IETF Logo Mail Archive

Re: [Tm-rid] HHIT trust proof for Auth messages

"Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com> Thu, 03 October 2019 19:46 UTC

Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20A6E1200B7 for <tm-rid@ietfa.amsl.com>; Thu, 3 Oct 2019 12:46:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id utsinDq3oMOB for <tm-rid@ietfa.amsl.com>; Thu, 3 Oct 2019 12:46:18 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 770DC120098 for <tm-rid@ietf.org>; Thu, 3 Oct 2019 12:46:18 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id u184so3610524qkd.4 for <tm-rid@ietf.org>; Thu, 03 Oct 2019 12:46:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TBbFPAvbaDmo67T2d9FI1d7DHmSvNwCH1ThILWFDAC8=; b=VBQq3gtx8R1K0Ao/8PR2ntmAa0nAWgOXvQ7jV6KX9MppiKxrmM4pAIZoYOrJTz8K50 SxgC4L8ZQ3PxzUU1J3bbLHHQNf8b3tTw/OT/GaYCtyFUwdZabFBSLloLhqJnOhH24Lb3 krVhqIufyKGU7/cnUincXy8CJNdlu2fAshp4o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TBbFPAvbaDmo67T2d9FI1d7DHmSvNwCH1ThILWFDAC8=; b=g8AB8QyhXbH4Y9yK5tFauZIWsY5iJFA+8xA6BEtmkQ8lHNRQPyDwMmRT+LiCOAhxHZ WNRNl1kzyIqLnBYvYYM0tIA5oxgQQFwBnisxo8KsKA5kbZRuKs5OO8iUbsFEhOebtPTV wvuL6TaPsexNmSksx5sH9rkZefKofR0hV5wDBjoHo9qXLqJG8C33tg8EoqvZwq05MTww k2NcUhzE+cGEZ5YhYv2Quw/tyCnYre8XqZ0u4sLyb9N+IbNq3jLDc+SKlHozOGpubLMj L2o5RioJezowVBhAmOAGJLVNzToThSP2fM8iifLvuaNvk22fzv6FF+4JNKqKcWvaE1gQ Aprg==
X-Gm-Message-State: APjAAAXtoKKbadSJm4cIneCSVCJL2ba92pdwAdGUhPH0E0xLTE650zJJ nmG5F0KXBtGkQKRbXxYi0WEH32RW5+VwFjnkdrzvm9E=
X-Google-Smtp-Source: APXvYqzsfyOdIuZF1/zzlKCv4jKHFgUykURwjJVQB0BBfrxnbQ16dQsD9sjseSDtTIw8QVfQPYwqlYATQuUzjs/oqak=
X-Received: by 2002:a37:a106:: with SMTP id k6mr6054143qke.158.1570131977394; Thu, 03 Oct 2019 12:46:17 -0700 (PDT)
MIME-Version: 1.0
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com> <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com> <5994016b-0006-f45c-3f53-6094ed768b3c@labs.htt-consult.com> <CA+r8TqU-nhUgLv_eGYMTh6kCoX6UnDH=4XznR168Pvp780==9g@mail.gmail.com> <e6c8facf-3c96-5c29-bd75-30ed09594d41@labs.htt-consult.com>
In-Reply-To: <e6c8facf-3c96-5c29-bd75-30ed09594d41@labs.htt-consult.com>
From: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Date: Thu, 03 Oct 2019 15:46:06 -0400
Message-ID: <CA+r8TqXRE3uR7TcqXCbuKTBQsvniFS1312mvbZQnfgThbPZH=w@mail.gmail.com>
To: Robert Moskowitz <rgm@labs.htt-consult.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c372cb059406d6a5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/eQ5bEChSciqPmnAXFbwFOHJ42hQ>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 19:46:23 -0000

Bob,

It was never my intention to removed the HHIT from the authentication
message for the reasons you just stated. This was a miscommunication on my
part. It also stemmed from my misunderstanding of FEC in general and how
they work.

Michael,

Stu sat down with me today and gave me a brief explanation of FECs and his
approach he was thinking and pointing out the flaw that you also noticed. I
still need to understand his idea a bit better to get it down in
writing/format but I am getting there.

On a more general note; the ASTM proposed standard I can confirm is 5 pages
long (17 + 23 *4 = 109 bytes). The reasoning behind this and possible paths
forward are still being looked at.

On Thu, Oct 3, 2019 at 9:09 AM Robert Moskowitz <rgm@labs.htt-consult.com>
wrote:

>
>
> On 10/2/19 4:04 PM, Wiethuechter, Adam wrote:
>
> While waiting for Gabriel to answer our emails I have been playing with
> Reed-Solomon encoding with the message formats. I assume worst case
> scenario of having only 5 pages to play with (the more I examine what I can
> access for implementation the more convinced I am that this is the reality
> of our situation) and I am using the above format to work out something
> (specifically the shorter format as its the only one that fits currently).
>
> The first page has 17 bytes of user data, which is just to HHIT. We can
> also obtain this via the Basic ID message so I am not that worried about
> loss here.
>
>
> I do not want to rely on the Basic ID Message for the HHIT.  It is an
> opening for attacks.  The adversary sends Basic ID Messages with the UAS's
> MAC addr but some other HHIT.  This confuses the ground observer on what
> HHIT to use to verify the signed message.  Better to include the 16 bytes
> of the UAS HHIT.
>
> The next 3 pages contain the trusted timestamp (not terribly important but
> useful information) and the HHIT Signature (very important). If we lose any
> one of these packets the whole point of authentication is gone. We still
> have one page left, that Bob has marked as "payload".
>
> Assuming we want to run Reed-Solomon (and to my knowledge after doing some
> internet search to understand it) we want an RS(92,69) with 8 bit symbols.
> This will give us 23 bytes of parity that we would place into the "payload"
> section and would protect the 3 signature pages from up to 11 errors. This
> is assuming the following: RS(n,k) and 2t=n-k where; n=payload size, k=data
> size, t=correctable errors. I used [1] as a reference to understand what I
> was doing.
>
> Bob, also note that while I know BT5 is an option I am constraining myself
> to BT4 for the time being as it is widely available and I don't fully
> understand BT5 Extended Message format at this time. I also want to develop
> up into BT5 (after getting BT4 formatting in a good state) and not develop
> down into BT4.
>
> [1]
> https://www.cs.cmu.edu/~guyb/realworld/reedsolomon/reed_solomon_codes.html
>
> On Wed, Oct 2, 2019 at 8:40 AM Robert Moskowitz <rgm@labs.htt-consult.com>
> wrote:
>
>> Quickly,
>>
>> We have to find out why the reduction in size when BT5 is 255 bytes and
>> the extended messages were designed to work in BT5.
>>
>> Bob
>>
>> On 10/1/19 12:12 PM, Wiethuechter, Adam wrote:
>>
>> All,
>>
>> Attached is a mock up of what Bob has here just in the new 0.8 version of
>> the authentication message.
>>
>> There is a 23 byte payload limit or 25 bytes if we remove the reserved
>> bytes and condense. I am unwilling to do this though as then the HHIT or
>> Trust Timestamp fields would be fragmented across pages. Its already bad
>> enough that the Trusted Timestamp and standard Timestamp fragment across
>> the 32 bit boundary (within a page) and worse the signature across 3 whole
>> pages already. While in practice this probably wouldn't affect much it
>> makes it harder to understand/read I think.
>>
>> My concern, is that we are broadcasting over Bluetooth. There are 5 pages
>> to the authentication message (from my understanding of the new standard).
>> If we lose any one page it is most likely going to be a signature page (as
>> it spans 3 whole pages) and there will be no way to achieve that which this
>> format is intended for without the full signature. Perhaps the payload
>> section that Bob marked in (and fills the final page of the authentication
>> message) should be some sort of error correction on the signature?
>>
>> The second version I think is unattainable in the new format, unless
>> someone here can defy the laws of physics and make numbers smaller than
>> they actually are thus allowing more to fit within the 109 byte constrain
>> of the message format.
>>
>> Questions, comments, concerns?
>>
>> On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz <
>> rgm@labs.htt-consult.com> wrote:
>>
>>> And here is something I have been working on as condensed proof of HHIT
>>> ownership objects that can be put into the auth messages.  I have not
>>> done that yet, like Adam has:
>>>
>>>      <figure>
>>>          <artwork>
>>>     0                   1 2                   3
>>>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    | HHIT                              |
>>> |                                                               |
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    | TIMESTAMP                          |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    | HHIT                              |
>>>    | SIG                              |
>>> .                                                               .
>>> .                                                               .
>>> .                                                               .
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    / PAYLOAD                            /
>>> /                                                               /
>>>    / +-------------------------------+
>>>    / |                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>
>>>    HHIT           16 byte HHIT of EdDSA25519 HI
>>>    TIMESTAMP      4 byte packet trust until timestamp
>>>    HHIT SIG       64 byte Signature of whole packet
>>>    PAYLOAD        0 to n bytes of payload
>>>        Length     84 + n bytes
>>>          </artwork>
>>>      </figure>
>>>      <figure>
>>>          <artwork>
>>>     0                   1 2                   3
>>>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    |                            DEV HHIT                           |
>>> |                                                               |
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    | TIMESTAMP                          |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    |                            DEV HHIT                           |
>>>    | SIG                              |
>>> .                                                               .
>>> .                                                               .
>>> .                                                               .
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    |                              DEV HI                           |
>>> |                                                               |
>>> |                                                               |
>>> |                                                               |
>>> |                                                               |
>>> |                                                               |
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    |                         AUTH TIMESTAMP                        |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    |                           AUTH HHIT                           |
>>> |                                                               |
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |                                                               |
>>>    | AUTH                               |
>>>    | SIG                              |
>>> .                                                               .
>>> .                                                               .
>>> .                                                               .
>>> |                                                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>    / PAYLOAD                            /
>>> /                                                               /
>>>    / +-------------------------------+
>>>    / |                               |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>
>>>    DEV HHIT       16 byte Dev HHIT of EdDSA25519 HI
>>>    TIMESTAMP      4 byte packet trust until timestamp
>>>    DEV HHIT SIG   64 byte Signature of whole packet
>>>    DEV HI         32 byte Device HI of EdDSA25519 HI
>>>    AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp
>>>    AUTH HHIT      16 byte Authorizer's HHIT of EdDSA25519 HI
>>>    AUTH SIG       64 byte Signature of Device HHIT-HI
>>>    PAYLOAD        0 to n bytes of payload
>>>        Length    200 + n bytes
>>>          </artwork>
>>>      </figure>
>>>
>>>    |             Type              | Length            |
>>>
>>> --
>>> Tm-rid mailing list
>>> Tm-rid@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tm-rid
>>>
>>
>>
>> --
>> 73's,
>> Adam T. Wiethuechter
>>
>>
>> --
>> Robert Moskowitz
>> Owner
>> HTT Consulting
>> C:      248-219-2059
>> F:      248-968-2824
>> E:      rgm@labs.htt-consult.com
>>
>> There's no limit to what can be accomplished if it doesn't matter who
>> gets the credit
>>
>
>
> --
> 73's,
> Adam T. Wiethuechter
>
>
> --
> Robert Moskowitz
> Owner
> HTT Consulting
> C:      248-219-2059
> F:      248-968-2824
> E:      rgm@labs.htt-consult.com
>
> There's no limit to what can be accomplished if it doesn't matter who gets
> the credit
>


-- 
73's,
Adam T. Wiethuechter

v2.23.0 | Report a Bug | By Email