IETF Logo Mail Archive

[Cfrg] PAKEs for IoT

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 20 November 2019 08:35 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF6A1120A88 for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 00:35:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=l+icMfwY; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=ESzhoXqj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B9DV3BZzL59e for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 00:35:48 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130082.outbound.protection.outlook.com [40.107.13.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D19F01208CB for <cfrg@irtf.org>; Wed, 20 Nov 2019 00:35:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2RzMmxIg/mCk2A43hyG+Y1oxWwcsEnYXuYBvnAXC8EI=; b=l+icMfwYgKKCtGJX4/LYUzmmbbzgyuDdd1cvXq1jMABbSpsBInmlk8wnFHYXwxWKQzGDhpvti8mBDh7aYpI1B2aVQvzbhYlMc/OAoCVYUMk+1eKeH3gnrewI1qbrDD2/+xR2Srf6z8y1guMwp1bFcE6YVAK8rf8vhxyNqMCIW+A=
Received: from VI1PR08CA0191.eurprd08.prod.outlook.com (2603:10a6:800:d2::21) by VI1PR0801MB2048.eurprd08.prod.outlook.com (2603:10a6:800:8b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.27; Wed, 20 Nov 2019 08:35:44 +0000
Received: from AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::209) by VI1PR08CA0191.outlook.office365.com (2603:10a6:800:d2::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Wed, 20 Nov 2019 08:35:44 +0000
Authentication-Results: spf=fail (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; irtf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;irtf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: Fail (protection.outlook.com: domain of arm.com does not designate 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT009.mail.protection.outlook.com (10.152.16.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23 via Frontend Transport; Wed, 20 Nov 2019 08:35:44 +0000
Received: ("Tessian outbound dbe0f0961e8c:v33"); Wed, 20 Nov 2019 08:35:44 +0000
X-CR-MTA-TID: 64aa7808
Received: from 858eb508f5c0.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.0.51]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id F3D4843E-0CA3-4B69-8CC9-5CB550C572DB.1; Wed, 20 Nov 2019 08:35:39 +0000
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp2051.outbound.protection.outlook.com [104.47.0.51]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 858eb508f5c0.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 20 Nov 2019 08:35:39 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PuWNDR465SeuBVnjwghmdLb8yGoRL6TLmj8/FzHW32vff1wjSEM2+8ODVrzxhaYKa3JB49rfY4Hox4HeoxU9qeU4wPhpdNpeLY/xefB//DkWUk9jMmBoA+tsA7AgWu1XujowlOTFwNh0iogRMk8Llq10o2N+O7fZ0QshjoY7bw/1Mu7lUhNQcOyQ6G7VySjubG0cZ1/yT1EAa4Z6drK4hI2iYIKdPknsVOq2lS1jt5fv6HoVkunC6a61M0hWv5n2M7j2Oq3/5sSyMx3cFAlyIKMg3v+a4tjgg4e3exMVQJ5FxJEvHPZZfehVZ19Ly/QNgxwr6WP8FdQhulUWjJBjJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wliZcY4shgAP1rmDgwY4VNdUCJF4A3UPOcfwQzM+//g=; b=DEuYpadvcwK60HpI3IzY1rLDJ54PQ+Hdqg+K2YRPX4Pn2j9kKUOkhXgGbEPQNUGQVhN3ZGUdwgJTOX3UhKC49UL8kiig666s/0WJqHO9ykATGKAF7ip64cBD7uZY01D15PZ5/eXH8kz4nUcM0u5HtW5s/p3kItcOCCMLIEGKnbnePXAY6s1fQngrTsdBeBL5crYu3Qx6p0mlX/gS3JsQo4DR1L0OjNFiZ1twvXY60k9kvC21Sgfpjkc4cZyyrVkE0LEb/amnTxcFXsyj7Dj4Iso24IHCH20q6as4PHcfsCLSHeMGQcHuXCI2xJEpcbqANdMtKCMFp+hHM3Xd4RtJxg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wliZcY4shgAP1rmDgwY4VNdUCJF4A3UPOcfwQzM+//g=; b=ESzhoXqj9GOFdL8I9nRKb8iWtymMypVQ3JtN45LrgNZvncop/7faB6Tb3efr53rkfMM5SZI3LcaNHnxNKQ/PPKztCJcEXSEvM6rWQ7qbrQ98zvbrtfzprez/yJvzrV7kWkfI/dNF/GajUD9Rovu3vJqhptHvTcpEBp5PXiNk5LA=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.245.74) by VI1PR08MB3246.eurprd08.prod.outlook.com (52.134.123.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17; Wed, 20 Nov 2019 08:35:35 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::4044:55a8:a969:fd1d]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::4044:55a8:a969:fd1d%7]) with mapi id 15.20.2451.031; Wed, 20 Nov 2019 08:35:35 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: cfrg <cfrg@irtf.org>
Thread-Topic: PAKEs for IoT
Thread-Index: AdWfeoW9tZw1nCbaR9iEyLN1XfT2Eg==
Date: Wed, 20 Nov 2019 08:35:35 +0000
Message-ID: <VI1PR08MB536013F38CDADF4D2331E2F1FA4F0@VI1PR08MB5360.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 0dae0048-f488-41be-bcca-18a7ecb0b76c.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [31.133.155.170]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: b68dbb37-74a1-45f9-9837-08d76d94a2a2
X-MS-TrafficTypeDiagnostic: VI1PR08MB3246:|VI1PR0801MB2048:
X-Microsoft-Antispam-PRVS: <VI1PR0801MB204859EA6C734EA0BCE60327FA4F0@VI1PR0801MB2048.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 02272225C5
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(396003)(39860400002)(346002)(136003)(53754006)(189003)(199004)(7736002)(7696005)(71200400001)(71190400001)(5660300002)(86362001)(3480700005)(476003)(33656002)(76116006)(52536014)(66946007)(66476007)(66556008)(64756008)(66446008)(6506007)(186003)(26005)(102836004)(486006)(6306002)(55016002)(9686003)(6436002)(54896002)(478600001)(14454004)(790700001)(6116002)(3846002)(316002)(2906002)(99286004)(8936002)(81156014)(81166006)(8676002)(6916009)(7116003)(256004)(14444005)(66066001)(74316002)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB3246; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 4VELV7VnGIiDOc9YN1q9nRMkiks2Qms2j/U8RQQ5lNVSi1wYd2SGDdL2VVpxinVxAzQT6f8VBl2h6pXY2KT8hdGEU4P5zv0cQxXr4r8oRzRukMs4LovjDmcD08KKrehhwVQ8epjHLOdFJttmTzNDmAjnLxkGoEb87rXHdN670flzttMoTPfqYegTPV3qzPKYq9nxD0jF9QxhWw1qDUrR9GEf+NvXcDLA8Z15fGzE+y1h5SGmqVK1OQBpNzH9S9IKfyL4OstCedJLNBYCxcv71lVGsuDlUOrRuaizQSq0tJtdGo3aLMZbCEvIWRHL1rBa/fnCX6u6mrPtDhDQVNOw4hulEYe+GQvOHzCOFJjN/EF5nMm0hQdw5wVSgriRHd78BQ7uWA/z7gVCUMPntoazmvkOtLHQ3nzU8U0nArrYc1uMtOYgWM2Yf4fi52wR+U24
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB536013F38CDADF4D2331E2F1FA4F0VI1PR08MB5360eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3246
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(396003)(376002)(346002)(39860400002)(136003)(1110001)(339900001)(40434004)(199004)(189003)(53754006)(356004)(71190400001)(86362001)(25786009)(14454004)(336012)(2906002)(486006)(476003)(478600001)(9686003)(74316002)(26826003)(186003)(81166006)(8676002)(6506007)(7696005)(790700001)(6116002)(22756006)(126002)(26005)(102836004)(55016002)(3846002)(8936002)(6306002)(54896002)(7736002)(3480700005)(5660300002)(66066001)(6916009)(33656002)(16586007)(316002)(76130400001)(105606002)(52536014)(81156014)(36906005)(99286004)(7116003)(70586007)(70206006)(5024004)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2048; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Fail; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 58948bc3-6ee4-4bc3-8f21-08d76d949d39
X-Forefront-PRVS: 02272225C5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: hBSBzmANHkP3JwINToYTZk00ksQGaNDASeP+60siYXRAVt1EkKd1ZdtY/KO/YDttQFqTyt2AeRYY8ymS03Toe41QnwVO+THeGV2Bp3buaAxpGtpi7tXw1AcZJMaHz/EG45/3dZS5LWvfW0M2ADUy5PNZR1ofNXHvCWnLIBlScuaXDso34xo/sAgZChvuhVLZZGUvMXir1wZ8Ye7dTz4qCJGtni9wuxjhirQ1Oz4Csehtn2lzA34wF9d5BGkRQ2umb3YL/psPZiOn1FqqzM2vV4mDHrwvHs1B3DyeNJnwEnb2pl6im5RhavS5DJjEaE2XMRD4cOKrehgOZMZ/5kZVinIqRODdXCrFX4AHOpdQ+/nZ5Mmw3QpDjR+tnub4sqNt/4htWb74eWTxd5uUPjAAH4N9DKOEcSDlsxaQUgVZjJsxZFONX+N4gZecHIjftQY2
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2019 08:35:44.6556 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b68dbb37-74a1-45f9-9837-08d76d94a2a2
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2048
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/25o5ZmbHNGSBS5vvvI98upW0WBk>
Subject: [Cfrg] PAKEs for IoT
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 08:35:53 -0000

Hi all,

I was asked to do an analysis of the proposed PAKEs for IoT. I know I am very late with doing that. I tried but I ran into a few problems:

First, it is not clear whether there are any specific requirements for the use of PAKEs in IoT because performance concerns are less applicable. PAKEs are used largely for onboarding where user interaction is required. This reduces the need for low latency because (a) users tend to be slower than machines and (b) large network load due to mass (automatic) onboarding appears to be a non-issue.

Second, I had a hard time finding performance data for the proposals. Getting an understanding of the required code size & ram size on embedded devices would also be super useful.

Third, it remains to be seen whether new PAKEs will get adopted by SDOs working on IoT for two reasons: (1) There is a push from governments not to use passwords on IoT devices (irrespectively of whether they are using PAKEs or not; a distinction that is not understood by users anyway.) (2) There are two PAKEs deployed already, namely JPAKE (in Thread) and Dragonfly (for use with WiFi security). At least in Thread, the effort wasn't very successful because we have other technologies that give us better properties without bothering the user.

Ignoring the third item, I was wondering whether someone can help me with my analysis by pointing to performance data or code (ideally from those working on the proposals).

Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email