Re: [perpass] privacy implications of UUIDs for IoT devices

Fri, 07 Oct 2016 08:11:04 -0700 

Christian Huitema <huit...@huitema.net> wrote:
    >> I'd love to find a way to send the identifier only to an authorized
    >> operator,
    >> which is resistant to an active MITM, given that the new device (the
    >> pledge)
    >> doesn't know who the authorized operator is yet.

    > We are looking at that in the pairing draft in DNSSD
    > (https://tools.ietf.org/html/draft-kaiser-dnssd-pairing-00). The 
hypothesis
    > is that the two paired devices can display a short authentication

This might be fine for larger devices with displays, but it's a fail
everywhere else.  Even in ANIMA, one could have a $300K BFR being deployed,
but it doesn't have a display or a person to read the display.
But, does this device need privacy?
But, the same system ideally bootstraps home routers, which at $39.95, still
don't have a display or a competent human to read the display.

    > e.g. 6-7 digits. Given that, we can establish a TLS connection without 
prior
    > credentials between the two parties, with a probability 99.9999% that

Such as was done with the STU-III phone...

    > There is another trick, used in the privacy extensions to DNS-SD
    > (https://tools.ietf.org/html/draft-huitema-dnssd-privacy-02). Use TLS PSK,
    > or better yet TLS/ECDH/PSK. Instead of PSK ID, send a puzzle that can only
    > be solved by parties knowing the PSK, e.g. nonce + hash (nonce, PSK). That
    > guarantees connection without MITM, and also without disclosure of the
    > identities to third parties. Problem, it scales as O(number of PSK) known 
by
    > the server. We could probably devse an extension of that using public key
    > technology.

How does the responding end know which PSK to try?
I guess that's why it scales O(number of devices), because the responder has
to try *all* of the PSK it knows?  Wow.

With public key technology, one could sign something, send the signature, and
let the responder try all the public keys it knows?  Basically, just omit the
Certificate in the handshake.


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass

Reply via email to