Hi, Servers are usually more secure and can store challenge/ response pairs for all clients it connects with in Oracle.
Remote IoT devices can be attacked physically and keys retrieved from them. To prevent this, costly and complex tamper proof cryptographic circuitry is used. PUF provides a cheaper alternative to complex and expensive cryptographic circuitry. As keys need not be stored at the IoT device. When PUF receives a challenge from server, it calculates response and sends it to server. Thanks and Regards, Sankalp Bagaria.. On Mon 18 Feb, 2019, 12:20 AM Salz, Rich, <[email protected]> wrote: > I would also be concerned about adding a "new" scheme that easily > functions as an oracle. > > On 2/16/19, 8:01 PM, "Peter Gutmann" <[email protected]> wrote: > > Sankalp Bagaria <[email protected]> writes: > > >We propose that the server is authenticated using X509 certificate in > a TLS > >1.3 like protocol. The Server sends 32-byte Challenge. Client replies > by > >sending 32-byte Response. > > Something very similar to this already exists in the form of > CHAP/MSCHAP over > PEAP/EAP-TLS/EAP-TTLS. It's supported by every Radius server and vast > numbers > (probably billions) of clients. To compete against this huge > installed base, any > new proposal would have to be pretty spectacular... > > Peter. > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > > >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
