Re: [Tm-rid] HHIT trust proof for Auth messages
Robert Moskowitz <rgm@labs.htt-consult.com> Wed, 02 October 2019 21:20 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D710412004C for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 14:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVHzxY4Vwshq for <tm-rid@ietfa.amsl.com>; Wed, 2 Oct 2019 14:20:32 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0012F12002F for <tm-rid@ietf.org>; Wed, 2 Oct 2019 14:20:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 6D1826211F; Wed, 2 Oct 2019 17:20:30 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 4xS4ldZVNsmA; Wed, 2 Oct 2019 17:20:13 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id C4C726211E; Wed, 2 Oct 2019 17:20:10 -0400 (EDT)
To: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com> <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com> <5994016b-0006-f45c-3f53-6094ed768b3c@labs.htt-consult.com> <CA+r8TqU-nhUgLv_eGYMTh6kCoX6UnDH=4XznR168Pvp780==9g@mail.gmail.com>
From: Robert Moskowitz <rgm@labs.htt-consult.com>
Message-ID: <6cae0987-87b0-f8c6-5441-ea25dcacedca@labs.htt-consult.com>
Date: Wed, 02 Oct 2019 17:20:02 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0
MIME-Version: 1.0
In-Reply-To: <CA+r8TqU-nhUgLv_eGYMTh6kCoX6UnDH=4XznR168Pvp780==9g@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------60C45ABB921E9B55C9429F66"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/iryXVZYIhGOHRWX5ayFrqU_0YZ0>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 21:20:36 -0000
On 10/2/19 4:04 PM, Wiethuechter, Adam wrote: > While waiting for Gabriel to answer our emails I have been playing > with Reed-Solomon encoding with the message formats. I assume worst > case scenario of having only 5 pages to play with (the more I examine > what I can access for implementation the more convinced I am that this > is the reality of our situation) and I am using the above format to > work out something (specifically the shorter format as its the only > one that fits currently). A supposition is that there were performance/reliability challenges with more pages. Unfortunately, we have a weak connection into the closed ATSM wg. > > The first page has 17 bytes of user data, which is just to HHIT. We > can also obtain this via the Basic ID message so I am not that worried > about loss here. You have the 'MAC' mapping to work with, so if something goes, it is the HHIT to save 16 bytes (almost a page). > The next 3 pages contain the trusted timestamp (not terribly important > but useful information) and the HHIT Signature (very important). If we > lose any one of these packets the whole point of authentication is > gone. We still have one page left, that Bob has marked as "payload". The trusted timestamp is very important. More details to follow on what this small 'cert' is. > > Assuming we want to run Reed-Solomon (and to my knowledge after doing > some internet search to understand it) we want an RS(92,69) with 8 bit > symbols. This will give us 23 bytes of parity that we would place into > the "payload" section and would protect the 3 signature pages from up > to 11 errors. This is assuming the following: RS(n,k) and 2t=n-k > where; n=payload size, k=data size, t=correctable errors. I used [1] > as a reference to understand what I was doing. > > Bob, also note that while I know BT5 is an option I am constraining > myself to BT4 for the time being as it is widely available and I don't > fully understand BT5 Extended Message format at this time. I also want > to develop up into BT5 (after getting BT4 formatting in a good state) > and not develop down into BT4. My BT5 comment was wondering why they cut the BT4 down to less than what BT5 will deliver. It makes it a challenge for developing messages that work with both. We definitely have to live within BT4 constraints. Now to find out what they are. > > [1] > https://www.cs.cmu.edu/~guyb/realworld/reedsolomon/reed_solomon_codes.html > > On Wed, Oct 2, 2019 at 8:40 AM Robert Moskowitz > <rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com>> wrote: > > Quickly, > > We have to find out why the reduction in size when BT5 is 255 > bytes and the extended messages were designed to work in BT5. > > Bob > > On 10/1/19 12:12 PM, Wiethuechter, Adam wrote: >> All, >> >> Attached is a mock up of what Bob has here just in the new 0.8 >> version of the authentication message. >> >> There is a 23 byte payload limit or 25 bytes if we remove the >> reserved bytes and condense. I am unwilling to do this though as >> then the HHIT or Trust Timestamp fields would be fragmented >> across pages. Its already bad enough that the Trusted Timestamp >> and standard Timestamp fragment across the 32 bit boundary >> (within a page) and worse the signature across 3 whole pages >> already. While in practice this probably wouldn't affect much it >> makes it harder to understand/read I think. >> >> My concern, is that we are broadcasting over Bluetooth. There are >> 5 pages to the authentication message (from my understanding of >> the new standard). If we lose any one page it is most likely >> going to be a signature page (as it spans 3 whole pages) and >> there will be no way to achieve that which this format is >> intended for without the full signature. Perhaps the payload >> section that Bob marked in (and fills the final page of the >> authentication message) should be some sort of error correction >> on the signature? >> >> The second version I think is unattainable in the new format, >> unless someone here can defy the laws of physics and make numbers >> smaller than they actually are thus allowing more to fit within >> the 109 byte constrain of the message format. >> >> Questions, comments, concerns? >> >> On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz >> <rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com>> wrote: >> >> And here is something I have been working on as condensed >> proof of HHIT >> ownership objects that can be put into the auth messages. I >> have not >> done that yet, like Adam has: >> >> <figure> >> <artwork> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 >> 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | HHIT | >> | | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | TIMESTAMP | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | HHIT | >> | SIG | >> . . >> . . >> . . >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> / PAYLOAD / >> / / >> / +-------------------------------+ >> / | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> >> HHIT 16 byte HHIT of EdDSA25519 HI >> TIMESTAMP 4 byte packet trust until timestamp >> HHIT SIG 64 byte Signature of whole packet >> PAYLOAD 0 to n bytes of payload >> Length 84 + n bytes >> </artwork> >> </figure> >> <figure> >> <artwork> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 >> 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | DEV >> HHIT | >> | | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | TIMESTAMP | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | DEV >> HHIT | >> | SIG | >> . . >> . . >> . . >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | DEV >> HI | >> | | >> | | >> | | >> | | >> | | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | AUTH >> TIMESTAMP | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | AUTH >> HHIT | >> | | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | AUTH | >> | SIG | >> . . >> . . >> . . >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> / PAYLOAD / >> / / >> / +-------------------------------+ >> / | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> >> DEV HHIT 16 byte Dev HHIT of EdDSA25519 HI >> TIMESTAMP 4 byte packet trust until timestamp >> DEV HHIT SIG 64 byte Signature of whole packet >> DEV HI 32 byte Device HI of EdDSA25519 HI >> AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp >> AUTH HHIT 16 byte Authorizer's HHIT of EdDSA25519 HI >> AUTH SIG 64 byte Signature of Device HHIT-HI >> PAYLOAD 0 to n bytes of payload >> Length 200 + n bytes >> </artwork> >> </figure> >> >> | Type | Length | >> >> -- >> Tm-rid mailing list >> Tm-rid@ietf.org <mailto:Tm-rid@ietf.org> >> https://www.ietf.org/mailman/listinfo/tm-rid >> >> >> >> -- >> 73's, >> Adam T. Wiethuechter > > -- > Robert Moskowitz > Owner > HTT Consulting > C: 248-219-2059 > F: 248-968-2824 > E: rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com> > > There's no limit to what can be accomplished if it doesn't matter > who gets the credit > > > > -- > 73's, > Adam T. Wiethuechter -- Standard Robert Moskowitz Owner HTT Consulting C:248-219-2059 F:248-968-2824 E:rgm@labs.htt-consult.com There's no limit to what can be accomplished if it doesn't matter who gets the credit
- [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Card, Stu
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam