Re: [hiprg] some questions for draft-irtf-hiprg-rfid-02

Pascal Urien <pascal.urien@gmail.com> Mon, 28 March 2011 13:08 UTC

Return-Path: <pascal.urien@gmail.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ACB0E3A6803 for <hiprg@core3.amsl.com>; Mon, 28 Mar 2011 06:08:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level:
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTJaADoLHag3 for <hiprg@core3.amsl.com>; Mon, 28 Mar 2011 06:08:28 -0700 (PDT)
Received: from mail-qy0-f175.google.com (mail-qy0-f175.google.com [209.85.216.175]) by core3.amsl.com (Postfix) with ESMTP id 661D33A67DA for <hiprg@irtf.org>; Mon, 28 Mar 2011 06:08:28 -0700 (PDT)
Received: by qyk35 with SMTP id 35so1156549qyk.13 for <hiprg@irtf.org>; Mon, 28 Mar 2011 06:10:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=SA77twk4Jq8DJnsiVQpI3IxQkyVNkLrEkG7oweb+R60=; b=XIf+QBqrFzK49NUUINY2C/hvWJcMif6jBmVVJXy+Q3oms6KyQtmoXZpTIebYP6Lstw tmH51MMYjiXMjhYfISiCMZd8gYq4FHR2aNsCDXfL1nAWpndOGRqX3hniCgEXQthBxiRX M/MnUVZFZ0DNS2zNvyrobunzQfVzqdWaR4wqc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=W3vp7R2jhIPKhEdcyQJ7iVIeHzD0dfBh4EcCa6nUyX5R4/6UPHqMWHfDG8ueiL8aiS 1Gl79G91lLVGveQQkhMsj/v2cReou1n/zTesVch2orspeq6dzHmwm+U12NkNU356GGM2 MwuasWb5uHCkv6lNiy9N8zLYGq03TFPcdasac=
MIME-Version: 1.0
Received: by 10.229.19.12 with SMTP id y12mr3246379qca.267.1301317805300; Mon, 28 Mar 2011 06:10:05 -0700 (PDT)
Received: by 10.229.97.212 with HTTP; Mon, 28 Mar 2011 06:10:05 -0700 (PDT)
In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4CED25B070@XCH-NW-10V.nw.nos.boeing.com>
References: <7CC566635CFE364D87DC5803D4712A6C4CED25B070@XCH-NW-10V.nw.nos.boeing.com>
Date: Mon, 28 Mar 2011 15:10:05 +0200
Message-ID: <AANLkTi=NtCnz9UcLfWD7n8Zt65pf-9=KvzN7bU3Jm0GZ@mail.gmail.com>
From: Pascal Urien <pascal.urien@gmail.com>
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
Content-Type: multipart/alternative; boundary="0016e64f693e865da3049f8aa974"
Cc: Gyu Myoung Lee <gmlee@kaist.ac.kr>, "Guy.Pujolle@lip6.fr" <Guy.Pujolle@lip6.fr>, "hiprg@irtf.org" <hiprg@irtf.org>, "Pascal.Urien@telecom-paristech.fr" <Pascal.Urien@telecom-paristech.fr>
Subject: Re: [hiprg] some questions for draft-irtf-hiprg-rfid-02
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 13:08:29 -0000

Hi Thoams

2011/3/28 Henderson, Thomas R <thomas.r.henderson@boeing.com>

> Pascal, Guy, and Guy,
> I had a few questions and comments regarding the most recent draft on HIP
> support for RFID that we could perhaps try to discuss at the meeting
> tomorrow (or on the list in the meantime).
>
> As background, it seems that the main goal of this protocol is to avoid
> disclosing the EPC to unauthorized readers; the RFID can disclose it to
> those portals that hold a shared secret with the RFID.
>

The draft targets the protection of the ID (of the RFID). It MAY be an EPC
Code, but also an other class of ID (why not an HIT ?)


>
> In the current draft, there seems to me that there is no need to include
> host identifier fields in this protocol.  The draft states that the HIT-I is
> a random number and the HIT-R could be a null value.  All of the
> identification seems to be done on the basis of the f value passed in the
> exchange, which contains enough information to find the EPC.  Could you
> explain how HITs are used, if at all?
>

The issue with the HTI-I is that it MUST not be a fix value, in order to
avoid a direct link between an object and its HIT

The portal is identfied by its HIT value, zero meaning implicitely known
(i.e the portal of a domain)


>
> On a related note, the last sentence in Section 1 mentions that it is
> similar to the BLIND in the case that only one HIT is blinded.  I am
> wondering whether that case applies here-- the initiator host identifier
> needs to be blinded, but the responder HIT doesn't really matter.  This left
> me wondering whether the protocol could be refactored as a variant of BLIND,
> in which case the EPC could be somehow embedded in the HIT-I and recoverable
> based on the shared secret and nonce exchange.  For example, make the HIT-I
> some reversible function f(key,EPC).  That would restore the use of HITs in
> the protocol.
>

BLIND has no cryto agility, it works with a fix algorithm. From a
cryptpgraphics point of view the f function may be a bijective application
(reversible) or a surjective apllication (hash)

 A profile of HIP_RFID COULD be compatible with blind  with f a bijection
and f(r1,r2, HIP_I), i.e. f is a protected value of HIP_I


>
> It wasn't clear to me how ESP would work, how are the keys derived for it?
>  The existing keys in the draft seem to be directly drawn from functions
> such as g(r1,r2, EPC) but there seems to be no analogy to the DH keymat
> derivation process in HIP.  Could you clarify what are the requirements in
> your framework for a general key derivation function?
>


What we need for ESP is
- A negociation of the Security Association SA, i.e. selected algorithms for
encryption and data integrity
- A formula, like Key(s) = PRF (r1,r2, ID, others parameters) in order to
compute the SA keys

-

>
> Another major section missing in this document is the Security
> Considerations section, which will need to be carefully written to state the
> security claims and known vulnerabilities of this protocol.
>

Agree. I suggest to focus on the case where no ESP channel is opened.

A next draft could focus on the ESP negociation.


>
> - Tom
>
>
Pascal

>
> _______________________________________________
> hiprg mailing list
> hiprg@irtf.org
> https://www.irtf.org/mailman/listinfo/hiprg
>