Re: [Cfrg] Dynamic Key Changes on Encrypted Sessions.
Peter Alexander <pipnflinx@gmail.com> Fri, 27 October 2017 12:58 UTC
Return-Path: <pipnflinx@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B601F13A8A1 for <cfrg@ietfa.amsl.com>; Fri, 27 Oct 2017 05:58:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2m76LT7aKot0 for <cfrg@ietfa.amsl.com>; Fri, 27 Oct 2017 05:58:02 -0700 (PDT)
Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 027D213F4CE for <cfrg@irtf.org>; Fri, 27 Oct 2017 05:58:02 -0700 (PDT)
Received: by mail-qk0-x22b.google.com with SMTP id q83so8210773qke.6 for <cfrg@irtf.org>; Fri, 27 Oct 2017 05:58:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RbLiLhiPaw7tBG450MlCeFvvl3RJUAXRRW29yWxwZr0=; b=EyVnm3Uf7DsuxbBZcLIfL2w79SeatlFJb3zEVfpN5LvKgVCC97QEvL/0NSRREk4h83 QavMfJWTAYbt04yrNfpbKim0iYKo4CREv3PQD3ZM/lczmhbPGLNWNtx3QFBBO5sOdNTX AvwehZ6DReKojz3H2qiVzieBO/Bm2Zpoo/+nbZufhAy2iOmc/s4mw1GlhMC1kzmL3PA4 n2YSKh6JPsFWGIIV1Nk+UoJ0vCNa89H0fchWSiFCL0N50fMguOu/hF8vFkKSFELhGwrl ujhVYnO9UlDOh7SNDimwKDxIRIdRQk/Ya4V+IsgCBBAcfGEKNusUPvylnvQIdom4k+oy qgSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RbLiLhiPaw7tBG450MlCeFvvl3RJUAXRRW29yWxwZr0=; b=SKzBBAjKYnbC7/u/sWvL0WIxotqdG6BeNBor+LSFoG2giXgQFjIvnzottEs16Ee6Xl qO5za/HLgtzCDhJqDDWMW6/n9OVYSpO2w15Tsb29Bgn3O4afOvQn9b3ozLgC1vmtbiGr m6DNYYNHcg9mVqXWcWEueur+Vl0KRA12IgAzvFuE6WF1+3vgcfhcY5e9eRQyud0Qm+Zb NVxhyVpXtqKknQzebCJjYXRqIwDBtcV8tLO/H6NPoQVZ5mM/lyz37ktZKPQEj57eQocB wWLsNZdhTVX67uERQmjnBBSQgcP4YvLsldWeG+qe/feJjBTO4w9Ber/y58mJ1tTVnG1x S4VA==
X-Gm-Message-State: AMCzsaU0rSo1rZ0FcWQJ4Wwuy36Gl3RFlJHQpnI+eJdeXor4drR94Vao K975Y3WXvFqbtCvs1/p3cQdqB/99WIxXjzVUN/A=
X-Google-Smtp-Source: ABhQp+RsHZMWuG0vtVVTr3qdaa5pYE2szt5hRRIQwiLjUp31w2aP5B4XuwSMjh4dhC7XQLdjx33HBoiGw1OkB9UuO3s=
X-Received: by 10.55.122.135 with SMTP id v129mr546047qkc.171.1509109081055; Fri, 27 Oct 2017 05:58:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.58.103 with HTTP; Fri, 27 Oct 2017 05:58:00 -0700 (PDT)
In-Reply-To: <D618B988.A2B5F%kenny.paterson@rhul.ac.uk>
References: <CAH7Xz3fwZvQFgh2NdzHSToA_mQpyJ5ysKB2RkjeezAvOkHFHLQ@mail.gmail.com> <D618B988.A2B5F%kenny.paterson@rhul.ac.uk>
From: Peter Alexander <pipnflinx@gmail.com>
Date: Fri, 27 Oct 2017 08:58:00 -0400
Message-ID: <CAH7Xz3enJ7NSreYgQODYxb5qxKrVahD4t6yi6Xzhc2B=B+RmBg@mail.gmail.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="94eb2c05acc0b42542055c86d652"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/6xegTGMwj6iVVNuK6U_Xtbus50k>
Subject: Re: [Cfrg] Dynamic Key Changes on Encrypted Sessions.
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 12:58:05 -0000
Thanks Kenny, That does look pretty neat although much of it is a bit over my head. At a minimum that ID seems to try to solve the same issue we were trying to solve in 2010. I will have to print it out and try to get a better understanding of it though. Cheers, Peter On Fri, Oct 27, 2017 at 5:22 AM, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk> wrote: > Dear Peter, > > Thanks for bringing this to the list. > > You might find this ID interesting to look at in the context of your work: > > https://tools.ietf.org/html/draft-irtf-cfrg-re-keying-08 > > > Regards > > Kenny > > On 26/10/2017 19:06, "Cfrg on behalf of Peter Alexander" > <cfrg-bounces@irtf.org on behalf of pipnflinx@gmail.com> wrote: > > >Greetings everyone, > > > > > >I have tried sending this message before but it was getting blocked. So I > >am trying again :) > > > > > >Eliot Lear from the SAGG mailing list pointed me in your direction. Have > >been meaning to post but got busy. > > > > > > > > > > > >Briefly; > > > > > >I co-invented a VPN-like method for securing transmissions where > >encryption keys could be changed without having to tear-down, and rebuild > >the entire session. At the time we also tried to patent the technology > >but essentially ran > > out of funding. The organization has since dissolved. This was back in > >2010. Given that the invention always sparked interest, but never truly > >gone anywhere I would like to begin the process of opening it up to a > >wider audience. > > > > > >What follows are a few of the high-level design elements which we thought > >were unique to the art. > > > > > >- Dynamic key changes during encrypted sessions (no need to restart) > >- Initial key exchange agnostic. Ex: Possible to use IPSec/DH exchange to > >build initial tunnel > >- Packets containing keys are obfuscated using upto three methods > >- Can also utilize locally stored key arrays. Sending index of key > >instead of key itself. > > > > > >We were able to come up with working code (Linux 2.6 kernel & Android > >Gingerbread), which I can share once I remove the proprietary crypto > >libraries. I also have all of the documentation/presentation slides that > >I authored at the > > time. > > > > > >Kindly let me know if this is something worth moving forward with. I am > >open to discussion/criticism as needed. > > > > > >Cheers! > > > >
- [Cfrg] Dynamic Key Changes on Encrypted Sessions. Peter Alexander
- Re: [Cfrg] Dynamic Key Changes on Encrypted Sessi… Paterson, Kenny
- Re: [Cfrg] Dynamic Key Changes on Encrypted Sessi… Peter Alexander