[Cfrg] ASK: Secret Handshakes From Pairing-based Key Agreements

Dave Thaler <dthaler@microsoft.com> Sun, 13 November 2016 22:56 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D51361294A3 for <cfrg@ietfa.amsl.com>; Sun, 13 Nov 2016 14:56:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.022
X-Spam-Level:
X-Spam-Status: No, score=-102.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EoZXSUVLFtBz for <cfrg@ietfa.amsl.com>; Sun, 13 Nov 2016 14:56:16 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0101.outbound.protection.outlook.com [104.47.32.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2F16126CD8 for <cfrg@irtf.org>; Sun, 13 Nov 2016 14:56:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5BUkZfsoofKsL6ZxvFvOCQlGLS6kwaTf72Q8g7dSqUY=; b=NIBuhB6BDcnupD+DJL8dR9az3rGEVrH22CKVA3s8GjE1Uy1TD6arlZXRDXsiy6gsvea3OjkrzZDq5CEWroMcf7TGG2MWjoWj9YKqju1fziFaMQGLWYmEW07ZwqxSx9qgKEzwZC+Sqi8xoZfbAET7fUWy9u81x1hjT27gFrxo+uU=
Received: from CY1PR03MB2265.namprd03.prod.outlook.com (10.166.207.17) by CY1PR03MB2265.namprd03.prod.outlook.com (10.166.207.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.707.6; Sun, 13 Nov 2016 22:55:50 +0000
Received: from CY1PR03MB2265.namprd03.prod.outlook.com ([10.166.207.17]) by CY1PR03MB2265.namprd03.prod.outlook.com ([10.166.207.17]) with mapi id 15.01.0707.015; Sun, 13 Nov 2016 22:55:50 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: ASK: Secret Handshakes From Pairing-based Key Agreements
Thread-Index: AdI+ARIPQUPnuqdJQVO0o43eTy0mUA==
Date: Sun, 13 Nov 2016 22:55:49 +0000
Message-ID: <CY1PR03MB22658ECE07561DE4311B4337A3BD0@CY1PR03MB2265.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [2001:67c:370:128:a97d:b9ba:4f79:9842]
x-microsoft-exchange-diagnostics: 1; CY1PR03MB2265; 7:F73FCYynwtRmXVhbKS+cvgEDKgIj5kYvW9NBTUEddBCqKflDCOIaR2bmHFdV8ApsPaP3iwjCsu2Z2AZfSUiB2AmMRBK02DOJFlKX6CD+V2pgKppgfhmuy16SFgmE6kuX7ch7Yadtg0X7VMh0N/3xVcfLpowXFSNwEum7ne2MxPeZmPjfAEmH960V44Tq8t+Wd1jqMEiFoTcipAVNJ+4pK4D3759ubpic4lEuuwKp+2j+2clChGZpNIZJ92JuTbnBHX7amERqeLJgoFoIQ54H2N2USUTjisf0s20PrcCBvF4BMPzLNQTtPazjrGQrQtYOn/gOEQVzc4rUhpyEm7NjadK7tArM4+IEaeXotMm/lnUsiF4Qpye7rX84DWvSmMKu
x-ms-office365-filtering-correlation-id: a5efc596-6b4b-40db-8a59-08d40c183698
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR03MB2265;
x-microsoft-antispam-prvs: <CY1PR03MB22656FDB15A1AA591EEC3082A3BD0@CY1PR03MB2265.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(101472597685257);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6045074)(6060308)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038)(6046074)(6061303); SRVR:CY1PR03MB2265; BCL:0; PCL:0; RULEID:; SRVR:CY1PR03MB2265;
x-forefront-prvs: 012570D5A0
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(336003)(199003)(189002)(8936002)(102836003)(586003)(6116002)(68736007)(81166006)(9686002)(189998001)(106356001)(10090500001)(97736004)(450100001)(2351001)(76576001)(7736002)(2501003)(7846002)(5660300001)(87936001)(110136003)(5640700001)(7696004)(305945005)(74316002)(6916009)(86612001)(8990500004)(105586002)(99286002)(2900100001)(81156014)(3280700002)(86362001)(8676002)(1730700003)(77096005)(101416001)(2906002)(10290500002)(33656002)(5005710100001)(50986999)(3660700001)(54356999)(122556002)(107886002)(92566002)(219293001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR03MB2265; H:CY1PR03MB2265.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2016 22:55:49.6463 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB2265
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/AXBngLPD1FFSJcqFm7_GU7RzBMM>
Subject: [Cfrg] ASK: Secret Handshakes From Pairing-based Key Agreements
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2016 22:56:18 -0000

Hi CFRG folks,

In the security considerations section of draft-thaler-core-redirect-01, I wrote (below) of an auth mechanism
gap we have today.  Although the first need though is for DTLS with coap, this gap isn't specific to the core WG, 
it's applicable to any peer-to-peer-style communication where both endpoints are concerned about privacy.

>   Preventing identifying information from being observed by untrusted
>   clients doing multicast discovery is necessary but not sufficient to
>   mitigate the privacy issues discussed in Section 1.  That is, one
>   must also use an authentication scheme for subsequent unicast
>   messages that does not reveal a stable identifier to clients before
>   authentication is complete.  Mutual authentication schemes exist
>   (e.g., [Balfanz]) that only reveal the identity of both endpoints if
>   authentication succeeds, but they may not yet be available in current
>   standards and popular code bases.

And the reference is from SOSP 2003:
>   [Balfanz]  Balfanz, D., Durfee, G., Shankar, N., Smetters, D.,
>              Staddon, J., and H-C. Wong, "Secret Handshakes From
>              Pairing-based Key Agreements", May 2003,
>              <http://ieeexplore.ieee.org/document/1199336>.

This is a real-world problem and at least one other SDO (OCF) wants to implement a solution in the near
future, and I will be mentioning this gap in the CoRE WG.   Since there's been existence proofs of
solutions since 2003, it seems a solution could be ready for engineering if CFRG can analyze/recommend
a specific mechanism in this category, whether it's the Balfanz mechanism or some other derivative
or variation.  

Is this something that some CFRG people can do?

Dave