Re: [Cfrg] PAKEs for IoT

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 20 November 2019 08:50 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 057791208B5 for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 00:50:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=EMZlcjKX; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=ycnEaCHD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rYKX5h0eHNz8 for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 00:50:43 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40060.outbound.protection.outlook.com [40.107.4.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E75BC12086B for <cfrg@irtf.org>; Wed, 20 Nov 2019 00:50:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z/niK7nYuWiv56KyGITOisrD+sQqyEp/XBbTLdNExJs=; b=EMZlcjKXDSm4czDBlhwNpPuD/6zyG0eMeGOmSDUR1RegxavcDuyOeNhEfo9us5csiULvvtX90MQzHib73/plFcPP5eQfXuTfB0o98V9U2H4ROQbp7xsMKlTPN/NRzvt6oihCeYjaZ2ndlN0ilWeEE0xocK6XiJvuDsxpGN9On7Y=
Received: from VI1PR0802CA0026.eurprd08.prod.outlook.com (2603:10a6:800:a9::12) by AM0PR08MB4083.eurprd08.prod.outlook.com (2603:10a6:208:130::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Wed, 20 Nov 2019 08:50:35 +0000
Received: from DB5EUR03FT013.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::207) by VI1PR0802CA0026.outlook.office365.com (2603:10a6:800:a9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Wed, 20 Nov 2019 08:50:35 +0000
Authentication-Results: spf=fail (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; irtf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;irtf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: Fail (protection.outlook.com: domain of arm.com does not designate 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT013.mail.protection.outlook.com (10.152.20.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Wed, 20 Nov 2019 08:50:34 +0000
Received: ("Tessian outbound f7868d7ede10:v33"); Wed, 20 Nov 2019 08:50:33 +0000
X-CR-MTA-TID: 64aa7808
Received: from 8b36c91d76ff.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.13.52]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 10679247-B3F5-4D26-B07E-4A78B0FCF4BD.1; Wed, 20 Nov 2019 08:50:28 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04lp2052.outbound.protection.outlook.com [104.47.13.52]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 8b36c91d76ff.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 20 Nov 2019 08:50:28 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U5snqKxhkn4uHIUI8qhYrTmyOYbNkaxeN1EiTrlQXwzEOzDPDFg0cPYO0HMiPUflDfpvUZZgS9ogaQpF4t/lj6ym5R14gDutMTq+nTtNGmhY2EMXRhXhrj5nc0ayFOm7JBXeW+9tM5KHA3385/bE5M0M692t/wLDfBH7A6pTLVISmlxr8SkppxDh6qdbV//AcqexxPWMhXwPQLd4hCTQQ56o/CgGEQFtuzDMztWXfdSPpHCAcPk9oWeXMNDjXVzvx8+3wP9FvtiInCAm3TMQYQREOldrw09crJyB7nJXylB4fgsy7D05IVUvsA1LK9kMFpQg660kLEZPLrQhyRgHRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HusXGd3Mtyt9Xp4RV1pyXBdjRO7eyUxsy4qyfhV5j6Y=; b=aq3jD4yWS/yaS8qilfo8ktJMKEG7Bd2IOASTe/hQxRaj0IZo1WNSw3GOWu+Zk4NM/OooELLB1MDY/tnTKZ96E/FwX0aUd2K1gzBPScQ5ZQ1yuqvS2OMcR4cWYxngl0y8bEgHJHu10BalocF7U2fnv/ZHhqTqQtKfsOhFYsHvBZaou2Ri10jqV9MjDiJLbLKxXHgw5iwbwVRY/ql8CfPTWaUwt0Jpk/LFd6QL2PKBDdxx9Bj1RjlON3Lv/pAT+u8eUPbFSUFmjD2JSlMXGrKAjLrDruzJqumDxGFtqAFO2dw4gqFKA4aOIgHikKghvZsp1npHcOgqWlLneOL43/DIuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HusXGd3Mtyt9Xp4RV1pyXBdjRO7eyUxsy4qyfhV5j6Y=; b=ycnEaCHDXYVa3IAyuJCQAxmzPd5aP/VVmN1IqrTONuJX66uuDmYUsyaNrMX84haw1BL9u7sR+8HMUij5vP+n17/eCLDp61qlmtrMaIHzCcbgdkhwORxxrZdVgVN05Qh8YgqmUQT3Z5QEqZPzds7ZbggsebI+RIFACl1ghcB9AZw=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.245.74) by VI1PR08MB3855.eurprd08.prod.outlook.com (20.178.14.219) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.28; Wed, 20 Nov 2019 08:50:26 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::4044:55a8:a969:fd1d]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::4044:55a8:a969:fd1d%7]) with mapi id 15.20.2451.031; Wed, 20 Nov 2019 08:50:26 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
CC: cfrg <cfrg@irtf.org>
Thread-Topic: [Cfrg] PAKEs for IoT
Thread-Index: AdWfeoW9tZw1nCbaR9iEyLN1XfT2EgAA9CQAAAAiTpA=
Date: Wed, 20 Nov 2019 08:50:25 +0000
Message-ID: <VI1PR08MB536001B0508CF323CB4866E2FA4F0@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <VI1PR08MB536013F38CDADF4D2331E2F1FA4F0@VI1PR08MB5360.eurprd08.prod.outlook.com> <CAMr0u6mpVqhariENaXAKKxQLtLfKuC6oN6QSJjZYev7m8kTrCA@mail.gmail.com>
In-Reply-To: <CAMr0u6mpVqhariENaXAKKxQLtLfKuC6oN6QSJjZYev7m8kTrCA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 43a611b6-fd3b-48d9-b9ee-8a1384936302.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [31.133.155.170]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d8664676-ae98-4c35-6dee-08d76d96b4b7
X-MS-TrafficTypeDiagnostic: VI1PR08MB3855:|AM0PR08MB4083:
X-MS-Exchange-PUrlCount: 2
X-Microsoft-Antispam-PRVS: <AM0PR08MB4083272CFE87C5720858021FFA4F0@AM0PR08MB4083.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 02272225C5
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(346002)(396003)(366004)(39860400002)(53754006)(40434004)(189003)(199004)(6436002)(99286004)(256004)(81156014)(8676002)(66066001)(790700001)(8936002)(186003)(9326002)(81166006)(6916009)(76176011)(74316002)(476003)(53546011)(6506007)(2906002)(26005)(14444005)(7696005)(446003)(102836004)(11346002)(486006)(5024004)(52536014)(66946007)(66446008)(64756008)(66556008)(5660300002)(66476007)(9686003)(86362001)(6246003)(14454004)(55016002)(7736002)(236005)(54896002)(316002)(606006)(33656002)(4326008)(6116002)(25786009)(1411001)(966005)(76116006)(71200400001)(71190400001)(3846002)(229853002)(478600001)(6306002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB3855; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: FVBVlxSz0pHIm9O/FRWyOO4XmRpDGjzkfJ5JS6tLjLOXfGlYa6RBK6QmQIVcV9yaFQQWARcp3NwqrNy7h5fgoDgdYW8FQy6oyPNuIQ01TttDUq/CkjJmvc7+y+/duVncVzlURUYIjKbMHn3NtR0mbrjGanUw7M0wCiek5drOhKPZTBGshbcWntN8XIdYQZRUX5+QSqkWVTNwAF6tkbU0+mhxRmD0QbUzTYBzbrb8ay4zB3pfvpN4Zl2BIYHT9h8o5SHHHzqXdWAvk8IPtX5USUyQxKCaxoqt3bScSl+S/c/cfUh3m0GCUN8Sh5uu8dRr+obHemXfxr9VsNTomLlKNxHIYRMu0VFqhPUUJ4uyzod7Y3YDtugmyx6wQ2ADWcT1baFEJH91hwU2VBNbxVBXBRAUlyUz7QR23tAjaXr5BMRRT92PAfSq48Mc5kjMwCskamA6ZMky0+onxNCENdTzYBkDpmc5JUOcLUHzzapGljg=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB536001B0508CF323CB4866E2FA4F0VI1PR08MB5360eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3855
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT013.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(346002)(136003)(39860400002)(396003)(376002)(1110001)(339900001)(53754006)(189003)(199004)(40434004)(53546011)(476003)(2906002)(486006)(55016002)(1411001)(126002)(7696005)(966005)(6246003)(52536014)(14454004)(606006)(33964004)(336012)(5024004)(14444005)(11346002)(9326002)(8676002)(70586007)(71190400001)(102836004)(25786009)(6506007)(478600001)(446003)(4326008)(356004)(26005)(6862004)(186003)(81166006)(81156014)(8936002)(7736002)(229853002)(66066001)(76130400001)(76176011)(26826003)(790700001)(54896002)(236005)(6306002)(3846002)(9686003)(6116002)(86362001)(105606002)(5660300002)(99286004)(16586007)(22756006)(316002)(33656002)(74316002)(70206006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB4083; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Fail; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 5a5504da-96da-44b3-0e95-08d76d96b019
X-Forefront-PRVS: 02272225C5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: A+kbdTmzeWUE1igcBrgi6ztGCK7cezIOsmwiBJB39XipsR4rHYslWOZ4JA5k2XC7gApLwfg7swU7MG2ra+9puYVtq7HMKpZX5LqfynYZcTkVyNdBU+ExEcioxW8mLyVZM3x9yiP/pP0TAUXkAXJCjUXAmJJgPbK6ntsTb4RH0xCDmysuM02MiHiegJP9QgH06WfkruYj91s55UUOWRGiLBPG3J8bndmmfJJvVqBlldOjA6Le75pt5DduYusMQg6XZ95bwGkrmsuYLBY/t33mcgavJuorBA0bcrDOfdjjeRJu+k4eIKhrExCSIEvjbn2wFNczPtwk60pmbHD2drk97a6iGQaUMdR1U23vLWQPtZsJRLwyaxq7F8YgzF+HN5YGvr1Ilv24Mqn54wf205rB9o+lX5LGDoQSSJPF0cYewbdRNShC6Jv2l50z7Vs6jiFsbqKz4wTFerzANa0UBbm8rIwkwdrkMphB1gz6JEwPAA8=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2019 08:50:34.0136 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d8664676-ae98-4c35-6dee-08d76d96b4b7
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4083
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/4feujLmS3_N0SG9VDovluFJATNE>
Subject: Re: [Cfrg] PAKEs for IoT
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 08:50:47 -0000

Hi Stanislav,

I looked at the provided page a little while ago and I couldn’t find what I was looking for.
I assume that the authors of the proposals are subscribed to this list.

I would need, if available, for use on embedded systems:

  *   CPU performance,
  *   Over the wire packet size,
  *   RAM requirements (heap & stack), and
  *   Flash size requirements.

I am afraid to ask about energy consumption...

If there is code available, it would be nice to have access to that as well.

Ciao
Hannes

From: Stanislav V. Smyshlyaev <smyshsv@gmail.com>;
Sent: Wednesday, November 20, 2019 4:42 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>;
Cc: cfrg <cfrg@irtf.org>;
Subject: Re: [Cfrg] PAKEs for IoT

Dear Hannes,

All collected information about the candidates is here:
https://github.com/cfrg/pake-selection

Could you please formulate the corresponding questions to the authors of the four nominated PAKEs that are to be considered at Round 2 (SPAKE2, CPace, AuCPace and OPAQUE) and send those questions to crypto-panel@irtf.org<mailto:crypto-panel@irtf.org>?..

Best regards,
Stanislav



ср, 20 нояб. 2019 г. в 16:36, Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>:
Hi all,

I was asked to do an analysis of the proposed PAKEs for IoT. I know I am very late with doing that. I tried but I ran into a few problems:

First, it is not clear whether there are any specific requirements for the use of PAKEs in IoT because performance concerns are less applicable. PAKEs are used largely for onboarding where user interaction is required. This reduces the need for low latency because (a) users tend to be slower than machines and (b) large network load due to mass (automatic) onboarding appears to be a non-issue.

Second, I had a hard time finding performance data for the proposals. Getting an understanding of the required code size & ram size on embedded devices would also be super useful.

Third, it remains to be seen whether new PAKEs will get adopted by SDOs working on IoT for two reasons: (1) There is a push from governments not to use passwords on IoT devices (irrespectively of whether they are using PAKEs or not; a distinction that is not understood by users anyway.) (2) There are two PAKEs deployed already, namely JPAKE (in Thread) and Dragonfly (for use with WiFi security). At least in Thread, the effort wasn’t very successful because we have other technologies that give us better properties without bothering the user.

Ignoring the third item, I was wondering whether someone can help me with my analysis by pointing to performance data or code (ideally from those working on the proposals).

Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org<mailto:Cfrg@irtf.org>
https://www.irtf.org/mailman/listinfo/cfrg
--

С уважением,

Станислав Смышляев, к.ф.-м.н.,

Заместитель генерального директора

ООО «КРИПТО-ПРО»

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.