[Hipsec] Password authentication for HIP DEX

Robert Moskowitz <rgm@htt-consult.com> Thu, 10 June 2010 16:02 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B6C653A696E for <hipsec@core3.amsl.com>; Thu, 10 Jun 2010 09:02:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.716
X-Spam-Level:
X-Spam-Status: No, score=0.716 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_50=0.001, J_CHICKENPOX_31=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFRTIfOaoSY9 for <hipsec@core3.amsl.com>; Thu, 10 Jun 2010 09:02:52 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id A10003A68FC for <hipsec@ietf.org>; Thu, 10 Jun 2010 09:02:52 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 361EB68A94 for <hipsec@ietf.org>; Thu, 10 Jun 2010 15:55:03 +0000 (UTC)
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V33LwH8JwSj3 for <hipsec@ietf.org>; Thu, 10 Jun 2010 11:54:54 -0400 (EDT)
Received: from nc2400.htt-consult.com (h155.home.htt [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 4802A68B49 for <hipsec@ietf.org>; Thu, 10 Jun 2010 11:54:54 -0400 (EDT)
Message-ID: <4C110C8D.4000503@htt-consult.com>
Date: Thu, 10 Jun 2010 12:02:21 -0400
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-2.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: HIP WG <hipsec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [Hipsec] Password authentication for HIP DEX
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2010 16:02:53 -0000

Password authentication for HIP DEX may be used for initial ACL 
bootstraping (how a new I introduces itself to R) of for emergency 
access (EMT needs access to a pacemaker or field tech needs access to a 
substation switch).

Note that if I does not have PKr from a source other than R1, this 
process is open to rogue attack then offline dictionary attack against 
the secret.  There is no way that R can protect its password from a 
misbehaving I.  This is a simple password authentication.  I am going to 
study 802.11s ECC zero-knowledge password authentication that Dan 
Harkins developed to see if I could use it instead...

Anyway on to the process, it is very simple.

P  ::= password
Pl ::=length of password

If Pl != 128 then P = AES-CMAC(0^128, P, Pl)

Add the following to I2:

ECR(PKr, MAC(P, n))

This parameter is included in the MAC of I2.  Only the owner of the R 
private key can look at the MAC result to see if it is correct.  Thus 
the passsword is not exposed to over the air intercept and dictionary 
attack.  It IS open to MR attack if I does not have PKr from a source 
other than R1.  I don't see an EMT in a hurry entering a 128bit HIT or 
160bit PKr to get access to a pacemaker...