Re: [hiprg] some questions for draft-irtf-hiprg-rfid-02
Pascal Urien <pascal.urien@gmail.com> Mon, 28 March 2011 13:08 UTC
Return-Path: <pascal.urien@gmail.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ACB0E3A6803 for <hiprg@core3.amsl.com>; Mon, 28 Mar 2011 06:08:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level:
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTJaADoLHag3 for <hiprg@core3.amsl.com>; Mon, 28 Mar 2011 06:08:28 -0700 (PDT)
Received: from mail-qy0-f175.google.com (mail-qy0-f175.google.com [209.85.216.175]) by core3.amsl.com (Postfix) with ESMTP id 661D33A67DA for <hiprg@irtf.org>; Mon, 28 Mar 2011 06:08:28 -0700 (PDT)
Received: by qyk35 with SMTP id 35so1156549qyk.13 for <hiprg@irtf.org>; Mon, 28 Mar 2011 06:10:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=SA77twk4Jq8DJnsiVQpI3IxQkyVNkLrEkG7oweb+R60=; b=XIf+QBqrFzK49NUUINY2C/hvWJcMif6jBmVVJXy+Q3oms6KyQtmoXZpTIebYP6Lstw tmH51MMYjiXMjhYfISiCMZd8gYq4FHR2aNsCDXfL1nAWpndOGRqX3hniCgEXQthBxiRX M/MnUVZFZ0DNS2zNvyrobunzQfVzqdWaR4wqc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=W3vp7R2jhIPKhEdcyQJ7iVIeHzD0dfBh4EcCa6nUyX5R4/6UPHqMWHfDG8ueiL8aiS 1Gl79G91lLVGveQQkhMsj/v2cReou1n/zTesVch2orspeq6dzHmwm+U12NkNU356GGM2 MwuasWb5uHCkv6lNiy9N8zLYGq03TFPcdasac=
MIME-Version: 1.0
Received: by 10.229.19.12 with SMTP id y12mr3246379qca.267.1301317805300; Mon, 28 Mar 2011 06:10:05 -0700 (PDT)
Received: by 10.229.97.212 with HTTP; Mon, 28 Mar 2011 06:10:05 -0700 (PDT)
In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4CED25B070@XCH-NW-10V.nw.nos.boeing.com>
References: <7CC566635CFE364D87DC5803D4712A6C4CED25B070@XCH-NW-10V.nw.nos.boeing.com>
Date: Mon, 28 Mar 2011 15:10:05 +0200
Message-ID: <AANLkTi=NtCnz9UcLfWD7n8Zt65pf-9=KvzN7bU3Jm0GZ@mail.gmail.com>
From: Pascal Urien <pascal.urien@gmail.com>
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
Content-Type: multipart/alternative; boundary="0016e64f693e865da3049f8aa974"
Cc: Gyu Myoung Lee <gmlee@kaist.ac.kr>, "Guy.Pujolle@lip6.fr" <Guy.Pujolle@lip6.fr>, "hiprg@irtf.org" <hiprg@irtf.org>, "Pascal.Urien@telecom-paristech.fr" <Pascal.Urien@telecom-paristech.fr>
Subject: Re: [hiprg] some questions for draft-irtf-hiprg-rfid-02
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 13:08:29 -0000
Hi Thoams 2011/3/28 Henderson, Thomas R <thomas.r.henderson@boeing.com> > Pascal, Guy, and Guy, > I had a few questions and comments regarding the most recent draft on HIP > support for RFID that we could perhaps try to discuss at the meeting > tomorrow (or on the list in the meantime). > > As background, it seems that the main goal of this protocol is to avoid > disclosing the EPC to unauthorized readers; the RFID can disclose it to > those portals that hold a shared secret with the RFID. > The draft targets the protection of the ID (of the RFID). It MAY be an EPC Code, but also an other class of ID (why not an HIT ?) > > In the current draft, there seems to me that there is no need to include > host identifier fields in this protocol. The draft states that the HIT-I is > a random number and the HIT-R could be a null value. All of the > identification seems to be done on the basis of the f value passed in the > exchange, which contains enough information to find the EPC. Could you > explain how HITs are used, if at all? > The issue with the HTI-I is that it MUST not be a fix value, in order to avoid a direct link between an object and its HIT The portal is identfied by its HIT value, zero meaning implicitely known (i.e the portal of a domain) > > On a related note, the last sentence in Section 1 mentions that it is > similar to the BLIND in the case that only one HIT is blinded. I am > wondering whether that case applies here-- the initiator host identifier > needs to be blinded, but the responder HIT doesn't really matter. This left > me wondering whether the protocol could be refactored as a variant of BLIND, > in which case the EPC could be somehow embedded in the HIT-I and recoverable > based on the shared secret and nonce exchange. For example, make the HIT-I > some reversible function f(key,EPC). That would restore the use of HITs in > the protocol. > BLIND has no cryto agility, it works with a fix algorithm. From a cryptpgraphics point of view the f function may be a bijective application (reversible) or a surjective apllication (hash) A profile of HIP_RFID COULD be compatible with blind with f a bijection and f(r1,r2, HIP_I), i.e. f is a protected value of HIP_I > > It wasn't clear to me how ESP would work, how are the keys derived for it? > The existing keys in the draft seem to be directly drawn from functions > such as g(r1,r2, EPC) but there seems to be no analogy to the DH keymat > derivation process in HIP. Could you clarify what are the requirements in > your framework for a general key derivation function? > What we need for ESP is - A negociation of the Security Association SA, i.e. selected algorithms for encryption and data integrity - A formula, like Key(s) = PRF (r1,r2, ID, others parameters) in order to compute the SA keys - > > Another major section missing in this document is the Security > Considerations section, which will need to be carefully written to state the > security claims and known vulnerabilities of this protocol. > Agree. I suggest to focus on the case where no ESP channel is opened. A next draft could focus on the ESP negociation. > > - Tom > > Pascal > > _______________________________________________ > hiprg mailing list > hiprg@irtf.org > https://www.irtf.org/mailman/listinfo/hiprg >
- [hiprg] some questions for draft-irtf-hiprg-rfid-… Henderson, Thomas R
- Re: [hiprg] some questions for draft-irtf-hiprg-r… Pascal Urien
- Re: [hiprg] some questions for draft-irtf-hiprg-r… Henderson, Thomas R