[hiprg] some questions for draft-irtf-hiprg-rfid-02
"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Mon, 28 March 2011 12:41 UTC
Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64DBF3A68F0 for <hiprg@core3.amsl.com>; Mon, 28 Mar 2011 05:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.871
X-Spam-Level:
X-Spam-Status: No, score=-105.871 tagged_above=-999 required=5 tests=[AWL=-0.671, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eG76wZR0p8kn for <hiprg@core3.amsl.com>; Mon, 28 Mar 2011 05:41:39 -0700 (PDT)
Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by core3.amsl.com (Postfix) with ESMTP id 038D03A6817 for <hiprg@irtf.org>; Mon, 28 Mar 2011 05:41:38 -0700 (PDT)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by blv-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p2SCgu0A011845 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 28 Mar 2011 05:43:01 -0700 (PDT)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p2SCgukX024146; Mon, 28 Mar 2011 05:42:56 -0700 (PDT)
Received: from XCH-NWHT-04.nw.nos.boeing.com (xch-nwht-04.nw.nos.boeing.com [130.247.64.250]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p2SCguUX024142 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 28 Mar 2011 05:42:56 -0700 (PDT)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-04.nw.nos.boeing.com ([130.247.64.250]) with mapi; Mon, 28 Mar 2011 05:42:56 -0700
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: "'Pascal.Urien@telecom-paristech.fr'" <Pascal.Urien@telecom-paristech.fr>, 'Gyu Myoung Lee' <gmlee@kaist.ac.kr>, "'Guy.Pujolle@lip6.fr'" <Guy.Pujolle@lip6.fr>
Date: Mon, 28 Mar 2011 05:42:55 -0700
Thread-Topic: some questions for draft-irtf-hiprg-rfid-02
Thread-Index: AcvtRafIhQRlE9/CT2KeNBqylceWUw==
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CED25B070@XCH-NW-10V.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "hiprg@irtf.org" <hiprg@irtf.org>
Subject: [hiprg] some questions for draft-irtf-hiprg-rfid-02
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 12:41:40 -0000
Pascal, Guy, and Guy, I had a few questions and comments regarding the most recent draft on HIP support for RFID that we could perhaps try to discuss at the meeting tomorrow (or on the list in the meantime). As background, it seems that the main goal of this protocol is to avoid disclosing the EPC to unauthorized readers; the RFID can disclose it to those portals that hold a shared secret with the RFID. In the current draft, there seems to me that there is no need to include host identifier fields in this protocol. The draft states that the HIT-I is a random number and the HIT-R could be a null value. All of the identification seems to be done on the basis of the f value passed in the exchange, which contains enough information to find the EPC. Could you explain how HITs are used, if at all? On a related note, the last sentence in Section 1 mentions that it is similar to the BLIND in the case that only one HIT is blinded. I am wondering whether that case applies here-- the initiator host identifier needs to be blinded, but the responder HIT doesn't really matter. This left me wondering whether the protocol could be refactored as a variant of BLIND, in which case the EPC could be somehow embedded in the HIT-I and recoverable based on the shared secret and nonce exchange. For example, make the HIT-I some reversible function f(key,EPC). That would restore the use of HITs in the protocol. It wasn't clear to me how ESP would work, how are the keys derived for it? The existing keys in the draft seem to be directly drawn from functions such as g(r1,r2, EPC) but there seems to be no analogy to the DH keymat derivation process in HIP. Could you clarify what are the requirements in your framework for a general key derivation function? Another major section missing in this document is the Security Considerations section, which will need to be carefully written to state the security claims and known vulnerabilities of this protocol. - Tom
- [hiprg] some questions for draft-irtf-hiprg-rfid-… Henderson, Thomas R
- Re: [hiprg] some questions for draft-irtf-hiprg-r… Pascal Urien
- Re: [hiprg] some questions for draft-irtf-hiprg-r… Henderson, Thomas R