| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
--- This message came from the IEEE 802.11 Task Group M Technical Reflector ---
From: ***** 802.11 REVm - Revision Maintainance List ***** [mailto:STDS-802-11-TGM@xxxxxxxx] On Behalf Of Jon Rosdahl
Sent: Monday, September 16, 2019 6:55 PM
To: STDS-802-11-TGM@xxxxxxxxxxxxxxxxx
Subject: Re: [STDS-802-11-TGM] Updates to document 11-19/1173
--- This message came from the IEEE 802.11 Task Group M Technical Reflector ---
Greetings,
Question:
If " all operations in the SSWU algorith" have to be in constant time why not just say that?
Change " All operations shall be done in constant time" to " All operations in the SSWU algorithm shall be done in constant time"
[RR] With all due respect, what the heck does “done in constant time” mean? “Constant time” borders on being an oxymoron as best I can tell :^))) I am pretty sure there is a much better way of expressing what is really intended, however not knowing what that is, it’s hard to provide alternative text from this side of the pond! Hope you’re all enjoying SE Asia!
Regards,
Jon
-----------------------------------------------------------------------------
Jon Rosdahl Engineer, Senior Staff
office: 801-492-4023 Qualcomm Technologies, Inc.
cell: 801-376-6435 10871 North 5750 West
Highland, UT 84003
A Job is only necessary to eat!
A Family is necessary to be happy!!
On Mon, Sep 16, 2019 at 7:41 PM M Montemurro <montemurro.michael@xxxxxxxxx> wrote:
--- This message came from the IEEE 802.11 Task Group M Technical Reflector ---
I posted r16 of document 11-19/1173 based on the discussion yesterday:
The document updates includes:
1) 12.4.4.2.2 and 12.4.4.3.2: Replace “When a direct form of hashing to discover the PWE is not signaled by the AP, or if the SAE initiator does not signal its use in its SAE Commit message” with “If the AP does not advertise support for the Extended RSN Capability SAE hash-to-element or the SAE initiator does not set Status Code to SAE_HASH_TO_ELEMENT in its SAE Commit message”.
2) 12.4.4.2.3: remove the subscripts in the descriptive paragraph, changing x_1 and x_2 to x1 and x2.
3) 12.4.4.2.3: Fix the type in the sentence: "All operations shall be done in constant time"
With respect to the normative statement quoted in 3), I consulted Jouni and he has the following response:
“All operations shall be done in constant time” is really referring to all operations in the SSWU algorithm. This includes both the CSEL/CEQ functions that are explicitly noted as operating in constant time and all the mathematical operations. For me, “all operations” is pretty clear here, so I’m not sure what else to propose. One need to be careful not to open possibility for someone to interpret a more specific list of operations as something that would imply there are potential exceptions to this rule if something was not seen as being listed. For example, “All mathematical operations” would be confusing since it could leave LSB() out from the operations that shall be in constant time.
As a side note, the importance of all these operations being constant time (and really, constant memory access behavior to avoid the cache attacks) is much less important in H2E case compared to the hunting-and-pecking design since this calculation happens offline and an attacker has no means for inputting different data to it. In other words, it would be very difficult to do attacks similar to ones described in the Dragonblood paper since there would be only one data point that would provide timing or memory access differences based on the password and even if that same operation would be repeated multiple times, it would provide the exact same information since this part does not take in MAC addresses or anything else that can change between iterations. All that said, it would still be appropriate to state that the operations need to be done in constant time."
I'd like to request some agenda time today or tomorrow to discuss this response and I intend to make a motion this week to adopt this proposal.
Cheers,
Mike
To unsubscribe from the STDS-802-11-TGM list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1
To unsubscribe from the STDS-802-11-TGM list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1
To unsubscribe from the STDS-802-11-TGM list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1
To unsubscribe from the STDS-802-11-TGM list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1