Re: [Sframe] Inquiry about matrix authentication in SFrame
Richard Barnes <rlb@ipv.sx> Wed, 27 September 2023 13:15 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E17AC151551 for <sframe@ietfa.amsl.com>; Wed, 27 Sep 2023 06:15:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bXQMae6OBg8C for <sframe@ietfa.amsl.com>; Wed, 27 Sep 2023 06:15:51 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB335C15155B for <sframe@ietf.org>; Wed, 27 Sep 2023 06:15:51 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2bffd6c1460so174466971fa.3 for <sframe@ietf.org>; Wed, 27 Sep 2023 06:15:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1695820549; x=1696425349; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5SDpchvYyjuOQGZa4mm0WLBYfIZtgogoap330v9bfkk=; b=eC8q1aopPghiseBMM1S4shsX8KwmZnwTXqhMzCJ/+GaLY1q4e1k7/99adHmjLnTPDw D5ttbfOu7EUAj2SnFvthudBbWKe+uMUjcKKpQx1qxgVh4Lj+qbWIbEiDuL48vv+zgk4b YDM1UaeOJy90InhFXkpkAydZgiyfm3Yfl1fobgogGzoKwzZ7I4noj9h1g7/EGOiPIVmq CVWwlM6+ujr3iFr+tqQ6WLqOSMKKdjh0GZ3yukgfuSo+tvMs9cBMdR+E4N0cqrmt4vmR D0jsk3UOBPm8EFh5Jc5NNa5QcCgPXr/7BXSinkEo7X+JlUKX520qObsNmQEL9k9pljy5 imkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695820549; x=1696425349; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5SDpchvYyjuOQGZa4mm0WLBYfIZtgogoap330v9bfkk=; b=Cnq5K+JEoScVQ55pMVfVd3C3ZcOT3ndjw9+ANwNYTlEDfB2CVLvFE899NqjPD6FUOE Vc1IvzVp6md8K7IDmPGCepgfg/tMIPCNMsIW+jh8ISGjFDShyRN7koO8ZjDv/Cp+DbTx smcEPqSlRPl0tn6bGK28Q+Mx2cEXRrj6RCQti5hC4O4FOrLMRTGSiniNoCMVlia/5Xq4 oMiVIZfc/sNXMTUw/851DwKO/6H+nKZyNAK32pa6PF61MPXZGaH5f1lvt0SKjJYj1K2S WjIlV9KBMOgpYCYHwZSbFgJlyViYvy+SDP5ICjndZiXMX1O/7RRJ7GVpZOUIrXbcBFMm L/4A==
X-Gm-Message-State: AOJu0YxbnkNyq1EwRCxv6vdSA7nGNAlulha6nyOAaSXBWKr+cF4XmgAd +JO6YC0KL/63NJGjcfKrsFmJY+zsxs4lPfsPZ4ie4otBHdnRvjMY6dc=
X-Google-Smtp-Source: AGHT+IFWCvJRJyg73LB3LTiG70NKJMciSYEi/E3cQvwEEGDWwCRidaTF24X15ZMAwXtK1XCg+FspgozHOfgeOaOaDk8=
X-Received: by 2002:a2e:9897:0:b0:2bc:ee89:6976 with SMTP id b23-20020a2e9897000000b002bcee896976mr1914671ljj.24.1695820549263; Wed, 27 Sep 2023 06:15:49 -0700 (PDT)
MIME-Version: 1.0
References: <CAGSk29fZfZp=twfy=ewt9aXA-LC=OK8=H0Jr29EhvVci-QvMaQ@mail.gmail.com>
In-Reply-To: <CAGSk29fZfZp=twfy=ewt9aXA-LC=OK8=H0Jr29EhvVci-QvMaQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 27 Sep 2023 09:15:38 -0400
Message-ID: <CAL02cgRt9EOAn7tPTa2CthXtAy6HysBWxKft_+dmivESzdOiKA@mail.gmail.com>
To: 酒見由美 <yumi.sakemi@gmo-cybersecurity.com>
Cc: sframe@ietf.org, Satoru Kanno <satoru.kanno@gmo-cybersecurity.com>
Content-Type: multipart/alternative; boundary="000000000000713630060656fd4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/XT3WX4t6wbcL4raIaVMQ_JoynbU>
Subject: Re: [Sframe] Inquiry about matrix authentication in SFrame
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Sep 2023 13:15:56 -0000
Hi Yumi, Sorry for the delayed reply. I may have mis-spoken at the side meeting; "matrix authentication" does not exist. The authentication that SFrame provides is typical symmetric-key authentication, of the sort that HMAC or an AEAD function provides. In a group setting, that means that a receiver is assured that media came from the sender **or any other receiver**, since the sender and the receivers all have the same symmetric key. Additional authentication properties can be added by virtue of the method used for distributing SFrame base keys. For example, in the MLS-based key distribution scenario described in the document, the senders and receivers authenticate to each other in MLS, using public-key credentials. So each receiver can authenticate identities for the other senders/receivers at the MLS layer, but at the SFrame layer, a receiver could still spoof packets as if they were from a sender. Hope that helps, --Richard On Wed, Aug 30, 2023 at 1:31 AM 酒見由美 <yumi.sakemi@gmo-cybersecurity.com> wrote: > Dear Richard and members participating in the SFrame side meeting at > IETF117 > > I participated in talking about efficient (low-latency) hashing > algorithms at the SFrame side meeting at IETF117. > Thank you for allowing me to talk there. > > At the side meeting, I talked about it because I expected that > ultra-low latency cryptography "Areion," which my team is focusing on, > would help make SFrame more secure. > > As a comment at that time, Richard shared information that while > SFrame does not have per-sender authentication, it has introduced a > technique called matrix authentication. > Since then, I have read the SFrame I-D and other documents, but I need > help finding information about features and mechanisms of matrix > authentication. > > Therefore, I would appreciate it if you could share any papers or > documents on Matrix Authentication. > > Best regards, > Yumi > > -- > Yumi Sakemi, Ph. D. > GMO Cyber Security by IERAE, Inc. > yumi.sakemi@gmo-cybersecurity.com >