Re: [hiprg] some questions for draft-irtf-hiprg-rfid-02

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Mon, 28 March 2011 15:31 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 50E913A6A53 for <hiprg@core3.amsl.com>; Mon, 28 Mar 2011 08:31:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.806
X-Spam-Level:
X-Spam-Status: No, score=-105.806 tagged_above=-999 required=5 tests=[AWL=-0.606, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vn6OqXHuALP for <hiprg@core3.amsl.com>; Mon, 28 Mar 2011 08:31:53 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 3C4573A6943 for <hiprg@irtf.org>; Mon, 28 Mar 2011 08:31:53 -0700 (PDT)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p2SFXEB2022736 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 28 Mar 2011 08:33:15 -0700 (PDT)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p2SFXEA1002460; Mon, 28 Mar 2011 10:33:14 -0500 (CDT)
Received: from XCH-NWHT-06.nw.nos.boeing.com (xch-nwht-06.nw.nos.boeing.com [130.247.25.110]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p2SFXD2k002435 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 28 Mar 2011 10:33:14 -0500 (CDT)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-06.nw.nos.boeing.com ([130.247.25.110]) with mapi; Mon, 28 Mar 2011 08:33:13 -0700
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Pascal Urien' <pascal.urien@gmail.com>
Date: Mon, 28 Mar 2011 08:33:12 -0700
Thread-Topic: [hiprg] some questions for draft-irtf-hiprg-rfid-02
Thread-Index: AcvtSXdeKespkGgESOCI7p8glHgP3gAEea3wAAAP2tA=
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CED25B074@XCH-NW-10V.nw.nos.boeing.com>
References: <7CC566635CFE364D87DC5803D4712A6C4CED25B073@XCH-NW-10V.nw.nos.boeing.com>
In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4CED25B073@XCH-NW-10V.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Gyu Myoung Lee <gmlee@kaist.ac.kr>, "Guy.Pujolle@lip6.fr" <Guy.Pujolle@lip6.fr>, "hiprg@irtf.org" <hiprg@irtf.org>, "Pascal.Urien@telecom-paristech.fr" <Pascal.Urien@telecom-paristech.fr>
Subject: Re: [hiprg] some questions for draft-irtf-hiprg-rfid-02
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 15:31:54 -0000

> 
> From: Pascal Urien [mailto:pascal.urien@gmail.com]
> Sent: Monday, March 28, 2011 6:10 AM
> To: Henderson, Thomas R
> Cc: Pascal.Urien@telecom-paristech.fr; Gyu Myoung Lee;
> Guy.Pujolle@lip6.fr; hiprg@irtf.org
> Subject: Re: [hiprg] some questions for draft-irtf-hiprg-rfid-02
> 
> Hi Thoams
> 2011/3/28 Henderson, Thomas R <thomas.r.henderson@boeing.com>
> Pascal, Guy, and Guy,
> I had a few questions and comments regarding the most recent draft on
> HIP support for RFID that we could perhaps try to discuss at the
> meeting tomorrow (or on the list in the meantime).
> 
> As background, it seems that the main goal of this protocol is to avoid
> disclosing the EPC to unauthorized readers; the RFID can disclose it to
> those portals that hold a shared secret with the RFID.
> 
> The draft targets the protection of the ID (of the RFID). It MAY be an
> EPC Code, but also an other class of ID (why not an HIT ?)
> 
> In the current draft, there seems to me that there is no need to
> include host identifier fields in this protocol.  The draft states that
> the HIT-I is a random number and the HIT-R could be a null value.  All
> of the identification seems to be done on the basis of the f value
> passed in the exchange, which contains enough information to find the
> EPC.  Could you explain how HITs are used, if at all?
> 
> The issue with the HTI-I is that it MUST not be a fix value, in order
> to avoid a direct link between an object and its HIT
> 
> The portal is identfied by its HIT value, zero meaning implicitely
> known (i.e the portal of a domain)
> 
> 
>> On a related note, the last sentence in Section 1 mentions that it is
>> similar to the BLIND in the case that only one HIT is blinded.  I am
>> wondering whether that case applies here-- the initiator host
>> identifier needs to be blinded, but the responder HIT doesn't really
>> matter.  This left me wondering whether the protocol could be
>> refactored as a variant of BLIND, in which case the EPC could be
>> somehow embedded in the HIT-I and recoverable based on the shared
>> secret and nonce exchange.  For example, make the HIT-I some reversible
>> function f(key,EPC).  That would restore the use of HITs in the
>> protocol.
> 
> BLIND has no cryto agility, it works with a fix algorithm. From a
> cryptpgraphics point of view the f function may be a bijective
> application (reversible) or a surjective apllication (hash)
> 
>  A profile of HIP_RFID COULD be compatible with blind  with f a
> bijection and f(r1,r2, HIP_I), i.e. f is a protected value of HIP_I
> 
>

Your points are important clarifications that we should try to include in the draft.  Especially what role the HITs play in different variations of the protocol, and how this is different from traditional HIP.

>> It wasn't clear to me how ESP would work, how are the keys derived for
>> it?  The existing keys in the draft seem to be directly drawn from
>> functions such as g(r1,r2, EPC) but there seems to be no analogy to the
>> DH keymat derivation process in HIP.  Could you clarify what are the
>> requirements in your framework for a general key derivation function?
> 
> 
> What we need for ESP is
> - A negociation of the Security Association SA, i.e. selected
> algorithms for encryption and data integrity
> - A formula, like Key(s) = PRF (r1,r2, ID, others parameters) in order
> to compute the SA keys
> 

again, please include the above in an update

> -
> 
>> Another major section missing in this document is the Security
>> Considerations section, which will need to be carefully written to
>> state the security claims and known vulnerabilities of this protocol.
> 
> Agree. I suggest to focus on the case where no ESP channel is opened.
> 
> A next draft could focus on the ESP negociation.

Thanks for the quick response.

Tom