My English may be imperfect ;)
I post the request in SEB for Windows, but it concerns all OS.
Context
The context is the same as in the previous request : #1425
The BK suggested has a drawback : at least 3 keys needs do be precalculated (win, mac, ios).
This request is mainly for BYOD context, not for exams but for frequent quizzes.
The idea
This Feature Request suggests a new key : the CBK, Common Browser Key.
This is one key to check the integrity, common to the 3 OS. For that we can relie on the properties of the Elliptic Curve Diffie-Hellmann key exchange : the forward operations are easy, but backward operations are really hard.
The key is common to the 3 last OS version, but change on each release.
Teachers/schools can precalculate this key, and set it into the LMS.
Explanations
- lowcase means private/secret
- upcase means public
- w/W for windows, m/M for macos, i/I for ios
- G is a point on an ellipic curve (Curve25519 ?)
. (dot) is the scalar multiplication in the context of Elliptic Curve Diffie-Hellman algorithm
w, m, i are integrity keys calculated by each last version of SEB (the algorithm could be different than the one used for BEK and ASK); these are secrets and only known by you, the devs of SEB.
cbk = G.w.m.i
Let's say we are on a windows computer, in the integrity module we can only calculate w ; m and i can't be given in the binary (too unsecure).
But we can have public precalculated keys :
W = G.m.iM = G.w.iI = G.w.m
cbk = w.W = m.M = i.I
And before leaving the integrity module, we can calculate the CBK :
CKB = hash(cbk + seed) // seed given as arg by the call of the function, and chosen by the examinator/teacher/school (in config.seb)
And of course CBK could be hashed with the full URL by the client, before be provided by the API :
security.commonBrowserKey = hash(CBK + URL)
Howto publish precalculated keys
I guess it's better outside the code source, as a table downloaded by SEB :
Exemple with current last versions :
| Client SEB version |
Others OS SEB Version |
Public key |
| Win 3.10.1 |
Mac 3.6.1 & iOS 3.6.1 |
WXXX1... |
| Mac 3.6.1 |
Win 3.10.1 & iOS 3.6.1 |
MXXX1... |
| iOS 3.6.1 |
Win 3.10.1 & Mac 3.6.1 |
IXXX1... |
When you release a new version of SEB, you update the table for the last OS versions, by append (only the last OS versions which exist at the time of a release, IMHO no need to generate crossed possibilities for older triplets) :
Exemple with a future macOS 3.6.2 :
| Client SEB version |
Others OS SEB Version |
Public key |
| Win 3.10.1 |
Mac 3.6.1 & iOS 3.6.1 |
WXXX1... |
| Mac 3.6.1 |
Win 3.10.1 & iOS 3.6.1 |
MXXX1... |
| iOS 3.6.1 |
Win 3.10.1 & Mac 3.6.1 |
IXXX1... |
| Win 3.10.1 |
Mac 3.6.2 & iOS 3.6.1 |
WXXX2... |
| Mac 3.6.2 |
Win 3.10.1 & iOS 3.6.1 |
MXXX1... (yes, it's the same) |
| iOS 3.6.1 |
Win 3.10.1 & Mac 3.6.2 |
IXXX2... |
In production, we can omit the first column, as the config tool utility knows it's own version : we can deduplicate some lines
On the user/config side
The user chooses the triplet win/mac/ios from the possibilities given by the table AND for his current version of SEB.
He also chooses a seed.
He obtains a CBK to copy/paste into the LMS, unique for the selected triplet and the chosen seed.
Limits
As the BK, it can be less secure than the BEK or the ASK. But in BOYD env and for frequent quizzes that's more secure than the only CK used by default, and easier to use than the BEK or the BK.
LMS dev have to implement this key.
Later
This can work if you release new OS version of SEB, let's say a/A for Android :
cbk = G.w.m.i.a
Public keys will be calculated from 3 others OS, for exemple :
W = G.m.i.a
and so on ...
My English may be imperfect ;)
I post the request in SEB for Windows, but it concerns all OS.
Context
The context is the same as in the previous request : #1425
The BK suggested has a drawback : at least 3 keys needs do be precalculated (win, mac, ios).
This request is mainly for BYOD context, not for exams but for frequent quizzes.
The idea
This Feature Request suggests a new key : the CBK, Common Browser Key.
This is one key to check the integrity, common to the 3 OS. For that we can relie on the properties of the Elliptic Curve Diffie-Hellmann key exchange : the forward operations are easy, but backward operations are really hard.
The key is common to the 3 last OS version, but change on each release.
Teachers/schools can precalculate this key, and set it into the LMS.
Explanations
.(dot) is the scalar multiplication in the context of Elliptic Curve Diffie-Hellman algorithmw,m,iare integrity keys calculated by each last version of SEB (the algorithm could be different than the one used for BEK and ASK); these are secrets and only known by you, the devs of SEB.cbk = G.w.m.iLet's say we are on a windows computer, in the integrity module we can only calculate
w;mandican't be given in the binary (too unsecure).But we can have public precalculated keys :
W = G.m.iM = G.w.iI = G.w.mcbk = w.W = m.M = i.IAnd before leaving the integrity module, we can calculate the CBK :
CKB = hash(cbk + seed)// seed given as arg by the call of the function, and chosen by the examinator/teacher/school (in config.seb)And of course CBK could be hashed with the full URL by the client, before be provided by the API :
security.commonBrowserKey = hash(CBK + URL)Howto publish precalculated keys
I guess it's better outside the code source, as a table downloaded by SEB :
Exemple with current last versions :
When you release a new version of SEB, you update the table for the last OS versions, by append (only the last OS versions which exist at the time of a release, IMHO no need to generate crossed possibilities for older triplets) :
Exemple with a future macOS 3.6.2 :
In production, we can omit the first column, as the config tool utility knows it's own version : we can deduplicate some lines
On the user/config side
The user chooses the triplet win/mac/ios from the possibilities given by the table AND for his current version of SEB.
He also chooses a seed.
He obtains a CBK to copy/paste into the LMS, unique for the selected triplet and the chosen seed.
Limits
As the BK, it can be less secure than the BEK or the ASK. But in BOYD env and for frequent quizzes that's more secure than the only CK used by default, and easier to use than the BEK or the BK.
LMS dev have to implement this key.
Later
This can work if you release new OS version of SEB, let's say a/A for Android :
cbk = G.w.m.i.aPublic keys will be calculated from 3 others OS, for exemple :
W = G.m.i.aand so on ...