From 4a5d278f55f61c6860b2439c4e5afa19e1d15464 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Tue, 5 Jul 2016 09:24:23 -0700 Subject: [PATCH] Completing login and key management (part 1.1) --- doc/iotcloud.tex | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/doc/iotcloud.tex b/doc/iotcloud.tex index acad12b..f1a472a 100644 --- a/doc/iotcloud.tex +++ b/doc/iotcloud.tex @@ -20,6 +20,57 @@ hash2(user id | password) Server has finite length queue of entries + max\_entry\_identifier + server login key +\textbf{Login} +\begin{enumerate} +\item In the beginning, there are $d$ devices. Each of the +devices has a randomly/user-chosen self-generated $m$-bit user +identification $i$ and $n$-bit password $p$. +\item Each device registers these $i$ and $p$ with the server. +The server appends ‘salt’ values, $k$-bit random strings $s1$ +and $s2$, and generate hash values $j=h(i+s1)$ and +$o=h(p+s2)$ for each $i$ and $p$. All $s1$, $s2$, $j$ and $o$ +are then stored in the database. +\item Device to server validation is done by checking the hash values +$j\textsc{\char13}$ and $o\textsc{\char13}$ from $i\textsc{\char13}$ and +$p\textsc{\char13}$ that are given by users at login time against +$i$ and $p$ that are stored in the database. +\end{enumerate} + +\textbf{Symmetric Keys} +\begin{enumerate} +\item In the beginning, there are $d$ devices. Each of the +devices has a randomly/user-chosen self-generated $m$-bit user +identification $i$ and $n$-bit password $p$. These $i$ and $p$ +are used for device login on server. +\item All of $d$ agree on a hash function $h$ that is not known by +the server. +\item A symmetric key for each device is generated by applying $h$ +to the value $(i + p)$ that gives $SK=h(i + p)$. +\item This value $SK$ is pre-known and pre-stored by all other +devices prior to operation of the data structure. +\end{enumerate} + +\textbf{Data Structure on Server} +\begin{enumerate} +\item Server maintains a finite length $q$-entry FIFO queue +$Q=\{0, 1, …, q-1\}$. It has a head and a tail pointers that keep track +of head and tail slots. +\item Server records a max entry identifier $max$ as a limit for $q$. +It keeps track that $q \leq max$ at all times. When $q=max$, the queue +mechanism allows this sequence of events when there is a new slot added: +\begin{enumerate} +\item Pointer for entry $0$ now points to entry $1$, making it the new +entry $0$. +\item Entry $0$ is expunged from the queue. +\item New entry is added to the end of the queue, making it entry $q$. +\item Pointer for entry $q-1$ is advanced to entry $q$, making it the new +entry $q-1$. +\end{enumerate} +\item For client login, server maintains a table with values $i$, $p$, +$s1$, and $s2$ that are generated when device registers itself on server +for the first time. +\end{enumerate} + \subsection{Entry layout} Each entry has: \begin{enumerate} -- 2.34.1