{"id":276,"date":"2015-07-28T11:51:45","date_gmt":"2015-07-28T11:51:45","guid":{"rendered":"https:\/\/blogs.ncl.ac.uk\/security\/?p=276"},"modified":"2015-07-28T13:02:00","modified_gmt":"2015-07-28T13:02:00","slug":"j-pake-built-into-google-nest-thermostats","status":"publish","type":"post","link":"https:\/\/blogs.ncl.ac.uk\/security\/2015\/07\/28\/j-pake-built-into-google-nest-thermostats\/","title":{"rendered":"J-PAKE built into Google Nest thermostats"},"content":{"rendered":"

The J-PAKE key exchange protocol<\/a>, designed by Prof Peter Ryan and myself in 2008, has been built into the Nest thermostat products (Nest was bought by Google in 2014 for US$3.2 billion). A technical white paper that describes the implementation has recently gone public <\/a>(13 July, 2015).<\/p>\n

Besides the Google Nest, J-PAKE has also been used in other commercial products. Since 2010, J-PAKE has been used by Mozilla Firefox to implement secure sync and deployed to over 400 million internet users. Recently, Mozilla Firefox starts to deploy a different mechanism (less secure but more usable than J-PAKE) for sync. However, the Palemoon browser, a popular fork of Firefox, retains the original J-PAKE based mechanism for preserving full security in protecting sync data (which contain sensitive user passwords). In the ISO\/IEC SC 27 meeting held in Mexico City in October 2014, it was unanimously supported by national bodies in Work Group 2 to include J-PAKE into the ISO\/IEC 11770-4 standard. The standardization of J-PAKE is currently in process and expects to finish in another two years.<\/p>\n

The original J-PAKE paper<\/a> was initially rejected by major conferences in the field, as the protocol design was based on a new method and didn’t follow any established approaches in the main stream at the time. The paper was eventually accepted and published by a small workshop (Security Protocols Workshop’08) held locally in Cambridge, UK in 2008. After 7 years of test by time, it is pleasing to see that the J-PAKE technique and its basic design ideas are being gradually accepted by the academic community and the industry.<\/p>\n","protected":false},"excerpt":{"rendered":"

The J-PAKE key exchange protocol, designed by Prof Peter Ryan and myself in 2008, has been built into the Nest thermostat products (Nest was bought by Google in 2014 for US$3.2 billion). A technical white paper that describes the implementation … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":4854,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,17],"tags":[],"class_list":["post-276","post","type-post","status-publish","format-standard","hentry","category-key-exchange","category-news"],"_links":{"self":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/users\/4854"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/comments?post=276"}],"version-history":[{"count":8,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/276\/revisions"}],"predecessor-version":[{"id":284,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/276\/revisions\/284"}],"wp:attachment":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/media?parent=276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/categories?post=276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/tags?post=276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}