<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>On 12/14/2017 8:00 AM, Henry Baker wrote:<br>
</p>
<blockquote type="cite"
cite="mid:E1ePVwG-0004BP-Lf@elasmtp-mealy.atl.sa.earthlink.net">
<pre wrap="">1. My smartphone talks <b class="moz-txt-star"><span class="moz-txt-tag">*</span>only<span class="moz-txt-tag">*</span></b> with <b class="moz-txt-star"><span class="moz-txt-tag">*</span>my<span class="moz-txt-tag">*</span></b> car;
2. My car talks <b class="moz-txt-star"><span class="moz-txt-tag">*</span>only<span class="moz-txt-tag">*</span></b> with <b class="moz-txt-star"><span class="moz-txt-tag">*</span>my<span class="moz-txt-tag">*</span></b> smartphone;
3. No passive observer of the communications between my phone
and my car will reveal any information which will enable later
impersonation of either my phone or my car;
4. No passive observer of the communications between my phone
and my car will reveal either the identity of my phone or the
identity of my car;
5. No active observer can do anything other than simply jam
the channel;
6. Either my phone or my car can decide to terminate the
communication relationship in such a way that only <b class="moz-txt-star"><span class="moz-txt-tag">*</span>repairing<span class="moz-txt-tag">*</span></b>
will re-enable the communication.
But here's the real kicker:
7. From time to time, my phone and my car may not be able to
communicate for an unknown period of time -- e.g., my phone
may have gone out of range, my car may be turned off, passive
or active jamming could make communications impossible, etc.
During the period of non-communication, I don't want the
battery in either my phone or my car to be run down by constant
polling; I don't want any polling by either my phone or my
car to identify my phone or my car; I'd rather not have my
phone or my car even reveal that it IS polling.
Let's assume that my phone and my car might perform the
pairing process via non-wireless means -- e.g., simply
plugging them together via USB -- so that we don't have
to worry about protecting the pairing process itself.
Are there any simple protocols that could achieve these
goals?</pre>
</blockquote>
<br>
This is pretty much the problem that Daniel Kaiser and I set to
solve in the Privacy Extensions for DNS SD:
<a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/draft-ietf-dnssd-privacy/">https://datatracker.ietf.org/doc/draft-ietf-dnssd-privacy/</a>. Our
solution uses pairwise shared secrets, obtained via pairing. It uses
obfuscated announcements of the form <nonce,
hash(nonce,secret)>. There is a scaling issue, as the number of
announcements scales with the number of peers * number of nodes on
the network. We mitigate it partially by constraining the nonce to
be a coarse version of the date, e.g., set the nonce to the time in
seconds modulo 30 minutes so peers only have to redo the computation
every 30 minutes.<br>
<br>
The DNS SD working group would very much like to find a solution
that does not have these scaling constraints, maybe using public key
technology instead of pairwise secrets. If you have such a solution,
your contributions would be very welcome.<br>
<br>
-- Christian Huitema<br>
<br>
</body>
</html>