From: bdemsky Date: Tue, 5 Jul 2016 20:27:55 +0000 (-0700) Subject: add notes X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=bb03615f250b3d071a42bac7801a9259d1e43c34;p=iotcloud.git add notes --- diff --git a/doc/iotcloud.tex b/doc/iotcloud.tex index f1a472a..2de4d6e 100644 --- a/doc/iotcloud.tex +++ b/doc/iotcloud.tex @@ -1,8 +1,10 @@ \documentclass[11pt]{article} \newcommand{\tuple}[1]{\ensuremath \langle #1 \rangle} +\usepackage{color} \usepackage{amsthm} \newtheorem{theorem}{Theorem} \newtheorem{defn}{Definition} +\newcommand{\note}[1]{{\color{red} \bf [[#1]]}} \begin{document} \section{Approach} @@ -21,15 +23,17 @@ Server has finite length queue of entries + max\_entry\_identifier + server login key \textbf{Login} +\note{Look at formal algorithm descriptions elsewhere, this is just informal prose... It really needs to be more precise...} + \begin{enumerate} \item In the beginning, there are $d$ devices. Each of the devices has a randomly/user-chosen self-generated $m$-bit user -identification $i$ and $n$-bit password $p$. +identification $i$ and $n$-bit password $p$.\note{All devices being known in the beginning seems unreasonable...How about 1 device initially, and devices can be added at any time...} \item Each device registers these $i$ and $p$ with the server. The server appends ‘salt’ values, $k$-bit random strings $s1$ and $s2$, and generate hash values $j=h(i+s1)$ and $o=h(p+s2)$ for each $i$ and $p$. All $s1$, $s2$, $j$ and $o$ -are then stored in the database. +are then stored in the database.\note{Are these the same $i$ and $p$ as below, if so, you just gave away the password} \item Device to server validation is done by checking the hash values $j\textsc{\char13}$ and $o\textsc{\char13}$ from $i\textsc{\char13}$ and $p\textsc{\char13}$ that are given by users at login time against @@ -37,13 +41,14 @@ $i$ and $p$ that are stored in the database. \end{enumerate} \textbf{Symmetric Keys} +\note{The user uses the same username/key to log into all devices} \begin{enumerate} \item In the beginning, there are $d$ devices. Each of the devices has a randomly/user-chosen self-generated $m$-bit user identification $i$ and $n$-bit password $p$. These $i$ and $p$ are used for device login on server. \item All of $d$ agree on a hash function $h$ that is not known by -the server. +the server.\note{Doesn't make sense to agree on a hash function...People have a shared key.} \item A symmetric key for each device is generated by applying $h$ to the value $(i + p)$ that gives $SK=h(i + p)$. \item This value $SK$ is pre-known and pre-stored by all other