[Emu] Support of NIST P-256 in EAP-NOOB

2019-06-20 Thread Eduardo Inglés UM 

Hi again,

I am currently implementing EAP-NOOB on Zolertia Firefly boards 
(https://zolertia.io/product/firefly/). The board provides hardware 
acceleration for ECC operations. However, currently the API only 
supports ECDHE with NIST P-256 and EAP-NOOB draft only mentions the 
cryptosuite x25519 in Section 4.1.


I know that IETF likes the curve x25519, which has been specified 
through the CFRG process. Besides that, I see that many other platforms 
only support NIST P-256 in hardware. Thus, I wonder if it would be 
possible to support NIST P-256 to the draft?


In this draft 
(https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-06) I 
see that perhaps it is possible to use the code NIST P-256 for doing 
x25519. However, I have no coding expertise in cryptographic encoding to 
do that. Hence authors, do you want to support another curve?



Regards,
Eduardo Inglés.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] Implementing EAP-NOOB in Contiki - Use of the Realm assigned by the server?

2019-06-20 Thread Eduardo Inglés UM 

Hello all,

During the IETF 104 Prague I told you that I am implementing EAP-NOOB in 
Contiki. During the process I have had few issues that I will send in 
separate emails for clarifications in the coming weeks.


I like the way EAP-NOOB allows the server to send a realm that a peer 
can use later on during its lifetime. I find it useful when peers are 
roaming in different networks, for example, in the use case that I sent 
in a previous email. However, reading the specification it is not clear 
to me when a device should start using the Realm assigned by the server.


Should I use it already during Waiting Exchange? Or only after the 
device has been successfully authenticated in the Completion Exchange?


Regards,
Eduardo Inglés.



___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] Questions about EAP-NOOB draft

2019-02-07 Thread Eduardo Inglés UM 

Hi Tuomas,

Thanks for taking the time to respond.

In the first question I was wondering if there was any debate about the 
inclusion of other algorithms. Especially in terms of interoperability 
with, for example, TLS. You're right that low-end devices can do ECDHE. 
Therefore, it would not make sense to decrease the level of security. In 
addition, I have seen that the new version TLS 1.3 includes a derivation 
function with HKDF [RFC5869], which is could be compatible with ECDH.


Regarding the problem of the proposed scenario, it is a very interesting 
solution. A good option to take into account.


Best regards.


El 30/01/2019 a las 11:35, Aura Tuomas escribió:

Hi Eduardo,

1.
I' not sure what kind of alternative key derivation you are suggesting. Are you 
thinking about alternative ECDH curves, or RSA maybe? I believe even the 
low-end devices can do ECDHE these days so it is not obvious to me why that 
should be sometimes avoided.

2.
This is a valid scenario for real-world deployments. Thank you for bringing it 
up.

Managed handovers where the previous authentication / management server is 
still online and co-operative, are already supported. After copying the 
EAP-NOOB associations for the peer devices to the new server, the old server 
can send a new Realm field in the next Reconnect Exchange and then be taken 
offline. Alternatively, Radius routing can be set at the access networks to 
capture the old realm, and the new server can send the new Realm in Reconnect. 
We should check the EAP-NOOB spec though to make sure that there is nothing to 
prevent such usage.

Unmanaged handovers where the old server just goes out of business are messier. 
We simply need to copy the server-side EAP-NOOB association database because 
there is nothing else for re-bootstrapping the security association - except of 
course a new user-assisted OOB step.

Regards,
Tuomas



-Original Message-
From: Emu  On Behalf Of Eduardo Inglés UM
Sent: Wednesday, 9 January, 2019 20:25
To:emu@ietf.org
Subject: [Emu] Questions about EAP-NOOB draft
Importance: High

Dear Tuomas,

First of all, I would like to say that EAP-NOOB draft is very complete and 
understandable. Also, with regard to the rest of the solutions I have found, I 
think it is a great solution so far and I like the way to approach the problems.

I am working on implementing EAP-NOOB on resource-constrained devices for our 
use case. But I have the following 2 questions:

1. Regarding the key derivation section. There, it is explained the use of 
ECDHE for the key exchange. Do you have in mind to accept any alternatives 
besides the one explained in the draft? Maybe weaker methods or stronger but 
not so constrained.

2. I have a concrete use case. Specifically, I am interested in knowing how the 
Reconnect State works.
In the scenario there are some devices that are going to be installed and then 
they will be inaccessible to be able to repeat the OOB step.
These devices already have the corresponding security associations with a 
specific RealM. For example, a device from the University of Murcia is managed 
by a company called Odins.

Now we assume that Odins stops managing those devices and Ericsson becomes the 
new manager with his own AAA Infrastructure. To establish the new RealM, I 
understand that the device should be restarted and the entire process done. Is 
there a mechanism to allow migration without having to repeat the OOB step?


Regards,
Eduardo Inglés.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu


___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] Questions about EAP-NOOB draft

2019-01-09 Thread Eduardo Inglés UM 

Dear Tuomas,

First of all, I would like to say that EAP-NOOB draft is very complete 
and understandable. Also, with regard to the rest of the solutions I 
have found, I think it is a great solution so far and I like the way to 
approach the problems.


I am working on implementing EAP-NOOB on resource-constrained devices 
for our use case. But I have the following 2 questions:


1. Regarding the key derivation section. There, it is explained the use 
of ECDHE for the key exchange. Do you have in mind to accept any 
alternatives besides the one explained in the draft? Maybe weaker 
methods or stronger but not so constrained.


2. I have a concrete use case. Specifically, I am interested in knowing 
how the Reconnect State works.
In the scenario there are some devices that are going to be installed 
and then they will be inaccessible to be able to repeat the OOB step. 
These devices already have the corresponding security associations with 
a specific RealM. For example, a device from the University of Murcia is 
managed by a company called Odins.


Now we assume that Odins stops managing those devices and Ericsson 
becomes the new manager with his own AAA Infrastructure. To establish 
the new RealM, I understand that the device should be restarted and the 
entire process done. Is there a mechanism to allow migration without 
having to repeat the OOB step?



Regards,
Eduardo Inglés.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu