[Ndn-interest] Adding HMAC to available NDN signature types

Adeola Bannis abannis at ucla.edu
Fri Sep 19 17:50:29 PDT 2014


On Fri, Sep 19, 2014 at 5:46 PM, Tai-Lin Chu <tailinchu at gmail.com> wrote:

> 1. just to make sure: you are proposing "standard" sha256 hmac.
>
>
Yes.


> 2. The biggest benefit that I can see from hmac is that it is faster
> to both encode/decode. As a result, we can use RSA to first bootstrap
> a symmetric key and use it for hmac.
>
> On Fri, Sep 19, 2014 at 4:58 PM, Adeola Bannis <thecodemaiden at gmail.com>
> wrote:
> >
> >
> > On Fri, Sep 19, 2014 at 4:19 PM, Junxiao Shi <
> shijunxiao at email.arizona.edu>
> > wrote:
> >>
> >> Hi Adeola
> >>
> >> I agree with the necessity of HMAC signature.
> >>
> >> I have the following questions on the details:
> >>
> >> What's expected to appear in KeyLocator?
> >
> > In my current implementation, I am setting up communications between two
> > devices, and each of these devices is assigned an NDN name, which I can
> use
> > to identify the sender/receiver of a signed packet. I think this is an
> > implementation detail, similar to (partial) certificate names being used
> as
> > key names with the current RSA signature. That is, there is nothing
> forcing
> > someone implementing their own trust model with RSA signatures to use our
> > certificate Data type and certificate names.
> >
> > To relate to the current RSA signature KeyLocator, you can think of it
> as an
> > identity instead of a full certificate name.
> >
> >>
> >> What's the benefit of using opad and ipad?
> >> Why should SignatureValue contain two SHA256 hash functions? Why not use
> >> just "SHA256(KeyValue, Name, MetaInfo, Content, SignatureInfo)"?
> >
> > This is how HMAC is defined
> > (http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
> > http://www.ietf.org/rfc/rfc2104.txt). The two applications of SHA256
> allow
> > the symmetric key to be embedded in the hash. Otherwise, it would be a
> > simple digest and could not prove the identity of a sender. The choice of
> > ipad and opad were made by someone more aware of hash function attacks
> than
> > I am.
> >
> >>
> >>
> >> An accompanying document is needed to cover some guidance about how to
> >> design an application that makes use of HMAC signature and still
> guarantee a
> >> strong level of provenance.
> >
> >
> > There are many implementations of HMAC for authenticating web services.
> See
> >
> http://docs.aws.amazon.com/AmazonSimpleDB/latest/DeveloperGuide/HMACAuth.html
> > for an example. I am not sure that I would be able to provide better
> > guidance.
> >
> >
> >>
> >> In particular, is this scheme usable if producer and sender do not exist
> >> at the same time?
> >
> >
> > I'm not sure what you mean by exist. If they both know the key, they can
> > exchange data. If you have old data stored and then someone tells you the
> > symmetric key used in signing, you can verify it. It is exactly the same
> as
> > if you encountered old data signed with an RSA private key, and then got
> the
> > corresponding public key by whatever means: you would then be able to
> verify
> > it.
> >
> >>
> >> Yours, Junxiao
> >
> >
> > Thanks,
> > Adeola
> >
> > _______________________________________________
> > Ndn-interest mailing list
> > Ndn-interest at lists.cs.ucla.edu
> > http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
> >
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20140919/57b6b22b/attachment.html>


More information about the Ndn-interest mailing list