters
Track: Tiny Paper Track (between 2 and 4 pages)
Keywords: Authentication, Edge Computing Security, LLM Access Control, Parameterized JWT Constraints, Backend Traffic Optimization, Zero Client-side Keys, Replay Attack Resistance
TL;DR: Stop using risky static API keys for edge-AI! We replace Bearer Tokens with dynamic, parameter-embedded JWT tokens that enable 99\% backend traffic reduction compared to relays, while requiring zero client-side keys.
Abstract: The proliferation of edge-device interactions with cloud-based Large Language Models (LLMs) has exposed critical security vulnerabilities in traditional authentication methods like static Bearer Tokens. Existing solutions---pre-embedded API keys and server relays---suffer from security risks, latency, and bandwidth inefficiencies. We present \textbf{Dynaseal}, a secure and efficient framework that empowers backend servers to enforce fine-grained control over edge-device model invocations. By integrating cryptographically signed, short-lived JWT tokens with embedded invocation parameters (e.g., model selection, token limits), Dynaseal ensures tamper-proof authentication while eliminating the need for resource-heavy server relays. Our experiments demonstrate up to 99\% reduction in backend traffic compared to relay-based approaches, with zero additional latency for edge devices. The protocol's self-contained tokens and parameterized constraints enable secure, decentralized model access at scale, addressing critical gaps in edge-AI security without compromising usability.
Submission Number: 3
Loading