IETF Logo Mail Archive

Re: [Tm-rid] HHIT trust proof for Auth messages

"Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com> Wed, 02 October 2019 20:04 UTC

Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7528312089A for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 13:04:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LPewuASZdGTg for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 13:04:16 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7178A1208D0 for <tm-rid@ietf.org>; Wed, 2 Oct 2019 13:04:16 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id c21so288620qtj.12 for <tm-rid@ietf.org>; Wed, 02 Oct 2019 13:04:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bDnqt/eCCNs4BH/c8sy1tEXtUfM08kWe6ompvAwqkAs=; b=HN3FJUNDLaNTv82Bhs/e3sU7CqQBbXWNxNhTpqigPRu3pHJ8Vv8QaepqPuFxaTjUa9 R4Mue9VqEoqWwZ5uG6WykYWR4iWio3kxClx7Lfbf5p75uhgZe9KOh7tpP6MzUpaiuC1y c4ksKkrGqpaP4SsPm6H9ZAlyBkgAyq5dkkLLM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bDnqt/eCCNs4BH/c8sy1tEXtUfM08kWe6ompvAwqkAs=; b=sXaMmBnFUPqqXALP2lTv8fW3N/r7elvzxDp7TmT9knfxscfGtKVtfR+1r7lCjfgBxF UGoJEQYYSAMMRl2UQZ39M8p2zpUmHl2ev9ivv3ftL2wc/eV5QTY636qrcfUBnf/dP364 ZA6AQ/+UTqoQmJd4bWrhFVuZIpn70NLrJZxbYVsvkLiBtyTo0Jyc6JfZH/4FzuDnWMQq XJpP9qzPYo+180yngw/dVG7aSGRjxbFAYOFWqJvtbPmVdzPQEIvN29xRonZWporqUIDg o4X1J2XV43p0MxyxW4Llg5MyGnNKswF7NjaWAL29LsUZKiZMsayGIM+32DEEY3/jAYUr 7dsg==
X-Gm-Message-State: APjAAAX+JhR+7T+nF+rm7mMmMvVdaI/Dx6WOUfXrdjvtoccBeemDk0Xh B71GWAWhNvjaB7VgUAF3Kf9YCi7FoJAiri6BX7tATOE2nw==
X-Google-Smtp-Source: APXvYqxFQQ9rdUCGPhR9HCoYss2AI4f5sBs2DsVNoElSetrq0npyrHEjkFh3TWmxGgbrhUQUoc4xXDeG1s/KzyA/9zQ=
X-Received: by 2002:ac8:7648:: with SMTP id i8mr6219739qtr.363.1570046655384; Wed, 02 Oct 2019 13:04:15 -0700 (PDT)
MIME-Version: 1.0
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com> <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com> <5994016b-0006-f45c-3f53-6094ed768b3c@labs.htt-consult.com>
In-Reply-To: <5994016b-0006-f45c-3f53-6094ed768b3c@labs.htt-consult.com>
From: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Date: Wed, 02 Oct 2019 16:04:04 -0400
Message-ID: <CA+r8TqU-nhUgLv_eGYMTh6kCoX6UnDH=4XznR168Pvp780==9g@mail.gmail.com>
To: Robert Moskowitz <rgm@labs.htt-consult.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002ce9140593f2f9fe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/Kt2V3RamkwqnLMDpeC9VT9SwA8s>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 20:04:28 -0000

While waiting for Gabriel to answer our emails I have been playing with
Reed-Solomon encoding with the message formats. I assume worst case
scenario of having only 5 pages to play with (the more I examine what I can
access for implementation the more convinced I am that this is the reality
of our situation) and I am using the above format to work out something
(specifically the shorter format as its the only one that fits currently).

The first page has 17 bytes of user data, which is just to HHIT. We can
also obtain this via the Basic ID message so I am not that worried about
loss here.
The next 3 pages contain the trusted timestamp (not terribly important but
useful information) and the HHIT Signature (very important). If we lose any
one of these packets the whole point of authentication is gone. We still
have one page left, that Bob has marked as "payload".

Assuming we want to run Reed-Solomon (and to my knowledge after doing some
internet search to understand it) we want an RS(92,69) with 8 bit symbols.
This will give us 23 bytes of parity that we would place into the "payload"
section and would protect the 3 signature pages from up to 11 errors. This
is assuming the following: RS(n,k) and 2t=n-k where; n=payload size, k=data
size, t=correctable errors. I used [1] as a reference to understand what I
was doing.

Bob, also note that while I know BT5 is an option I am constraining myself
to BT4 for the time being as it is widely available and I don't fully
understand BT5 Extended Message format at this time. I also want to develop
up into BT5 (after getting BT4 formatting in a good state) and not develop
down into BT4.

[1]
https://www.cs.cmu.edu/~guyb/realworld/reedsolomon/reed_solomon_codes.html

On Wed, Oct 2, 2019 at 8:40 AM Robert Moskowitz <rgm@labs.htt-consult.com>
wrote:

> Quickly,
>
> We have to find out why the reduction in size when BT5 is 255 bytes and
> the extended messages were designed to work in BT5.
>
> Bob
>
> On 10/1/19 12:12 PM, Wiethuechter, Adam wrote:
>
> All,
>
> Attached is a mock up of what Bob has here just in the new 0.8 version of
> the authentication message.
>
> There is a 23 byte payload limit or 25 bytes if we remove the reserved
> bytes and condense. I am unwilling to do this though as then the HHIT or
> Trust Timestamp fields would be fragmented across pages. Its already bad
> enough that the Trusted Timestamp and standard Timestamp fragment across
> the 32 bit boundary (within a page) and worse the signature across 3 whole
> pages already. While in practice this probably wouldn't affect much it
> makes it harder to understand/read I think.
>
> My concern, is that we are broadcasting over Bluetooth. There are 5 pages
> to the authentication message (from my understanding of the new standard).
> If we lose any one page it is most likely going to be a signature page (as
> it spans 3 whole pages) and there will be no way to achieve that which this
> format is intended for without the full signature. Perhaps the payload
> section that Bob marked in (and fills the final page of the authentication
> message) should be some sort of error correction on the signature?
>
> The second version I think is unattainable in the new format, unless
> someone here can defy the laws of physics and make numbers smaller than
> they actually are thus allowing more to fit within the 109 byte constrain
> of the message format.
>
> Questions, comments, concerns?
>
> On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz <
> rgm@labs.htt-consult.com> wrote:
>
>> And here is something I have been working on as condensed proof of HHIT
>> ownership objects that can be put into the auth messages.  I have not
>> done that yet, like Adam has:
>>
>>      <figure>
>>          <artwork>
>>     0                   1 2                   3
>>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |                                                               |
>>    | HHIT                              |
>> |                                                               |
>> |                                                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>    | TIMESTAMP                          |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |                                                               |
>>    | HHIT                              |
>>    | SIG                              |
>> .                                                               .
>> .                                                               .
>> .                                                               .
>> |                                                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>    / PAYLOAD                            /
>> /                                                               /
>>    / +-------------------------------+
>>    / |                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
>>    HHIT           16 byte HHIT of EdDSA25519 HI
>>    TIMESTAMP      4 byte packet trust until timestamp
>>    HHIT SIG       64 byte Signature of whole packet
>>    PAYLOAD        0 to n bytes of payload
>>        Length     84 + n bytes
>>          </artwork>
>>      </figure>
>>      <figure>
>>          <artwork>
>>     0                   1 2                   3
>>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |                                                               |
>>    |                            DEV HHIT                           |
>> |                                                               |
>> |                                                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>    | TIMESTAMP                          |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |                                                               |
>>    |                            DEV HHIT                           |
>>    | SIG                              |
>> .                                                               .
>> .                                                               .
>> .                                                               .
>> |                                                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |                                                               |
>>    |                              DEV HI                           |
>> |                                                               |
>> |                                                               |
>> |                                                               |
>> |                                                               |
>> |                                                               |
>> |                                                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>    |                         AUTH TIMESTAMP                        |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |                                                               |
>>    |                           AUTH HHIT                           |
>> |                                                               |
>> |                                                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |                                                               |
>>    | AUTH                               |
>>    | SIG                              |
>> .                                                               .
>> .                                                               .
>> .                                                               .
>> |                                                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>    / PAYLOAD                            /
>> /                                                               /
>>    / +-------------------------------+
>>    / |                               |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
>>    DEV HHIT       16 byte Dev HHIT of EdDSA25519 HI
>>    TIMESTAMP      4 byte packet trust until timestamp
>>    DEV HHIT SIG   64 byte Signature of whole packet
>>    DEV HI         32 byte Device HI of EdDSA25519 HI
>>    AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp
>>    AUTH HHIT      16 byte Authorizer's HHIT of EdDSA25519 HI
>>    AUTH SIG       64 byte Signature of Device HHIT-HI
>>    PAYLOAD        0 to n bytes of payload
>>        Length    200 + n bytes
>>          </artwork>
>>      </figure>
>>
>>    |             Type              | Length            |
>>
>> --
>> Tm-rid mailing list
>> Tm-rid@ietf.org
>> https://www.ietf.org/mailman/listinfo/tm-rid
>>
>
>
> --
> 73's,
> Adam T. Wiethuechter
>
>
> --
> Robert Moskowitz
> Owner
> HTT Consulting
> C:      248-219-2059
> F:      248-968-2824
> E:      rgm@labs.htt-consult.com
>
> There's no limit to what can be accomplished if it doesn't matter who gets
> the credit
>


-- 
73's,
Adam T. Wiethuechter

v2.23.0 | Report a Bug | By Email