Re: [Ace] on signature verification times for sec192r1

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 25 July 2016 12:06 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EFB412D7FD for <ace@ietfa.amsl.com>; Mon, 25 Jul 2016 05:06:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.888
X-Spam-Level:
X-Spam-Status: No, score=-2.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dQvN5IWmZc9K for <ace@ietfa.amsl.com>; Mon, 25 Jul 2016 05:06:38 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02E2B12D7E0 for <ace@ietf.org>; Mon, 25 Jul 2016 05:06:37 -0700 (PDT)
Received: from [192.168.10.131] ([195.149.223.151]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MQ2zr-1bN05d0ost-005Jb4; Mon, 25 Jul 2016 14:06:30 +0200
To: Pascal Urien <pascal.urien@gmail.com>, Michael StJohns <mstjohns@comcast.net>
References: <CAEQGKXRxLKGROW9MdJEzkXsS9f4NVFqqh12c+t4qaK5bDYhuaw@mail.gmail.com> <d107de0f-2134-5b80-c9e2-ddb5e5e79788@comcast.net> <CAEQGKXQgp4AzCJFuBqezhZ0SmHG3QdgmH353LWisx-5WGmifpA@mail.gmail.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
Message-ID: <579600C4.3030800@gmx.net>
Date: Mon, 25 Jul 2016 14:06:28 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <CAEQGKXQgp4AzCJFuBqezhZ0SmHG3QdgmH353LWisx-5WGmifpA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="wQnaH0hbAcfjUGlbH5iOcvqphgEbeRH13"
X-Provags-ID: V03:K0:yAI/E4Z8JvYpRkQ3drTn5+TzEgDT/RxpYKgCyPZizZjeruYDfpQ uIHL7YmJGHP0E/FRxyxbB/XZQe+whEqWXOFPOVivsgy+JP6VMOVX43ArzZrIi0+SSRYANEd QNWGkYwIrKhsEfzd7kIfzj3im2S2mRv8nAMTbsfGC4lyIVUCkhOPI5odfmlbugDjzZEjtL+ TTNEBCRu1vwBPKmFVZuSw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:jyVDfdo8uIE=:rppt8DOWxAnBiTl3WQMQQa Sxzi/JldITfCu+AJ0pkBMbS8YyNNI45+/LYwUtsspuXaYzsa/JodZzqkrfxAnMYoVp4QmlvK7 CC0u+ze3Imxe1mnYjNNdeKWb5BqfKyV5FsuR4CgUaVPMUAz1KemJpzGEZhOJ+cGM3bvfnNNdf vGnn25zllFbcPu91KI0/ToW2R1Pexg7HvFTE822mpF5hSJ5lNrPgGQp4MeCnv52AkSsJ1u614 K30C23SvhvcXCPYi2DCqybXBiseWto/XjMFaPxV/K1leKbljWMkDE0kfePESQhRAuE2+sp42T 6vsDSUnxvKITEL9mdhSBFZ6RVSnQ2LE69BEX8nT0isdsVo7Ye5tAvv6PF8Z8XGNUcrRLhTQ8f TClDQi64uHWsMCawI5OzVPeJcfF5Cyy0CYsJup+S7QH++8JHMbt206Vy3ui65SZlOM8HUHrgi A9XsSJLXh2yMr8XJ3cMPVpqJyc3VusjFSQjM1T7kADfyBa9AUxmFuuVNLtS3eltAjVHbxCv8V J6WV0Oc4oKCNxWYfEXfMZiN+zvGMl4uGX5M9A889jlKiMh6tKDTmaWYqVOqgYZxfvotzwRTAg HSc2ddf/Vz1kPFLF0u7DqCMrXorZ2MJsTCGkIpOaHLRl0UpiCA7rjudGoW2XQgvXidgotTRBr I4FofpYhq0klB5BhrXbKMVDsw/IyZDokG9BNu2pQPjhGfDEKcgW1FC2Ry/SJoG0AtnV2D1n8M +L8kInpec17Jvym2e6owtPsk8F9jj8TUITUBZsQWsF5yNuPaecBNqiILw5k=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/u7PiHmx1PL8APBq_VYQafXssW5Q>
Cc: ace@ietf.org
Subject: Re: [Ace] on signature verification times for sec192r1
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 12:06:40 -0000

Hi Pascal,

there is no doubt that today's IoT hardware can run Internet security
protocols. This is why we worked on the DTLS profile in the DICE working
group, which has been finally published as an RFC a few days ago. Here
is the link:
https://tools.ietf.org/html/rfc7925

There are two separate issues that are being raised here in this
discussion, namely

* Low latency requirements (and Abhinav just sent a document around that
provides further details), and

* Security of the stored keying material.

During the meeting we had a discussion about the ability (or inability)
to use public key crypto on modern IoT hardware so that it hits the time
budget needed for the lighting domain.

I personally see the security of the stored keying material is an
orthogonal issue since additional security protection makes attacks
harder but of course not impossible.

Btw, when you mention prices of chips you also need to indicate what the
volume is. The price is very much dependent on the volume.

Furthermore, you mention some performance numbers below but they seem to
be incomplete since I don't really know what the constant
'nb_bloc_512bits' is. Could you please elaborate?

Ciao
Hannes

On 07/24/2016 11:50 AM, Pascal Urien wrote:
> I fully agree...
> 
> J3A081M  can be found at 10$ over the WEB
> 
> Futhermore this class of cheap device can process TLS or DTLS as
> illustrated in
> 
> https://tools.ietf.org/html/draft-urien-uta-tls-dtls-security-module-00
> 
> They could be used for numerous applications in the IoT
> 
> Rgs
> 
> Pascal
> 
> 
> 2016-07-23 23:59 GMT+02:00 Michael StJohns <mstjohns@comcast.net
> <mailto:mstjohns@comcast.net>>:
> 
>     On 7/23/2016 11:10 AM, Pascal Urien wrote:
>>     Hi All
>>
>>     J3A081M is a javacard device from NXP
>>
>>     The micocontroller should be the P5CD081V1A, which comprises a
>>     crypto processor
> 
>     There's a number of these from a number of vendors.  I'd actually
>     look at the A7xxx series of chips as they're designed to be
>     embeddable.  I've become a big fan of javacard style solutions over
>     the years.
> 
>     In any event, the number of relatively inexpensive public key crypto
>     accelerator chips (e.g. googl for "secure authentication chips") is
>     greater than zero and continues to climb.  And for not a lot of
>     money.  Estimating what from prices on Digikey, I'd think something
>     less than $.50 for Quantity large as of today and half that or less
>     in 1-2 years as its gets bundled into the "Swiss Army Knife" style
>     of process (e.g. support for wireless 900mhz plus ... plus ... plus
>     ... plus security...) (google for iot module secure element 900mhz
>     for example).
> 
>     Later, Mike
> 
> 
> 
>>
>>     The performances with the curve secp192r1 are the following (for
>>     ECDSA + SHA1)
>>
>>     Sign    = 40ms +  nb_bloc_512bits x 3.5 ms
>>     Verify  = 60ms  + nb_bloc_512bits x 3,5 ms
>>
>>
>>     By the way this chip has enough crypto ressouces for processing
>>     TLS or DTLS
>>
>>     Rgs
>>
>>     Pascal
>>
>>
>>     _______________________________________________
>>     Ace mailing list
>>     Ace@ietf.org <mailto:Ace@ietf.org>
>>     https://www.ietf.org/mailman/listinfo/ace
> 
> 
> 
>     _______________________________________________
>     Ace mailing list
>     Ace@ietf.org <mailto:Ace@ietf.org>
>     https://www.ietf.org/mailman/listinfo/ace
> 
> 
> 
> 
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>