Re: [perpass] privacy implications of UUIDs for IoT devices
Joseph Lorenzo Hall <joe@cdt.org> Fri, 07 October 2016 13:49 UTC
Return-Path: <jhall@cdt.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 0AF93129464
for <perpass@ietfa.amsl.com>; Fri, 7 Oct 2016 06:49:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id HDiBRHwAKTTY for <perpass@ietfa.amsl.com>;
Fri, 7 Oct 2016 06:48:59 -0700 (PDT)
Received: from mail-ua0-x22c.google.com (mail-ua0-x22c.google.com
[IPv6:2607:f8b0:400c:c08::22c])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id D1D011295E3
for <perpass@ietf.org>; Fri, 7 Oct 2016 06:48:58 -0700 (PDT)
Received: by mail-ua0-x22c.google.com with SMTP id u68so45303448uau.2
for <perpass@ietf.org>; Fri, 07 Oct 2016 06:48:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=ZuNTC6FO9c9hjaBXbYRATmxeQ6d1YvKR2PvUEycg2kk=;
b=YX+u0Ca6m2UvgTnXfpmNRXTgUAdg4TPSvgaiI7cjrUakvl42e860kRo6AyLhOCxHg3
knV4ySHVnWEbwUUwGL6S8HjK0iL4DrmldN8TvS2JIv1nEqsV5F7D6EFFQk5WvEx5Fap0
q4MYaBEih8TKcAG8FNIgKRao/x/uDUkAPZ710=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=ZuNTC6FO9c9hjaBXbYRATmxeQ6d1YvKR2PvUEycg2kk=;
b=XpWMk9xOmSYmtgOvLw3Wbm2qUSvd5HoftMiEE7o+iZOCfq/ddBJQ0qPbO/E9AIQeZa
AtCYDt3rDfLUk9MuqSQhCLuO8YK2BZ6XNhvtAt1vfEyH+R6zLZ96VOOMfxVwvA8yZNh/
zpsWLCoyFjlX+uVfddXwUX3MS+bAa1OD5Cb5wfjoVWjNFIkfUmOoAix1J9i0m4FPBhQA
U3YRaSjtlh4mefQ6j5rla0EqBwaWjJ80It/tv1jj222uW2/lqA5WKZaYCAKXrHek8g6A
JgD9RdajkExvrSt4VYg47H9/xcWamHP6MSuNyZkXi1Vr7Tsiqj4oiFsVUl+PmBzhtJCL
RmCw==
X-Gm-Message-State: AA6/9RkRZuXNAgCsVGwhJ1tYntc+WEwQ1PG55SCHEBqoq/8gArf6tAtcmto1xrkFPSVsIy/Aa05mPQA073jBKUJT
X-Received: by 10.176.81.56 with SMTP id e53mr15115003uaa.160.1475848137899;
Fri, 07 Oct 2016 06:48:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.33.208 with HTTP; Fri, 7 Oct 2016 06:48:37 -0700 (PDT)
In-Reply-To: <02aa01d2203b$e7e3a1e0$b7aae5a0$@huitema.net>
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie>
<db516334-43ab-e967-cfd5-87d920b65015@filament.com>
<8195a761-9714-df53-0c42-43bac757b203@gmail.com>
<029701d21f6d$ab5e5c70$021b1550$@huitema.net>
<30295.1475762265@obiwan.sandelman.ca>
<02aa01d2203b$e7e3a1e0$b7aae5a0$@huitema.net>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Fri, 7 Oct 2016 09:48:37 -0400
Message-ID: <CABtrr-UsaodExninLentHBFYBsJ1MBBT9bpmE6GtAM0ighyT+g@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Content-Type: multipart/alternative; boundary=94eb2c190c540091af053e46ac5e
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/xikpiPYg1cv8ENG2ROWnmRebXUg>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, perpass <perpass@ietf.org>
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. "
<perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>,
<mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>,
<mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 13:49:01 -0000
The Eddystone ephemeral identifier for BLE work from Google may be of interest to some here (doesn't solve cases of unknown neighbors): https://developers.google.com/beacons/eddystone-eid On Thu, Oct 6, 2016 at 9:41 PM, Christian Huitema <huitema@huitema.net> wrote: > > On Thursday, October 6, 2016 6:58 AM, Michael Richardson wrote: > > > > ... > > I'd love to find a way to send the identifier only to an authorized > operator, > > which is resistant to an active MITM, given that the new device (the > pledge) > > doesn't know who the authorized operator is yet. > > We are looking at that in the pairing draft in DNSSD > (https://tools.ietf.org/html/draft-kaiser-dnssd-pairing-00). The > hypothesis > is that the two paired devices can display a short authentication string, > e.g. 6-7 digits. Given that, we can establish a TLS connection without > prior > credentials between the two parties, with a probability 99.9999% that any > MITM attempt will be detected. But the two parties have to be able to "see" > the string display on the other device and compare it to the local one. > ZRTP > uses the same algorithm to detect MITM in audio connection, probably > assuming that the parties will read the string over the audio channel and > that the MITM cannot really rework the audio in real time. > > There is another trick, used in the privacy extensions to DNS-SD > (https://tools.ietf.org/html/draft-huitema-dnssd-privacy-02). Use TLS PSK, > or better yet TLS/ECDH/PSK. Instead of PSK ID, send a puzzle that can only > be solved by parties knowing the PSK, e.g. nonce + hash (nonce, PSK). That > guarantees connection without MITM, and also without disclosure of the > identities to third parties. Problem, it scales as O(number of PSK) known > by > the server. We could probably devse an extension of that using public key > technology. > > -- Christian Huitema > > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 Tech Prom, CDT's Annual Dinner, is April 20, 2017! https://cdt.org/annual-dinner
- [perpass] privacy implications of UUIDs for IoT d… Peter Saint-Andre - Filament
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… John Levine
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Hugo Maxwell Connery
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Joseph Lorenzo Hall
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Eitan Adler
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Ross Schulman
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter