IETF Logo Mail Archive

Re: [Tm-rid] HHIT trust proof for Auth messages

"Card, Stu" <stu.card@axenterprize.com> Wed, 02 October 2019 20:13 UTC

Return-Path: <stu.card@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EA6512002F for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 13:13:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pyKlW-Id-nPM for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 13:13:39 -0700 (PDT)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC479120018 for <tm-rid@ietf.org>; Wed, 2 Oct 2019 13:13:39 -0700 (PDT)
Received: by mail-io1-xd2d.google.com with SMTP id a1so262763ioc.6 for <tm-rid@ietf.org>; Wed, 02 Oct 2019 13:13:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mJTPz9dzIjrCSoadOOO50/LUJus6jq5skW92PEVAULA=; b=CpoX/PQklcgJuQk5hmVPw/vLx5MhRNeI+MmwTz5Sc4d5pameW/COufm+R1mk22UosC zzK3H7k2j1fsTeSPJ3XfWkhfTJw65Vp/rxYXF0YhGs1D7nH8KrQ33pJC82DLx/9MmnBP NyvFw+w9UwYjrXh5EBn+4ibYKwa7b/hXiZo0M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mJTPz9dzIjrCSoadOOO50/LUJus6jq5skW92PEVAULA=; b=ZeH7O07+CHyv4I5eSRCdgvDWuS64LJJ2l8cVGrNDHzQzbBwITiLIEFC6yoOAX9mK3s ttVSUKbC+h0vDvBWCxHIUQGXgHbOIxNmc3pDFFHU8HV0OAeA5cnhoiHL4lVuBc2OaRMA Bhc54EAqTPiPgwxil3PHkcaTht7FvlF6RqXfvV4FmGLedFjoHxhN/c+mDkxOu7cI1nPN IeU4MtOeOY0V7C+K5OCDc2XtXw9/3iPN00gISmFIEvOekbwjQhFU0jqeTNmkmhf42z6b DMburO74zEth2cK4OwaNURXTb9iT4GOlz77hUfyHAzgxXwjbWMBgSU/L3sjuvaCSoIu8 lomQ==
X-Gm-Message-State: APjAAAVIj59OkCopjoJqyQvd6NCed7/D177oifkARgBgCtgihKgMyll5 Oe9P82noSwlDFnzd61lKwLCOYqZPuThY/F2LZMNE7Qjz
X-Google-Smtp-Source: APXvYqx3CldGoYHx+oB7gEZfmaa8QNwRsRuEe260663v+IWSVb9Arh7H+T4MI3s3BRqH4Q9VzNltwi84dw+cloFI/Bk=
X-Received: by 2002:a6b:fe09:: with SMTP id x9mr4860472ioh.144.1570047218819; Wed, 02 Oct 2019 13:13:38 -0700 (PDT)
MIME-Version: 1.0
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com> <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com> <5994016b-0006-f45c-3f53-6094ed768b3c@labs.htt-consult.com> <CA+r8TqU-nhUgLv_eGYMTh6kCoX6UnDH=4XznR168Pvp780==9g@mail.gmail.com>
In-Reply-To: <CA+r8TqU-nhUgLv_eGYMTh6kCoX6UnDH=4XznR168Pvp780==9g@mail.gmail.com>
From: "Card, Stu" <stu.card@axenterprize.com>
Date: Wed, 02 Oct 2019 16:13:26 -0400
Message-ID: <CAKM0pYMooE9AP0gWGPW-zwJRd8XT65kn-+V9wJ2k-gRfpoMP0Q@mail.gmail.com>
To: Adam Wiethuechter <Adam.Wiethuechter@axenterprize.com>
Cc: Robert Moskowitz <rgm@labs.htt-consult.com>, tm-rid@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c2421d0593f31a48"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/QyaoEmH6NE0C6fRJaEP32NjrZUI>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 20:13:42 -0000

We can do better than that. We are not dealing with random byte errors in
unknown locations but rather the loss of an entire BT frame, the location
of which will be known due to the missing sequence number. Thus one 23 byte
Reed-Solomon check frame can correct for the loss of one 23 byte data frame.

On Wed, Oct 2, 2019, 16:04 Wiethuechter, Adam <
adam.wiethuechter@axenterprize.com> wrote:

> While waiting for Gabriel to answer our emails I have been playing with
> Reed-Solomon encoding with the message formats. I assume worst case
> scenario of having only 5 pages to play with (the more I examine what I can
> access for implementation the more convinced I am that this is the reality
> of our situation) and I am using the above format to work out something
> (specifically the shorter format as its the only one that fits currently).
>
> The first page has 17 bytes of user data, which is just to HHIT. We can
> also obtain this via the Basic ID message so I am not that worried about
> loss here.
> The next 3 pages contain the trusted timestamp (not terribly important but
> useful information) and the HHIT Signature (very important). If we lose any
> one of these packets the whole point of authentication is gone. We still
> have one page left, that Bob has marked as "payload".
>
> Assuming we want to run Reed-Solomon (and to my knowledge after doing some
> internet search to understand it) we want an RS(92,69) with 8 bit symbols.
> This will give us 23 bytes of parity that we would place into the "payload"
> section and would protect the 3 signature pages from up to 11 errors. This
> is assuming the following: RS(n,k) and 2t=n-k where; n=payload size, k=data
> size, t=correctable errors. I used [1] as a reference to understand what I
> was doing.
>
> Bob, also note that while I know BT5 is an option I am constraining myself
> to BT4 for the time being as it is widely available and I don't fully
> understand BT5 Extended Message format at this time. I also want to develop
> up into BT5 (after getting BT4 formatting in a good state) and not develop
> down into BT4.
>
> [1]
> https://www.cs.cmu.edu/~guyb/realworld/reedsolomon/reed_solomon_codes.html
>
> On Wed, Oct 2, 2019 at 8:40 AM Robert Moskowitz <rgm@labs.htt-consult.com>
> wrote:
>
>> Quickly,
>>
>> We have to find out why the reduction in size when BT5 is 255 bytes and
>> the extended messages were designed to work in BT5.
>>
>> Bob
>>
>> On 10/1/19 12:12 PM, Wiethuechter, Adam wrote:
>>
>> All,
>>
>> Attached is a mock up of what Bob has here just in the new 0.8 version of
>> the authentication message.
>>
>> There is a 23 byte payload limit or 25 bytes if we remove the reserved
>> bytes and condense. I am unwilling to do this though as then the HHIT or
>> Trust Timestamp fields would be fragmented across pages. Its already bad
>> enough that the Trusted Timestamp and standard Timestamp fragment across
>> the 32 bit boundary (within a page) and worse the signature across 3 whole
>> pages already. While in practice this probably wouldn't affect much it
>> makes it harder to understand/read I think.
>>
>> My concern, is that we are broadcasting over Bluetooth. There are 5 pages
>> to the authentication message (from my understanding of the new standard).
>> If we lose any one page it is most likely going to be a signature page (as
>> it spans 3 whole pages) and there will be no way to achieve that which this
>> format is intended for without the full signature. Perhaps the payload
>> section that Bob marked in (and fills the final page of the authentication
>> message) should be some sort of error correction on the signature?
>>
>> The second version I think is unattainable in the new format, unless
>> someone here can defy the laws of physics and make numbers smaller than
>> they actually are thus allowing more to fit within the 109 byte constrain
>> of the message format.
>>
>> Questions, comments, concerns?
>>
>> On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz <
>> rgm@labs.htt-consult.com> wrote:
>>
>>> And here is something I have been working on as condensed proof of HHIT
>>> ownership objects that can be put into the auth messages.  I have not
>>> done that yet, like Adam has:
>>>
>>>      <figure>
>>>          <artwork>
>>>     0                   1 2                   3
>>>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    | HHIT                              |
>>> |                                                               |
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    | TIMESTAMP                          |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    | HHIT                              |
>>>    | SIG                              |
>>> .                                                               .
>>> .                                                               .
>>> .                                                               .
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    / PAYLOAD                            /
>>> /                                                               /
>>>    / +-------------------------------+
>>>    / |                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>
>>>    HHIT           16 byte HHIT of EdDSA25519 HI
>>>    TIMESTAMP      4 byte packet trust until timestamp
>>>    HHIT SIG       64 byte Signature of whole packet
>>>    PAYLOAD        0 to n bytes of payload
>>>        Length     84 + n bytes
>>>          </artwork>
>>>      </figure>
>>>      <figure>
>>>          <artwork>
>>>     0                   1 2                   3
>>>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    |                            DEV HHIT                           |
>>> |                                                               |
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    | TIMESTAMP                          |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    |                            DEV HHIT                           |
>>>    | SIG                              |
>>> .                                                               .
>>> .                                                               .
>>> .                                                               .
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    |                              DEV HI                           |
>>> |                                                               |
>>> |                                                               |
>>> |                                                               |
>>> |                                                               |
>>> |                                                               |
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    |                         AUTH TIMESTAMP                        |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    |                           AUTH HHIT                           |
>>> |                                                               |
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    | AUTH                               |
>>>    | SIG                              |
>>> .                                                               .
>>> .                                                               .
>>> .                                                               .
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    / PAYLOAD                            /
>>> /                                                               /
>>>    / +-------------------------------+
>>>    / |                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>
>>>    DEV HHIT       16 byte Dev HHIT of EdDSA25519 HI
>>>    TIMESTAMP      4 byte packet trust until timestamp
>>>    DEV HHIT SIG   64 byte Signature of whole packet
>>>    DEV HI         32 byte Device HI of EdDSA25519 HI
>>>    AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp
>>>    AUTH HHIT      16 byte Authorizer's HHIT of EdDSA25519 HI
>>>    AUTH SIG       64 byte Signature of Device HHIT-HI
>>>    PAYLOAD        0 to n bytes of payload
>>>        Length    200 + n bytes
>>>          </artwork>
>>>      </figure>
>>>
>>>    |             Type              | Length            |
>>>
>>> --
>>> Tm-rid mailing list
>>> Tm-rid@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tm-rid
>>>
>>
>>
>> --
>> 73's,
>> Adam T. Wiethuechter
>>
>>
>> --
>> Robert Moskowitz
>> Owner
>> HTT Consulting
>> C:      248-219-2059
>> F:      248-968-2824
>> E:      rgm@labs.htt-consult.com
>>
>> There's no limit to what can be accomplished if it doesn't matter who
>> gets the credit
>>
>
>
> --
> 73's,
> Adam T. Wiethuechter
> --
> Tm-rid mailing list
> Tm-rid@ietf.org
> https://www.ietf.org/mailman/listinfo/tm-rid
>

v2.23.0 | Report a Bug | By Email