Re: [Cfrg] PAKEs for IoT // Feedback appreciated regarding candidate libraries for the requested for reference implementations on constrained targets.

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 20 November 2019 10:33 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9848512083B for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 02:33:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=t8HHyeUr; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=b9EOPpPw
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jncc8ibUvfMF for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 02:33:25 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80052.outbound.protection.outlook.com [40.107.8.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D544B1200D8 for <cfrg@irtf.org>; Wed, 20 Nov 2019 02:33:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LloKMv57DCB44B8WDitSZ2SkqwBkDa0H8t3R6YZ4oPo=; b=t8HHyeUr0NKiq435jC45B7R2uscru//rO1bpRREoCncjQmxzTiqI/gU7XYXLwv4DO1dM4q4iVLqHZY5pyA8D7D083cYuRqi3pp++sWfvYm+p6jac0ZYOAhfz8wcYIzGB+G3jXp4Ls+giPR6WFwJgeI57o1ZtarCmtDJuWbWvRKY=
Received: from VI1PR08CA0253.eurprd08.prod.outlook.com (2603:10a6:803:dc::26) by AM0PR08MB3313.eurprd08.prod.outlook.com (2603:10a6:208:5b::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17; Wed, 20 Nov 2019 10:33:21 +0000
Received: from AM5EUR03FT059.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::205) by VI1PR08CA0253.outlook.office365.com (2603:10a6:803:dc::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Wed, 20 Nov 2019 10:33:21 +0000
Authentication-Results: spf=fail (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; irtf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;irtf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: Fail (protection.outlook.com: domain of arm.com does not designate 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT059.mail.protection.outlook.com (10.152.17.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Wed, 20 Nov 2019 10:33:21 +0000
Received: ("Tessian outbound af6b7800e6cb:v33"); Wed, 20 Nov 2019 10:33:21 +0000
X-CR-MTA-TID: 64aa7808
Received: from cdf4ecfee3ee.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.4.54]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 65E85658-E3F5-4DEA-8C98-0B0B31818594.1; Wed, 20 Nov 2019 10:33:16 +0000
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp2054.outbound.protection.outlook.com [104.47.4.54]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id cdf4ecfee3ee.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 20 Nov 2019 10:33:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=elGDW4nCJrp0T/CjJYUeEGZBsLvIS0pOJXZEFOtRO+Q+6QbPWwhxQzNlfliFOJRZJeXpbqsUnKm6/0aG+IrBTuUIzCvmrWnxQ90wBtVbVNn0Fl81ywa0FDh+wxev6yDe1CeuR6Og9on+YSErTI14n01AuQXNkLhdJ4kvMNR/UBzMSX8ctsdpC+3JWpj6+s8HGFbjKg595KnDE2/E7EBEWH6mXPR7Gp7ypKwmwtjz9KeEtZTKrMtb6uScVQEJKrzU2VsokWAsZyqQHjR/k4XGtV1EcWDzM0h+iptU/+u08OZbFLHzcBdzedqbja86ZXy2VDUdrPSUxY+0DxAwmeErUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1uID021ozrrpwhfixprl3kMUhN8+v7foCgOnmmfZfpY=; b=hssoYQc9ztdGnJbyBA8iZ4YmGBhds6wypI/p7A0PyZAo8c2Sacj2ctwnAzF+ETgX7rLKT7IotC5VC9PS5T3e4adl/g8ObAfam09ekIM4TjwacDn02ESSYnpLVx8fE0vU57U9tO7as3cYsdn2wSWPNSKGRVquV8u1dTnvFhZCdAL1KTuzfqHxfOvLaO0a6cxfbhJgUx9J0ML7fsxn0DRen48qI+lJtp4oMvzSd/boUb9nxiQiTcSsZqok8Rw6x1xGKaGvvzK0H63mrqsrCqeNW5y2NmuBk7II/kEfp4dZ/FZgU7Ka20kZJ8PPHvREkj29DzFec6+HJwwdrFLo31K1yA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1uID021ozrrpwhfixprl3kMUhN8+v7foCgOnmmfZfpY=; b=b9EOPpPwlhkYAJfP/GM5XNEKn1W12MBRCWw/gZnASw+phG7kUwpP42bfRPgB777z8aRyNEMlm0aRXix71mjH5Ri2m2uDAO11m0HIs96UrL2R7IZxtWKf47DIGVFLFhc+O0Kyw6/JPq1/+pwTbji3wvDNMI/dD8z6zdgrZsyz6+g=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.245.74) by VI1PR08MB3406.eurprd08.prod.outlook.com (20.177.58.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.28; Wed, 20 Nov 2019 10:33:15 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::4044:55a8:a969:fd1d]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::4044:55a8:a969:fd1d%7]) with mapi id 15.20.2451.031; Wed, 20 Nov 2019 10:33:15 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: =?iso-8859-1?Q?Bj=F6rn_Haase?= <bjoern.haase@endress.com>, cfrg <cfrg@irtf.org>
Thread-Topic: PAKEs for IoT // Feedback appreciated regarding candidate libraries for the requested for reference implementations on constrained targets.
Thread-Index: AdWff4aZDV41AxR9Twqnv6wlwQfcwgADQq8A
Date: Wed, 20 Nov 2019 10:33:15 +0000
Message-ID: <VI1PR08MB53608F4106C76BF50DA50939FA4F0@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <VI1PR0501MB22559F46BED6DDACA80B3DAE834F0@VI1PR0501MB2255.eurprd05.prod.outlook.com>
In-Reply-To: <VI1PR0501MB22559F46BED6DDACA80B3DAE834F0@VI1PR0501MB2255.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2019-11-20T08:54:39.5608621Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=f84e4941-dee3-44a0-be34-4da972c1804d; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
x-ts-tracking-id: dca19850-b03e-4879-bcc0-680cdb1699cb.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [31.133.155.170]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: a54587c4-7c49-47c0-27dc-08d76da510da
X-MS-TrafficTypeDiagnostic: VI1PR08MB3406:|AM0PR08MB3313:
X-Microsoft-Antispam-PRVS: <AM0PR08MB3313D5EA010D74A256E6D3AEFA4F0@AM0PR08MB3313.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 02272225C5
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(366004)(396003)(136003)(39860400002)(189003)(199004)(26234003)(51914003)(236005)(8936002)(6506007)(66066001)(71200400001)(5660300002)(71190400001)(256004)(81166006)(229853002)(81156014)(110136005)(86362001)(52536014)(55016002)(7736002)(25786009)(966005)(6246003)(9686003)(14454004)(54896002)(606006)(14444005)(6306002)(478600001)(3846002)(76176011)(6436002)(33656002)(2906002)(74316002)(6116002)(790700001)(7696005)(66446008)(53546011)(102836004)(8676002)(26005)(99286004)(66556008)(66476007)(64756008)(316002)(11346002)(486006)(66574012)(76116006)(476003)(66946007)(446003)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB3406; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: y1MuInT/woCaeimttW3unXFrBrM/mjJKNZ4osR6hP6kP8J0LmRTyaU9WydVNGAyE85kw5kl662ewwWqh0lpOyNXNN6t6kooTRligZHMs8c1f+N1uKB/VuCnhqI78K+yCLJdVzAYfLGj1sin+hpss/3nJNY59JmQOKqsGisQ8YiEWke/DZ31N+6JmjbHRP3DM+fSO2oHYFXBh2MOwvCzblce0Xw01UL1MhPk0ElPmG7mGOrvPNEVoz57Pnk4kt93P6d4k6wbiehZ43Ou+1+WXC9P4XyZ0QmuzJUvIbVrBjvsOI+zlk1rd5ISjb9nn38mstBwhWYqZUg6ULbwCmG3V756OtUA7giVS2ZXuVA3Wg8LXrg1tsPL2v1Gq08ZlSz41Y35PxwQJIj9w9yQE2MJxkk+xxJELudRKrvUlhdAlSUs7may+rYZ5ZDDzrHPpA5kr
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB53608F4106C76BF50DA50939FA4F0VI1PR08MB5360eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3406
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT059.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10001)(10009020)(4636009)(396003)(39860400002)(346002)(376002)(136003)(1110001)(339900001)(26234003)(51914003)(189003)(199004)(40434004)(36906005)(316002)(102836004)(71190400001)(33656002)(16586007)(110136005)(86362001)(6246003)(7736002)(66574012)(74316002)(76176011)(6506007)(53546011)(99286004)(229853002)(105606002)(15974865002)(8936002)(52536014)(446003)(11346002)(486006)(476003)(606006)(126002)(966005)(26826003)(356004)(478600001)(14454004)(336012)(7696005)(70586007)(70206006)(66066001)(55016002)(81166006)(22756006)(76130400001)(26005)(186003)(5660300002)(8676002)(54896002)(9686003)(2906002)(6306002)(81156014)(25786009)(236005)(3846002)(14444005)(6116002)(790700001)(5024004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB3313; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Fail; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 33b27c91-3100-4bf7-5244-08d76da50d24
X-MS-Exchange-PUrlCount: 4
X-Forefront-PRVS: 02272225C5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: om47S0DDbaTp4N41mlnXHQxUmeCnakPJQlvroyH1srT99hpaZ31NeBjD0kHG9aIL9UqgEtTXavFuB6fkmGIsPwrqi+ZkREGhomoOGjX0KBj3pEcdtjuGzofDdozQGQpRQH3bcUsrtQEGQcHcRgI4wnTz3c3YwXdceDuq/hrPctTdxOxQyxpCWQAm97ybTxUoiIwjoNO7vs3x5I1zgBGEVg9IxQ4i4C/EZNSlMGAh1X0t34+A3+1LqSJDBNz4dJkLeoS3NIRqZwYS0eF9OGUpoier3+ByxKztX6R8YJnHa+Uj45wvYk21PcGI5nJvb4FHe6Xq/6n1quNdWPwrtbzRFVVF3HAvI/jRyeVkQs/DdaTPbfP3sHwhC7KT/eOxs30t+cSJsUpg7fpVvY9M2N7yBKS8JnlL0ec3wIBZy6poI11zfZcTqtLKpDJR4YO559WKc3hFC7UOpCgw74Io/twXJFkUlYP7beC2b89AZIPRyd4IJrywLroZ9Oi/Us26NuoTbyxj36oFPjyVMaBr2No4qOKvxfVjDDwCSMN4QyfIFFl9xEAwbAVtx4Q3npBafcN+
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2019 10:33:21.5247 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a54587c4-7c49-47c0-27dc-08d76da510da
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3313
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/iU74AEv01lToS27OBfDyFaJj5PY>
Subject: Re: [Cfrg] PAKEs for IoT // Feedback appreciated regarding candidate libraries for the requested for reference implementations on constrained targets.
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 10:33:28 -0000

Hi Björn,

thanks for the pointer to the publication.

Regarding a crypto library for embedded devices: We have split our TLS implementation such that those who only want to use the crypto can use the Mbed Crypto library alone without having to re-configure the stack with C pre-processor directives to omit code generation for the TLS/DTLS handshake

Here is the link: https://github.com/ARMmbed/mbed-crypto

As an API, it uses our new PSA Crypto API (PSA = Platform Security Architecture).

Regarding the IoT security recommendations I will look up the references and post them to the list. It is interesting to hear that BSI is interested in this work.

Ciao
Hannes

From: Björn Haase <bjoern.haase@endress.com>;
Sent: Wednesday, November 20, 2019 4:55 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>;; cfrg <cfrg@irtf.org>;
Subject: AW: PAKEs for IoT // Feedback appreciated regarding candidate libraries for the requested for reference implementations on constrained targets.

Dear Hannes,

regarding performance data, there is a detailed section on low-end microcontrollers in  ia.cr/2018/286<https://ia.cr/2018/286>.

For code size on other targets you could add the code sizes as required for X25519 and SHA512. The adder for the mapping could almost be neglected since it shares the same field arithmetic. We are also planning to prepare a stand-alone implementation based on an extension of Tweet-NaCl with elligator2, e.g. for inter-operability tests in addition to the optimized ARM v5 / v6 code that is already published.

@CFRG:
Regarding a reference implementation for short-Weierstrass curves on constrained devices, such as P-256, I'd appreciate any recommendation on which library candidate might be most suitable. My personal first approach would have been to use BearSSL for the field arithmetics or possibly Arm MBED. However, maybe there is some library where a reference implementation code could be integrated with less effort.

>There is a push from governments not to use passwords on IoT devices
Maybe you could give me a detailed pointer regarding this information? I currently don't dispose of any such information. FYI, in Germany BSI explicitly declared interest in the current developments regarding PAKE standardization, specifically when considering the aspect of resilience with respect to quantum computing. This topic will be on the agenda for the upcoming BRAINPOOL meeting in January.

Yours,

Björn.

Mit freundlichen Grüßen I Best Regards

Dr. Björn Haase

________________________________
Senior Expert Electronics | TGREH Electronics Hardware
Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221
bjoern.haase@endress.com<mailto:bjoern.haase@endress.com> | www.conducta.endress.com<http://www.conducta.endress.com>
________________________________

Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta
Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella

________________________________

Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.

Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis<https://www.de.endress.com/de/cookies-endress+hauser-website> nach.

________________________________



Disclaimer:

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged
material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities
other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.