Mosref Ecdh Affiliation
LibTomCrypt employs ECC to provide a Diffie-Hellman style key agreement protocol. MOSREF employs this ECDH protocol to establish a secure channel for affiliation between the Console and Drone.
While anonymous key agreement provides an effective way for two endpoints to establish a symmetric key for communication with each other, it does not provide a way to authenticate the endpoints. MOSREF ECDH Affiliation employs a shared secret vector to construct a two way challenge and response that performs authentication over the secured channel, making a reasonable guarantee of the Console and Drone identities.
Improvements:
- Extend the message header to include a count of dummy padding bytes that lead and trail the message body.
- Extend the message header with a CRC of the body.
- Extend the message header with a CRC of the header fields and the body.
Glossary:
- Cp -- the Console's Static ECDH Key, public portion
- Cq -- the Console's Static ECDH Key, private portion
- Dp -- the Drone's Ephemeral ECDH Key, public portion
- Dq -- the Drone's Ephemeral ECDH Key, private portion
- KK -- the Key Exchange Ephemeral AES Key, determined using C and D.
- CC -- the Console Initialization Vector, a random 16 byte block of data.
- DD -- the Drone Initialization Vector, a random 16 byte block of data.
- CK -- the Command Ephemeral AES Key determined using C and D, with DD as an initialization vector.
- RK -- the Report Ephemeral AES Key determined using C and D, with CC as an initialization vector.
At Deployment, the Console Knows:
At Deployment, the Drone Knows:
At Invocation, the Console Determines:
At Invocation, the Drone Determines:
At Affiliation:
- Drone --> Console, via plaintext, Dp
- Drone --> Console, via KK using AES, DD
- Console --> Drone, via KK using AES, CC
- Drone --> Console, via RK using AES / CFB, CC
- Console --> Drone, via CK using AES / CFB, DD
Notes:
- Traffic encryption using CK and RK employ the AES encrypt operation in CFB mode; all messages are transmitted as a sequence of 16 byte blocks lead by a 4 byte message length.
References:
Ciphers and Key Strengths:
- The ECC Cipher should use a minimum 384 bit key strength, corresponding with Suite B's Top Secret recommendations.
- The AES Cipher could be used for TK, and is considered sufficient at 256 bits by Suite B.