[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: cite's related work business mo
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: cite's related work business model |
|
Date: |
Sat, 07 Mar 2020 18:19:13 +0100 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 7c389e9 cite's related work business model
7c389e9 is described below
commit 7c389e9b9ede2332a19f628076f02c0d2bf69670
Author: Dominik Meister <address@hidden>
AuthorDate: Sat Mar 7 18:13:53 2020 +0100
cite's related work business model
---
doc/thesis/bibliothek.bib | 196 +++++++++++++++++++++++++++---------------
doc/thesis/business_model.tex | 8 +-
doc/thesis/related_work.tex | 30 +++----
doc/thesis/thesis.pdf | Bin 103466 -> 89106 bytes
doc/thesis/thesis.tex | 7 +-
5 files changed, 142 insertions(+), 99 deletions(-)
diff --git a/doc/thesis/bibliothek.bib b/doc/thesis/bibliothek.bib
index d5cf0f3..18bad7c 100644
--- a/doc/thesis/bibliothek.bib
+++ b/doc/thesis/bibliothek.bib
@@ -1,70 +1,126 @@
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% File : template.bib
-%% Date : Saturday Sep 15 15:54:56 2018
-%% Author : frc1
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Description : Sample bibliography file
-%% WARNING : To be used with biblatex and biber, this file should be
-%% UTF-8 encoded
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Usage :
-%% 1) add the lines in the preamble of your document:
-%% \usepackage[backend=biber, style=ieee]{biblatex}
-%% \addbibresource{template.bib}
-%%
-%% 2) Compile the document at least once (preferably with lualatex), e.g.
-%% lualatex template.tex
-%%
-%% 3) Run the command "biber" on your document, e.g.
-%% biber template
-%%
-%% 4) Compile the document twice with lualatex
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-
-
-@article{Saha:2017:BUG:3131227.3131229,
- author = {Saha, Amit},
- title = {Back Up GitHub Repositories Using Golang},
- journal = {Linux J.},
- issue_date = {July 2017},
- volume = {2017},
- number = {279},
- month = jul,
- year = {2017},
- issn = {1075-3583},
- articleno = {2},
- url = {http://dl.acm.org/citation.cfm?id=3131227.3131229},
- acmid = {3131229},
- publisher = {Belltown Media},
- address = {Houston, TX},
-}
-
-
-@inproceedings{Diniz:2017:UGO:3100317.3100324,
- author = {Diniz, Guilherme C. and Silva, Marco A. Graciotto and Gerosa, Marco
A. and Steinmache, Igor},
- title = {Using Gamification to Orient and Motivate Students to Contribute to
{OSS} Projects},
- booktitle = {Proceedings of the 10th International Workshop on Cooperative
and Human Aspects of Software Engineering},
- series = {CHASE '17},
- year = {2017},
- isbn = {978-1-5386-4039-5},
- location = {Buenos Aires, Argentina},
- pages = {36--42},
- numpages = {7},
- url = {https://doi.org/10.1109/CHASE.2017.7},
- doi = {10.1109/CHASE.2017.7},
- acmid = {3100324},
- publisher = {IEEE Press},
- address = {Piscataway, NJ, USA},
- keywords = {engagement, gamification, motivation, newcomers, open source
software, students},
-}
-
-@book{Jerald:2015:VBH:2792790,
- author = {Jerald, Jason},
- title = {The VR Book: Human-Centered Design for Virtual Reality},
- year = {2016},
- isbn = {978-1-97000-112-9},
- publisher = {Association for Computing Machinery and Morgan \& Claypool},
- address = {New York, NY, USA},
-}
\ No newline at end of file
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% File : thesis.bib
+%% Date : Saturday Sep 15 15:54:56 2018
+%% Author : Dominik Meister, Dennis Neufeld
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Description : Sample bibliography file
+%% WARNING : To be used with biblatex and biber, this file should be
+%% UTF-8 encoded
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Usage :
+%% 1) add the lines in the preamble of your document:
+%% \usepackage[backend=biber, style=ieee]{biblatex}
+%% \addbibresource{template.bib}
+%%
+%% 2) Compile the document at least once (preferably with lualatex), e.g.
+%% lualatex template.tex
+%%
+%% 3) Run the command "biber" on your document, e.g.
+%% biber template
+%%
+%% 4) Compile the document twice with lualatex
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+@online{global_data_index,
+ title = {Global Data Protection Index 2018 – Key Findings},
+ organization = {Dell EMC.},
+ year = 2018,
+ urldate = {2020-03-07},
+ url =
{https://www.delltechnologies.com/content/dam/uwaem/production-design-assets/en/gdpi/assets/infographics/dell-gdpi-vb-key-findings-deck.pdf)},
+}
+
+@online{ccc_merkel,
+ title = {CCC-Tüftler hackt Merkels Iris und von der Leyens
Fingerabdruck},
+ author = {Stefan Krempl},
+ organization = {heise online},
+ year = 2014,
+ urldate = {2020-03-07},
+ url =
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},
+}
+@online{millions_lost,
+ title = {Bitcoin: Millions of dollars of cryptocurrency 'lost'
after man dies with only password},
+ author = {Anthony Cuthbertson},
+ organization = {INDEPENDENT},
+ year = 2019,
+ urldate = {2020-03-07},
+ url =
{https://www.independent.co.uk/life-style/gadgets-and-tech/news/bitcoin-exchange-quadrigacx-password-cryptocurrency-scam-a8763676.html},
+}
+@online{forgot_my_pin,
+ title = {I Forgot My PIN’: An Epic Tale of Losing \$30,000 in
Bitcoin},
+ author = {Mark Frauenfelder},
+ organization = {WIRED},
+ year = 2017,
+ urldate = {2020-03-07},
+ url =
{https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/},
+}
+@inproceedings{pedersen_sharing_0,
+ title={Non-interactive and information-theoretic secure verifiable secret
sharing},
+ author={Pedersen, Torben Pryds},
+ booktitle={Annual international cryptology conference},
+ pages={129--140},
+ year=1991,
+ organization={Springer},
+ chapter={0},
+}
+@inproceedings{pedersen_sharing_5.2,
+ title={Non-interactive and information-theoretic secure verifiable secret
sharing},
+ author={Pedersen, Torben Pryds},
+ booktitle={Annual international cryptology conference},
+ pages={129--140},
+ year=1991,
+ organization={Springer},
+ chapter={5.2},
+}
+@article{shamir_sharing,
+ title={How to share a secret},
+ author={Shamir, Adi},
+ journal={Communications of the ACM},
+ volume={22},
+ number={11},
+ pages={612--613},
+ year=1979,
+ publisher={ACm New York, NY, USA},
+}
+@inproceedings{feldman_sharing,
+ title={A practical scheme for non-interactive verifiable secret sharing},
+ author={Feldman, Paul},
+ booktitle={28th Annual Symposium on Foundations of Computer Science (sfcs
1987)},
+ pages={427--438},
+ year=1987,
+ organization={IEEE},
+}
+@article{authentication_methods_review,
+ title = {A Review on Authentication Methods},
+ author = {Syed Idrus, Syed Zulkarnain and Cherrier, Estelle and Rosenberger,
Christophe and Schwartzmann, Jean-Jacques},
+ url = {https://hal.archives-ouvertes.fr/hal-00912435},
+ journal = {Australian Journal of Basic and Applied Sciences},
+ volume = {7},
+ number = {5},
+ pages = {95-107},
+ year = 2013,
+}
+@book{rieck_detection,
+ title={Detection of Intrusions and Malware, and Vulnerability Assessment:
10th International Conference, DIMVA 2013, Berlin, Germany, July 18-19, 2013.
Proceedings},
+ author={Rieck, Konrad and Stewin, Patrick and Seifert, Jean-Pierre},
+ volume={7967},
+ year=2013,
+ publisher={Springer}
+}
+@article{biometric_auth,
+ title={Privacy-preserving biometric authentication: challenges and
directions},
+ author={Pagnin, Elena and Mitrokotsa, Aikaterini},
+ journal={Security and Communication Networks},
+ volume={2017},
+ year=2017,
+ publisher={Hindawi}
+}
+@article{multifactor_authentication,
+ title={Multi-factor authentication: A survey},
+ author={Ometov, Aleksandr and Bezzateev, Sergey and Makitalo, Niko and
Andreev, Sergey and Mikkonen, Tommi and Koucheryavy, Yevgeni},
+ journal={Cryptography},
+ volume={2},
+ number={1},
+ pages={1},
+ year=2018,
+ publisher={Multidisciplinary Digital Publishing Institute}
+}
diff --git a/doc/thesis/business_model.tex b/doc/thesis/business_model.tex
index 635fea2..aa035a0 100644
--- a/doc/thesis/business_model.tex
+++ b/doc/thesis/business_model.tex
@@ -6,6 +6,11 @@ Having an agreement with Taler Systems SA our first customers
will be the users
There are some solutions out there for password recovery. But none of them is
respecting privacy and enabling the users to remain in control of their data.
Anastasis enables ordinary users to remain in control of their data, including
ensuring their data remains available to them, even if they cannot remember or
securely store any sufficient high-entropy key material to secure their access.
+\subsection{Market review and innovation potential}
+
+There are already some key recovery or key splitting solutions on the market.
For example, there is a solution from Coinbase. Coinbase is a global digital
asset exchange company, providing a venue to buy and sell digital currencies.
Coinbase also uses wallets secured with private keys. To recover this private
key the user has to provide a 12 words recovery phrase. Coinbase now offers a
solution to securely deposit this recovery phrase onto the users Google Drive.
The security here lies w [...]
+Today information losses from security incidents are rampant, either because
data is exposed (loss of confidentiality) or because users lose their data
because of lacking backups (loss of availability). As seen in the study of the
Global Data Protection Index 2018 \cite{global_data_index}, 76\% of those
interviewed had an availability incident. 1TB of data loss or 20 hours of
downtime reportedly costs half a million dollars. On the other hand, loss of
confidential private data can result [...]
+Prominent cases in which sometimes enormous amounts of money have been gone
useless by losing the key to the digital wallet clarify the urgent need of a
key recovery system like Anastasis. For example the case QuadrigaCX exchange
was heavily discussed in the media when the chief executive, Gerald Cotton,
unexpectedly died and left £145 million in a “cold wallet”.
\cite{millions_lost} In some cases there is a workaround to recover a lost key,
provided there is a security hole in the digit [...]
\subsection{Founder}
@@ -23,9 +28,6 @@ Anastasis will provide the service by implementing a REST API
and an associated
Initially, few applications will support Anastasis. Hence, our business will
launch by being paid by companies that need an escrow provider to be included
in their product offering.
-\subsection{Market}
-Various applications need to somehow secure core secrets of their users. We
have all read stories about Bitcoin fortunes having gone lost because users
lost their electronic wallets, but the same challenge also applies to classical
electronic payment providers using electronic wallets for fiat currencies.
Securing private keys is also an issue for classical encryption solutions such
as OpenPGP. All of these applications urgently need a privacy-respecting key
recovery service.
-
\subsection{Strategy}
\subsection{Marketing}
diff --git a/doc/thesis/related_work.tex b/doc/thesis/related_work.tex
index 5f11169..6406aee 100644
--- a/doc/thesis/related_work.tex
+++ b/doc/thesis/related_work.tex
@@ -1,26 +1,16 @@
\section{Related work}
\subsection{Secret sharing}
-As Anastasis uses some kind of secret sharing/secret splitting we want to give
an overview of some of those algorithms.
-However, the scenario for Anastasis is slightly different from the usual
secret sharing scenario. When it comes to secret sharing, there are usually
several people who collectively want to restore a secret. For example, n people
could work on a top secret project that is protected by a password. This
password is now divided into several parts, which are distributed to the n
people. Only when a certain number of the n persons combine their key parts in
a certain way, the original password [...]
-With Anastasis, in contrast to the scenario just described, we have the case
that only one person, namely the person who owns the password, may be able to
recover the secret.
+Secret splitting, also known as secret sharing, is a well-known technique for
distributing a secret amongst multiple recipients. This is achieved by
assigning a share of the secret to each recipient. By combining a sufficient
number of those shares, it is possible to reconstruct the secret.
+Regarding secret sharing there are several interesting approaches. For
example, the algorithm "Shamir's Secret Sharing" „divide[s] data D into n
pieces in such a way that D is easily reconstruct able from any k pieces, but
even complete knowledge of k - 1 pieces reveals absolutely no information about
D“ \cite{shamir_sharing}.
+Shamir’s simple secret sharing scheme has two key limitations. First, it
requires a trusted dealer who initially generates the secret to be distributed,
and second the shares are not verifiable during reconstruction. Therefore,
malicious shareholders could submit corrupt shares to prevent the system from
reconstructing the secret -- without these corrupt shareholders being
detectable as malicious. Furthermore, the dealer distributing the shares could
be corrupt and distribute some incons [...]
+Verifiability can be achieved by using so called commitment schemes like the
Pederson commitment. It allows „to distribute a secret to n persons such that
each person can verify that he has received correct information about the
secret without talking with other persons“ \cite{pedersen_sharing_0}. In his
paper „A Practical Scheme for Non-interactive Verifiable Secret Sharing“, Paul
Feldman combines the two algorithms above. His algorithm for verifiable secret
sharing, short VSS, allows [...]
+Distributed key generation algorithms, short DKG, solve the problem of needing
a trustworthy dealer by relying on a threshold of honest persons. Contrary to
the above-mentioned schemes, in distributed key generation algorithms every
participant is involved in key generation.
+The Pederson DKG is such „a secret sharing scheme without a mutually trusted
authority“ \cite{pedersen_sharing_5.2}. Basically, this DKG works as follows:
First, each involved party generates a pre-secret and distributes it to all
parties using the verifiable secret sharing scheme of Feldman. Afterwards, each
party recombines the received shares, including its own pre-secret, to a share
of the main secret. The main secret can be reconstructed by summing up each
recombination of the share [...]
+For Anastasis we do not need a DKG because the dealer is the user himself and
therefore, he is fully trustworthy. But we need verifiability. In our case we
achieve verifiability by using HMACs. Furthermore, for our purposes the
above-mentioned algorithms are inadequate because we are dealing with a
manageable number of sharing parties and we need a more flexible solution.
-\subsubsection{Trivial secret sharing}
-In the following we sign with t (threshold) the number of persons necessary to
reconstruct a secret and with n the total number of persons a key share is
given to.\\
-\\
-For the case t=1, it quickly becomes clear that only the unchanged secret is
passed on to a number n of persons. It is obvious that such a case is
undesirable and totally insecure in most cases.\\
-\\
-Then there is the trivial case with t=n, which in principle is also used in
Anastasis. Here all n key/secret shares are needed to reconstruct the secret.
In Anastasis we basically use the following procedure to split or reassemble a
secret:
+\subsection{Authentication}
+Anastasis is using standard authentication procedures to authorize its users.
There are several authentication methods available, a short overview of the
methods is presented here. Password authentication is the most widely used
authentication procedure. But as studies show the procedure has its problems
\cite{authentication_methods_review}. The handling of the passwords is done
poorly, like storage or transmission. Additionally, the user must remember his
password, therefore the passwor [...]
+To build a secure authentication procedure, today multifactor authentication
is the standard \cite{multifactor_authentication}. Multifactor authentication
combines multiple authentication procedures, to enhance the security of the
system. For Anastasis we are building a multifactor authentication system,
which combines a wide range of authentication methods to provide authenticity.
-\begin{itemize}
- \item The secret must be encoded as an binary number s.
- \item Generate n random numbers p\textsubscript{i} and give one of them
to each player.
- \item Store the result r of (s XOR p\textsubscript{1} XOR
p\textsubscript{2} XOR ... XOR p\textsubscript{n})
- \\(XOR is bitwise exclusive or). For this r could be
given to all players or just to a player n+1.
- \item To recover the secret s, the n players have to add their numbers
p\textsubscript{i} bitwise to r.\\
-\end{itemize}
-There is also the case 1<k<n. Here only a subset with k persons is necessary
to reveal the secret. However, there are quickly problems with efficiency: Each
person must know all possible combinations of his secret share with the others
for a successful disclosure of the secret. In total there are \(\binom{n}{k}\)
possibilities, of which every player must know \(\binom{n-1}{k-1}\).
In the worst case, the number of combinations can even grow exponentially.
-
-\subsubsection{Shamir's Secret Sharing}
-Adi Shamir is an Israeli cryptographer and a co-inventor of the RSA-Algorithm
(Rivest-Shamir-Adleman).
diff --git a/doc/thesis/thesis.pdf b/doc/thesis/thesis.pdf
index f085c0e..0870b5f 100644
Binary files a/doc/thesis/thesis.pdf and b/doc/thesis/thesis.pdf differ
diff --git a/doc/thesis/thesis.tex b/doc/thesis/thesis.tex
index d06fbc2..876b07c 100644
--- a/doc/thesis/thesis.tex
+++ b/doc/thesis/thesis.tex
@@ -4,7 +4,6 @@
\usepackage{draftwatermark}
%%\usepackage[french]{babel}
%%\usepackage[ngerman]{babel}
-
\SetWatermarkText{DRAFT}
%% Choose default font for the document
@@ -37,10 +36,8 @@
\include{abstract}
\section{Motivation}
-\lipsum[1-5]
\section{Task schedule}
-\lipsum[1-5]
\include{related_work}
@@ -50,14 +47,12 @@
%\lipsum[1-5]
\section{Implementation}
-\lipsum[1-5]
+
\section{Evaluation}
-\lipsum[1-5]
\include{business_model}
\section{Conclusion}
-\lipsum[1-5]
%% Print the bibibliography and add the section to th table of content
\printbibliography[heading=bibintoc]
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: cite's related work business model,
gnunet <=