Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [STDS-802-Privacy] Random addresses and P2P relationships

To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
Subject: Re: [STDS-802-Privacy] Random addresses and P2P relationships
From: Paul Lambert <paul@xxxxxxxxxxx>
Date: Wed, 26 Nov 2014 20:07:18 -0800

On 11/26/14, 4:08 PM, "Christian Huitema" <huitema@xxxxxxxxxxxxx> wrote:

>On  November 26, 2014 3:52 PM Paul Lambert wrote:
>
>> Note - devices should maintain relationships based on ³Id² not MAC E.g.
>> Id_i = H(csi, P_i)[0:16]
>
>Maybe. But if we consider "device pairing," we have to consider what kind
>of secret is already exchanged during the pairing.
Yes Š 

Any device will actually need multiple ³identities² for the various use
cases that cover it¹s full life cycle.

In other forums we¹re working on secure pairing and need to consider
devices with and without any user interface.
Devices without an interface need some type of label (attached or
detached) that enables the owner of the
device to initially setup and configure the system when it is in a initial
bootstrap mode.

The label information should bind to a bootstrap public key (P_b=s_b*G)
that supports mutual authentication of devices.  After configuration, a
new device would generate and share a new public key with the device used
to setup/manage the new system.  Labels are envisioned to include QR code.

This is just one use case Š where physical access and strong setup binding
is important.

I can also imagine a use case where two devices are paired by users
without any prior contact or knowledge, but once paired would maintain
some ongoing relationship (similar to a TOFU model).

While my proposal was originally to show how we could be supporting random
appearing addresses, but that could be strongly bound to a longer term
identity.  

The handling of the long term key and any other authorizations or
certificates that are shared after the externally private key exchange is
a longer discussion.  The sharing of identity information after a key
exchange is still an interesting and difficult part of a privacy analysis.
 Even if the passively visible information is protected, if a
authentication exchange always gives away the ³real² identity there¹s
still a problem.  A detailed list of use cases of might help Š

Paul

>We also have to see what kind of identities can be disclosed or not
>during "peer-to-peer" discovery protocols. One possibility for example is
>to assume that a secret "s_ab" is exchanged during the establishment of
>the relationship between two devices A and B, and to use that secret to
>"blind" the discovery request.
>
>For example, the discovery request could include an information element
>of the form < nonce, H(nonce, s_ab) >. Devices process the request by
>looking at their list of established relationships, to see whether one
>matches. If there is a match, they can try to establish a connection.
>
>-- Christian Huitema
>
>

References:
- [STDS-802-Privacy] Random addresses and P2P relationships
  - From: Christian Huitema

Prev by Date: Re: [STDS-802-Privacy] Proposal on a MAC mediator protocol
Next by Date: [STDS-802-Privacy] Random addresses and P2P relationships
Previous by thread: [STDS-802-Privacy] Random addresses and P2P relationships
Index(es):
- Date
- Thread