add notes

diff --git a/doc/iotcloud.tex b/doc/iotcloud.tex
index f1a472a937897086d7b0aff7f2c32ba471c87e98..2de4d6e40514cfc66e6f74091f4c9b6bb345ba7f 100644 (file)
--- a/doc/iotcloud.tex
+++ b/doc/iotcloud.tex
@@ -1,8 +1,10 @@
 \documentclass[11pt]{article}\r
 \newcommand{\tuple}[1]{\ensuremath \langle #1 \rangle}\r
+\usepackage{color}\r
 \usepackage{amsthm}\r
 \newtheorem{theorem}{Theorem}\r
 \newtheorem{defn}{Definition}\r
+\newcommand{\note}[1]{{\color{red} \bf [[#1]]}}\r
 \r
 \begin{document}\r
 \section{Approach}\r
@@ -21,15 +23,17 @@ Server has finite length queue of entries + max\_entry\_identifier +
 server login key\r
 \r
 \textbf{Login}\r
+\note{Look at formal algorithm descriptions elsewhere, this is just informal prose...  It really needs to be more precise...}\r
+\r
 \begin{enumerate}\r
 \item In the beginning, there are $d$ devices. Each of the \r
 devices has a randomly/user-chosen self-generated $m$-bit user \r
-identification $i$ and $n$-bit password $p$.\r
+identification $i$ and $n$-bit password $p$.\note{All devices being known in the beginning seems unreasonable...How about 1 device initially, and devices can be added at any time...}\r
 \item Each device registers these $i$ and $p$ with the server. \r
 The server appends ‘salt’ values, $k$-bit random strings $s1$ \r
 and $s2$, and generate hash values $j=h(i+s1)$ and \r
 $o=h(p+s2)$ for each $i$ and $p$. All $s1$, $s2$, $j$ and $o$ \r
-are then stored in the database.\r
+are then stored in the database.\note{Are these the same $i$ and $p$ as below, if so, you just gave away the password}\r
 \item Device to server validation is done by checking the hash values \r
 $j\textsc{\char13}$ and $o\textsc{\char13}$ from $i\textsc{\char13}$ and \r
 $p\textsc{\char13}$ that are given by users at login time against \r
@@ -37,13 +41,14 @@ $i$ and $p$ that are stored in the database.
 \end{enumerate}\r
 \r
 \textbf{Symmetric Keys}\r
+\note{The user uses the same username/key to log into all devices}\r
 \begin{enumerate}\r
 \item In the beginning, there are $d$ devices. Each of the \r
 devices has a randomly/user-chosen self-generated $m$-bit user \r
 identification $i$ and $n$-bit password $p$. These $i$ and $p$ \r
 are used for device login on server.\r
 \item All of $d$ agree on a hash function $h$ that is not known by \r
-the server.\r
+the server.\note{Doesn't make sense to agree on a hash function...People have a shared key.}\r
 \item A symmetric key for each device is generated by applying $h$\r
 to the value $(i + p)$ that gives $SK=h(i + p)$.\r
 \item This value $SK$ is pre-known and pre-stored by all other \r