IETF Logo Mail Archive

Re: [Lake] EDHOC rekey

John Mattsson <john.mattsson@ericsson.com> Wed, 25 January 2023 23:25 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56B0BC14CE5D; Wed, 25 Jan 2023 15:25:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NOBAgfiPJRvr; Wed, 25 Jan 2023 15:25:53 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2044.outbound.protection.outlook.com [40.107.8.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2204C14F721; Wed, 25 Jan 2023 15:25:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jy3jRh4I6slTj6vi4LxT/kzgpcDgtbmznxlyXM5jXbPmAmqhZ3kvQ9susBauzRQz07vLNfnWS/kErZAPoyALjohoixmN9iCSPWyF0exLZR53KkBc2wum1Z1iCseva5b0N7XwzEtbE6TdRxi+yiUGhU3F4wY+ZZAYkWCPtmlhIljffLlXHRxtDJAJoeVBjvTyzrLmo5YvJ/Y10WMxz7/FtH/9AH0iyNHube577mKAsIWY0xmyqJmTdV57e9vv3JEfHYxz+UfWJrecj72zGoXxqcsjIIzjLqJ01Uq9MOW9OBn/Lx0lT2tuHPRYU0bfopncFgI95Olc4oSU4cyvhRBaXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VdUR6ku4WxQNX/qx5vf9TdSPFTZXyySHgUYwhyIM9co=; b=iUEiPp8O22pGTKs8p9VXQzoGnOzXfzkv+VwdHWjjh4mSiMS6pb1x0YWpIY+y7Uh8wOJvrauiv0YT29TcnnIyoFLdT0Q7AMIPEou1oLbpUAYRrd7HeGWErgf8GGyin2C+iSYakOeD/wTORSSJTUUzegEV47CHeoHJ0KA0Q8z8J32UOFa5gdiTL+ZDfOpZTJV2VKeeQ+MCieIJ2FlbofDQtbBEApNrQcMZUJxR9QD+olpr3kF2CDAFQyTqbKxvmdugUM1qwyKkyj2qcxV7kU6IkmoyKej1WaXqgk4T94JxMWouGiyC2ZqozVbFw2DBH7pfoUFBt9WhldPz++Q1tTzScQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VdUR6ku4WxQNX/qx5vf9TdSPFTZXyySHgUYwhyIM9co=; b=To+3w2EK8vH1bR/L6rj9AiNIclVQRct5qbywErPgWkqsLSl0xdneVS8QYyRTEegfGmsUEu1QGQHxfFNOgHJZ5nkf6C5w/VLQx70AlttC5at5Sc7zZ13EhY76r3gJlevnnx8e/GCQewNbHDLIF/u41nJlyyf9kNa82dCFcGDa0Ag=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by PAXPR07MB7838.eurprd07.prod.outlook.com (2603:10a6:102:15e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6043.22; Wed, 25 Jan 2023 23:25:48 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::fc77:42d2:1bc6:ec49]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::fc77:42d2:1bc6:ec49%12]) with mapi id 15.20.6002.033; Wed, 25 Jan 2023 23:25:48 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Rafa Marin-Lopez <rafa@um.es>, "lake@ietf.org" <lake@ietf.org>, EMU WG <emu@ietf.org>
CC: Rafa Marin-Lopez <rafa@um.es>
Thread-Topic: [Lake] EDHOC rekey
Thread-Index: AQHZLox/6hQl89KuYkuVVFtuDVNbA66vy22i
Date: Wed, 25 Jan 2023 23:25:47 +0000
Message-ID: <HE1PR0701MB305059976C43A3A6B30FB1A289CE9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <4C655655-89F2-4274-81BC-BCF8C159136B@um.es>
In-Reply-To: <4C655655-89F2-4274-81BC-BCF8C159136B@um.es>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: HE1PR0701MB3050:EE_|PAXPR07MB7838:EE_
x-ms-office365-filtering-correlation-id: aa0efdca-7cca-4976-7da1-08daff2b7d76
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XcbPpoN0VRAwFf/N8hk9Cj2hdE3OUzQYlpoKdk7ermk/iqvQBCrCloF3FplwKKCR0UwhvV1TI3dO1OzcdxZ8WsOR6AX1qo9jjyizMbIBnTLc/tGI2toKaVfKc9Uahu3y1XAmoThJR/5MNyxalyoTcZTKZmDS4SK6D4OOAEQQRMe3FznofPSSMcwpF/wvXCk75BItKrX+K+sFXu0LTj2Q0DpR8V3MBR1DHlog2M5A3SnNIAOTROe2PtDeRW2qJX9VeGOocu+2CSWHedjIsJBDWch+3vsPLuwpvz/NhyfVOTZ8ET/JXyRnxY3BJM3ajmhDW01Rp0rdE2dyJu3Qgonc6fcbCF9dkO0b85S/1mBUMEcq8rlTwYAqrHmjiJK1p8+pj/WJODP0s0wqzBwOWapi38iuQ7wWfDwswotO6IpPtXuBe4Xu8Nu+nC8c1L8GpRLQ65ZFPRBvIzt22/1KWfFiJtRrVa2cq4W+ykWPxw9RA/Or/ffiwsTQ95g14iOGgXvp39bf04/1urfnT5BK3mQksVX9PrmfyXhD0NJON72Akw38LUCKdlsycP8nsprk+dBJccBZFwFT0oZnP1K3AIELA9Akuv22bLYDdOgk6uAk55ShV8R/ysveiHLMAXOakzEBXX6tjzb+ccdCWqGt0imbkO1BgbCwqy9XtZL15ss+HE6xVNmYK6AFTMsptghZd4VfGHYweY/QvIatrdEKCuG2b0nTi1xOoDQ76Rv/MBBWAg6IMskajQYUS8FGuWVuqYSyh9nSTLXYj8vlR1sRjGkKUQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(346002)(39860400002)(376002)(396003)(366004)(136003)(451199018)(38100700002)(122000001)(186003)(83380400001)(86362001)(76116006)(66476007)(66556008)(66446008)(64756008)(478600001)(4326008)(91956017)(66946007)(41300700001)(38070700005)(8936002)(966005)(55016003)(7696005)(110136005)(316002)(71200400001)(33656002)(8676002)(166002)(53546011)(6506007)(26005)(9686003)(5660300002)(44832011)(52536014)(2906002)(82960400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Uh6BfEJdl2ktbRuVPem8F72VxGlS1hRiso72ef8er+hfUPdINhqiY+ONu8A3HBJgb59NeiXDJWjtOFe8Sv5DIPRVrjsw5hC0xKrXjVeCyD0mt05hfq81fHnRd6UhPAyLgISuaO1GNULB2/In8qS48LtbwI4umq+1HFGOzbdmX9hW4VlsSsgHqST4qY/QVRtLCRlskPAr8waXK8kPwh7aYucC0nXU3qK3RlyWb9Zd+cHgm4a5WFzkYc01PA0O1Faro41vUUKAYll4vVRPMmXLUv5mijEvArzhmU4ah8Vd1SeWVzmhOE1NCGxVTr7oGszpfGjRCgicXFu7of4f3WmjGbpm07jWrQyaBO/B3vmVeVJ1H+bXzaFno/27ijl7KKNigTD/Z8h6VNvkqhhAsTEWdqn0YckWdzIxWgghIuGZ7jwS7xm6/LwXiUUT8HGPklg5Cf3VGrjhuE34zmZj3JIgANLmIi8DeonMnKbgzTDepudjWpJq+wMurrxFydUDliVVMUwa9yahZnThRcmegih2jY3lbekjrWNkEI6rpmdDF9d5SmgvF5yR5txtcYQyqB1ry/ihQOD1ebsSWHAsXuFjAQluH5lX85guYy1xAHX58qPnG9XEoHY2SHbgyFyQRJEPv27ppQFTwxHMMt4vDc1eaxEIRmELvQocMyWbi23GNuUCw8aYuo857d/Enal6VMOAkGwCOP1tRLzKhuGP9lf+Rm+3mbay12vh6ev+YiROsYv2n96u6WVUUqUVP0ey/aSKV97lFdS/Yj1jrBRH0AYKlSeytGpvbAt3mwwQlLYQEIFmdeKYJjJ1DOtv7Re3fVctAD7Tfz6fDkYIDbwu73O0Ll/tw0UKh1BTXkzjXtiTePfL9v50QwRKgoy4DeD5pPPaxUQXd9n6+MLmyFjJKkvYD6H8vxJ9DxzuB7vkTeT2TnGmUn+mEPqPLidc3ZmsYCRO05peBVy7aJQBvz9+tL/628+3K8BWmOdqjiRIT4HTKbnpbpywwvKe7ZsbvKHs1c+RNu7sjQM8vC80I4eF7QMvkFLI2GwLkUyN6ZeLPtYKX9ur4XLU32kYqz1WcrArAMDaH1BhaOWmJ0uOCuB7lblp0CNVTF9eLZTfA0QX2tONcGDrIqBlJyDNKEN+dKGiA2i+VAGRqS5TLHdOObQrUVQqXVDG3epYnc0iq30DiQSr8lxMRmC9pekehZGbZ5z109lpcYrGbD0u/EBM34GnCzAtyjF2Ycg480lMEKoZPQSSyXKJUh8o5Kf55GL1ix4qocEa8AlbFrU6CZVI/iNSH7YP93kFRsZWUQGOeY0aIhHQPbwvN8YnL4RPexVolfNwlW27pQesxacv2+p+HVItXBJW4hn18syIAQBmHD0IoVxQRcKxNkJJlZqcBBsU0sgRl2JXlEVSE4+zbhMvyz+EBcXHu1srCr1s1Z4X8XXetg5AxUTTWN+1sahGGULX3a+chROBmkk/ad12r+OIpPzyaAZUFlJWR7sfG/Ut4CtfG0Sol0BM3vYja1FUwlXICw2VRoOA5UQuz2DENY+WR+IQvqYkH2A1G8Phb+ulab5BvIcg5fqGk1z1xrOI3VcQAcic9iQgVEngJLz8gA8z/uGMWM1pcQc+u9T/VrwwahD9h6+4S1o=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB305059976C43A3A6B30FB1A289CE9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa0efdca-7cca-4976-7da1-08daff2b7d76
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2023 23:25:47.9315 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9zLJdxGZOy1/gEE7h6ubggmI4XeMScujr2Va9ReejuCeWF+V/AGXVgM/L4RQqpQqttMQG9GtcmDU3fUQML32zFiM47pVBLPWROWe4Ii+hUg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR07MB7838
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/MBz6qS3Ss8N8FGthojcoBL2hfB4>
Subject: Re: [Lake] EDHOC rekey
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2023 23:25:57 -0000

Hi Rafa,

Thanks for bringing up this question. I think this is a very good discussion to have at this point.

First discussion is probably why resumption is needed. I think there are three things that can be more optimized in a resumption.

- A) Message sizes in the protocol.
- B) Less asymetric operations in the protocol
- C) External things like fetching credentials from a database, revocation, path validation,

I think there are four ways to do this

- 1) EHDHOC is lightweight enough. Just redo full EDHOC. (similar to full handshake in TLS)
- 2) Use PSK with ECDHE (similar to psk_dhe_ke in TLS)
- 3) Use PSK with exchanged random values (similar to psk_ke in TLS)
- 4) Derive from PSK without new radnomness (similar to key update in TLS)

I don't think 4) is needed. 2) or 3) provides nice optimizations. 2) provides significantly better security than 3) KUDOS in CORE WG alrady provides 3) when EHDOC is used to key OSCORE.

I would suggest going 2) I think that is lightweight enough with a total of around 100 bytes for the three flights, a single asymmetric operation, and no need to fetch external authentication material.

3) would be ok to use for a short while, but then the recommendation would have to be to rerun 1). 2) you can rerun for a much longer time. All things considered 2) might therefore be more lightweight than 3).

PSK authentication suffers from tracking and fingerprinting when the psk identifier is reused. If 2) or 3) is is done there should be a good solution for how to provide client identity protection. One option is to derive a new random psk identifier in the full EDHOC as well as in the resumption:

   PSK           = EDHOC-KDF( PRK_4e3m, 10, TH_4,      psk_length )
   PSK_ID     = EDHOC-KDF( PRK_4e3m, 11, TH_4,      psk_id_length )

The Resonder could alternatively send an encrypted PSK_ID to the Initiator

Cheers,
John

From: Lake <lake-bounces@ietf.org> on behalf of Rafa Marin-Lopez <rafa@um.es>
Date: Sunday, 22 January 2023 at 19:08
To: lake@ietf.org <lake@ietf.org>, EMU WG <emu@ietf.org>
Cc: Rafa Marin-Lopez <rafa@um.es>
Subject: [Lake] EDHOC rekey
Dear LAKE WG, EMU WG members:

We are in the process of updating EAP-EDHOC I-D, which uses EDHOC inside an EAP authentication.

https://datatracker.ietf.org/doc/draft-ingles-eap-edhoc/

We have been discussing internally about a resumption mechanism. A simple way to define this is doing it in the context of EAP-EDHOC by using Appendix J EDHOC-KeyUpdate. Having said this, I think it would be worth considering an EDHOC rekey exchange (i.e. involving 1 RTT), as something similar as, for example, IKEv2 does. This has the advantage that can be used in contexts different than EAP-EDHOC.

Thus, it is not clear whether we should design this in the context of EAP-EDHOC or, on the contrary, LAKE WG could discuss this in the future. In my humble opinion, discussing this in LAKE WG could allow defining this EDHOC rekey protocol in such a way that could be used in different uses cases as a generic contribution, not just in EAP-EDHOC.

I would be willing to discuss (and contribute) if LAKE WG is in favor of considering this in the future.

Best Regards.
-------------------------------------------------------
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es<mailto:rafa@um.es>
-------------------------------------------------------

v2.23.0 | Report a Bug | By Email