From: bdemsky <bdemsky@uci.edu>
Date: Tue, 5 Jul 2016 20:27:55 +0000 (-0700)
Subject: add notes
X-Git-Url: http://plrg.eecs.uci.edu/git/?p=iotcloud.git;a=commitdiff_plain;h=bb03615f250b3d071a42bac7801a9259d1e43c34

add notes
---

diff --git a/doc/iotcloud.tex b/doc/iotcloud.tex
index f1a472a..2de4d6e 100644
--- a/doc/iotcloud.tex
+++ b/doc/iotcloud.tex
@@ -1,8 +1,10 @@
 \documentclass[11pt]{article}
 \newcommand{\tuple}[1]{\ensuremath \langle #1 \rangle}
+\usepackage{color}
 \usepackage{amsthm}
 \newtheorem{theorem}{Theorem}
 \newtheorem{defn}{Definition}
+\newcommand{\note}[1]{{\color{red} \bf [[#1]]}}
 
 \begin{document}
 \section{Approach}
@@ -21,15 +23,17 @@ Server has finite length queue of entries + max\_entry\_identifier +
 server login key
 
 \textbf{Login}
+\note{Look at formal algorithm descriptions elsewhere, this is just informal prose...  It really needs to be more precise...}
+
 \begin{enumerate}
 \item In the beginning, there are $d$ devices. Each of the 
 devices has a randomly/user-chosen self-generated $m$-bit user 
-identification $i$ and $n$-bit password $p$.
+identification $i$ and $n$-bit password $p$.\note{All devices being known in the beginning seems unreasonable...How about 1 device initially, and devices can be added at any time...}
 \item Each device registers these $i$ and $p$ with the server. 
 The server appends âsaltâ values, $k$-bit random strings $s1$ 
 and $s2$, and generate hash values $j=h(i+s1)$ and 
 $o=h(p+s2)$ for each $i$ and $p$. All $s1$, $s2$, $j$ and $o$ 
-are then stored in the database.
+are then stored in the database.\note{Are these the same $i$ and $p$ as below, if so, you just gave away the password}
 \item Device to server validation is done by checking the hash values 
 $j\textsc{\char13}$ and $o\textsc{\char13}$ from $i\textsc{\char13}$ and 
 $p\textsc{\char13}$ that are given by users at login time against 
@@ -37,13 +41,14 @@ $i$ and $p$ that are stored in the database.
 \end{enumerate}
 
 \textbf{Symmetric Keys}
+\note{The user uses the same username/key to log into all devices}
 \begin{enumerate}
 \item In the beginning, there are $d$ devices. Each of the 
 devices has a randomly/user-chosen self-generated $m$-bit user 
 identification $i$ and $n$-bit password $p$. These $i$ and $p$ 
 are used for device login on server.
 \item All of $d$ agree on a hash function $h$ that is not known by 
-the server.
+the server.\note{Doesn't make sense to agree on a hash function...People have a shared key.}
 \item A symmetric key for each device is generated by applying $h$
 to the value $(i + p)$ that gives $SK=h(i + p)$.
 \item This value $SK$ is pre-known and pre-stored by all other