Re: [Tm-rid] HHIT trust proof for Auth messages
Robert Moskowitz <rgm@labs.htt-consult.com> Thu, 03 October 2019 13:09 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C4DC12001A for <tm-rid@ietfa.amsl.com>; Thu, 3 Oct 2019 06:09:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAYQWD9omzf3 for <tm-rid@ietfa.amsl.com>; Thu, 3 Oct 2019 06:09:20 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 491671200F8 for <tm-rid@ietf.org>; Thu, 3 Oct 2019 06:09:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id A0D726211F; Thu, 3 Oct 2019 09:09:18 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id SsrhnTruv8jf; Thu, 3 Oct 2019 09:09:01 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id CEFF560964; Thu, 3 Oct 2019 09:09:00 -0400 (EDT)
To: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com> <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com> <5994016b-0006-f45c-3f53-6094ed768b3c@labs.htt-consult.com> <CA+r8TqU-nhUgLv_eGYMTh6kCoX6UnDH=4XznR168Pvp780==9g@mail.gmail.com>
From: Robert Moskowitz <rgm@labs.htt-consult.com>
Message-ID: <e6c8facf-3c96-5c29-bd75-30ed09594d41@labs.htt-consult.com>
Date: Thu, 03 Oct 2019 09:09:00 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0
MIME-Version: 1.0
In-Reply-To: <CA+r8TqU-nhUgLv_eGYMTh6kCoX6UnDH=4XznR168Pvp780==9g@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------C9B7B31830B358080D8333EA"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/l2auyKlwyjSxZVvah1c5EdBGTqE>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 13:09:25 -0000
On 10/2/19 4:04 PM, Wiethuechter, Adam wrote: > While waiting for Gabriel to answer our emails I have been playing > with Reed-Solomon encoding with the message formats. I assume worst > case scenario of having only 5 pages to play with (the more I examine > what I can access for implementation the more convinced I am that this > is the reality of our situation) and I am using the above format to > work out something (specifically the shorter format as its the only > one that fits currently). > > The first page has 17 bytes of user data, which is just to HHIT. We > can also obtain this via the Basic ID message so I am not that worried > about loss here. I do not want to rely on the Basic ID Message for the HHIT. It is an opening for attacks. The adversary sends Basic ID Messages with the UAS's MAC addr but some other HHIT. This confuses the ground observer on what HHIT to use to verify the signed message. Better to include the 16 bytes of the UAS HHIT. > The next 3 pages contain the trusted timestamp (not terribly important > but useful information) and the HHIT Signature (very important). If we > lose any one of these packets the whole point of authentication is > gone. We still have one page left, that Bob has marked as "payload". > > Assuming we want to run Reed-Solomon (and to my knowledge after doing > some internet search to understand it) we want an RS(92,69) with 8 bit > symbols. This will give us 23 bytes of parity that we would place into > the "payload" section and would protect the 3 signature pages from up > to 11 errors. This is assuming the following: RS(n,k) and 2t=n-k > where; n=payload size, k=data size, t=correctable errors. I used [1] > as a reference to understand what I was doing. > > Bob, also note that while I know BT5 is an option I am constraining > myself to BT4 for the time being as it is widely available and I don't > fully understand BT5 Extended Message format at this time. I also want > to develop up into BT5 (after getting BT4 formatting in a good state) > and not develop down into BT4. > > [1] > https://www.cs.cmu.edu/~guyb/realworld/reedsolomon/reed_solomon_codes.html > > On Wed, Oct 2, 2019 at 8:40 AM Robert Moskowitz > <rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com>> wrote: > > Quickly, > > We have to find out why the reduction in size when BT5 is 255 > bytes and the extended messages were designed to work in BT5. > > Bob > > On 10/1/19 12:12 PM, Wiethuechter, Adam wrote: >> All, >> >> Attached is a mock up of what Bob has here just in the new 0.8 >> version of the authentication message. >> >> There is a 23 byte payload limit or 25 bytes if we remove the >> reserved bytes and condense. I am unwilling to do this though as >> then the HHIT or Trust Timestamp fields would be fragmented >> across pages. Its already bad enough that the Trusted Timestamp >> and standard Timestamp fragment across the 32 bit boundary >> (within a page) and worse the signature across 3 whole pages >> already. While in practice this probably wouldn't affect much it >> makes it harder to understand/read I think. >> >> My concern, is that we are broadcasting over Bluetooth. There are >> 5 pages to the authentication message (from my understanding of >> the new standard). If we lose any one page it is most likely >> going to be a signature page (as it spans 3 whole pages) and >> there will be no way to achieve that which this format is >> intended for without the full signature. Perhaps the payload >> section that Bob marked in (and fills the final page of the >> authentication message) should be some sort of error correction >> on the signature? >> >> The second version I think is unattainable in the new format, >> unless someone here can defy the laws of physics and make numbers >> smaller than they actually are thus allowing more to fit within >> the 109 byte constrain of the message format. >> >> Questions, comments, concerns? >> >> On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz >> <rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com>> wrote: >> >> And here is something I have been working on as condensed >> proof of HHIT >> ownership objects that can be put into the auth messages. I >> have not >> done that yet, like Adam has: >> >> <figure> >> <artwork> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 >> 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | HHIT | >> | | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | TIMESTAMP | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | HHIT | >> | SIG | >> . . >> . . >> . . >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> / PAYLOAD / >> / / >> / +-------------------------------+ >> / | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> >> HHIT 16 byte HHIT of EdDSA25519 HI >> TIMESTAMP 4 byte packet trust until timestamp >> HHIT SIG 64 byte Signature of whole packet >> PAYLOAD 0 to n bytes of payload >> Length 84 + n bytes >> </artwork> >> </figure> >> <figure> >> <artwork> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 >> 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | DEV >> HHIT | >> | | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | TIMESTAMP | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | DEV >> HHIT | >> | SIG | >> . . >> . . >> . . >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | DEV >> HI | >> | | >> | | >> | | >> | | >> | | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | AUTH >> TIMESTAMP | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | AUTH >> HHIT | >> | | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | AUTH | >> | SIG | >> . . >> . . >> . . >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> / PAYLOAD / >> / / >> / +-------------------------------+ >> / | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> >> DEV HHIT 16 byte Dev HHIT of EdDSA25519 HI >> TIMESTAMP 4 byte packet trust until timestamp >> DEV HHIT SIG 64 byte Signature of whole packet >> DEV HI 32 byte Device HI of EdDSA25519 HI >> AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp >> AUTH HHIT 16 byte Authorizer's HHIT of EdDSA25519 HI >> AUTH SIG 64 byte Signature of Device HHIT-HI >> PAYLOAD 0 to n bytes of payload >> Length 200 + n bytes >> </artwork> >> </figure> >> >> | Type | Length | >> >> -- >> Tm-rid mailing list >> Tm-rid@ietf.org <mailto:Tm-rid@ietf.org> >> https://www.ietf.org/mailman/listinfo/tm-rid >> >> >> >> -- >> 73's, >> Adam T. Wiethuechter > > -- > Robert Moskowitz > Owner > HTT Consulting > C: 248-219-2059 > F: 248-968-2824 > E: rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com> > > There's no limit to what can be accomplished if it doesn't matter > who gets the credit > > > > -- > 73's, > Adam T. Wiethuechter -- Standard Robert Moskowitz Owner HTT Consulting C:248-219-2059 F:248-968-2824 E:rgm@labs.htt-consult.com There's no limit to what can be accomplished if it doesn't matter who gets the credit
- [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Card, Stu
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam