[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: different fixes
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: different fixes |
|
Date: |
Fri, 05 Jun 2020 18:21:13 +0200 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 23d6287 different fixes
23d6287 is described below
commit 23d6287bb6fc216872546c8f74b0584785f55889
Author: Dominik Meister <dominiksamuel.meister@students.bfh.ch>
AuthorDate: Fri Jun 5 18:21:06 2020 +0200
different fixes
---
doc/thesis/acknowledgments.tex | 5 ++++-
doc/thesis/bibliothek.bib | 13 ++++++++++++-
doc/thesis/conclusion.tex | 9 +++------
doc/thesis/images/project_plan_anastasis.pdf | Bin 415918 -> 0 bytes
doc/thesis/images/project_plan_anastasis.png | Bin 0 -> 78409 bytes
doc/thesis/related_work.tex | 10 +++++-----
doc/thesis/thesis.tex | 2 +-
7 files changed, 25 insertions(+), 14 deletions(-)
diff --git a/doc/thesis/acknowledgments.tex b/doc/thesis/acknowledgments.tex
index fac4199..3eced13 100644
--- a/doc/thesis/acknowledgments.tex
+++ b/doc/thesis/acknowledgments.tex
@@ -1,3 +1,6 @@
\section*{Acknowledgements}
\addcontentsline{toc}{section}{Acknowledgements}
-We wish to thank Christian Grothoff for the help and support he has provided
throughout our work on Anastasis. We also thank the GNU Taler SA which provided
us feedback within the development and helped us to apply to different fundings.
+We wish to thank Christian Grothoff for the help and support he has provided
throughout our work on Anastasis. He helped us resolve bugs and provided us
feedback for the development. Additionaly he helped us to edit our bachelor
thesis documents.
+We also wish to thank the GNU Taler team, Vaishnavi Mohan, Nana Karlstetter
and Leon Schumacher which supported us writing and presenting a funding
proposal.
+Additionaly we want to thank Florian Dold which gave us feedback for our REST
API documentation.
+We also want to thank Emmanuel Benoist for providing us the paper for MIDATA.
\ No newline at end of file
diff --git a/doc/thesis/bibliothek.bib b/doc/thesis/bibliothek.bib
index b06dcd7..4e79252 100644
--- a/doc/thesis/bibliothek.bib
+++ b/doc/thesis/bibliothek.bib
@@ -69,7 +69,7 @@
organization = {heise online},
year = 2014,
urldate = {2020-03-07},
- url =
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},
+ url =
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html
}
@online{millions_lost,
title = {Bitcoin: Millions of dollars of cryptocurrency 'lost'
after man dies with only password},
@@ -308,4 +308,15 @@
author={Pohlmann, Norbert and Frintrop, Jan-Hendrik and Widdermann, Rick and
Ziegler, Tim},
year={2017}
}
+@online{emailauthowasp,
+ title = {Forgot Password Cheat Sheet},
+ organization = {OWASP Foundation},
+ year = 2020,
+ urldate = {2020-06-05},
+ url =
{https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html},
+}
+
+
+
+
diff --git a/doc/thesis/conclusion.tex b/doc/thesis/conclusion.tex
index 0181d07..79470a7 100644
--- a/doc/thesis/conclusion.tex
+++ b/doc/thesis/conclusion.tex
@@ -1,8 +1,5 @@
\section{Conclusion and outlook}
-FIXME !!!!
-
-The Anastasis project was a very interesting experience for us. Sadly we could
not meet all the requirements for the project, we were unable to integrate a
non complex authentication method. \\
+The Anastasis project was a very interesting experience for us. We could learn
alot in software development and learned alot about the process of funding
proposals.
+We may did not meet all the technical requirements, but instead we have been
able to establish many business oppurtunities.\\
The Anastasis project won't be finished by this point, at the moment we are
starting to build a start-up to be able to continue working on Anastasis.
-We think that our protocol is good designed and can solve the problem of key
recovery.
-We hope that in the future people can backup their keys with Anastasis.
-Thanks?
+We think that our protocol is good designed and can solve the problem of key
recovery. We hope that in the future people can backup their keys with
Anastasis.
diff --git a/doc/thesis/images/project_plan_anastasis.pdf
b/doc/thesis/images/project_plan_anastasis.pdf
deleted file mode 100644
index b4f74ac..0000000
Binary files a/doc/thesis/images/project_plan_anastasis.pdf and /dev/null differ
diff --git a/doc/thesis/images/project_plan_anastasis.png
b/doc/thesis/images/project_plan_anastasis.png
new file mode 100644
index 0000000..b21586e
Binary files /dev/null and b/doc/thesis/images/project_plan_anastasis.png differ
diff --git a/doc/thesis/related_work.tex b/doc/thesis/related_work.tex
index 1f032e0..e134d0f 100644
--- a/doc/thesis/related_work.tex
+++ b/doc/thesis/related_work.tex
@@ -102,11 +102,11 @@ When it comes to privacy, storing a phone number is a
problem. But the service a
In Anastasis we also need to store the phone number to the server. But in our
case the phone number is encrypted with a secret key only the user owns. The
server only gets this secret key during an authentication process. Thus
stealing the database of the server does not reveal the phone number to the
attacker.
\subsubsection{E-mail authentication}
-Authentication by e-mail is very similar to SMS authentication. Here, the user
receives an OTP by e-mail and has to provide it during authentication process.\\
-git
-FIXME: drawbacks,vulnerability\\
-In Anastasis the mail address of the user is stored in an encrypted way, too.
The user has to provide the corresponding key to the server during
authentication process.
-
+Authentication by email is very similar to SMS authentication. Here, the user
receives a token by email and has to provide it during the authentication
process.
+The handling of this token needs some considerations. The token should have
+a validity period, this means for example the token would only be valid for
one hour. This is a security measure to prevent malicious actions if the user's
email account was compromised. Also the token should be a randomly generated
passphrase which has atleast 8 characters.\\
+Another import part is that the email should never contain the requested
information, in our case the keyshare. Because there is no guarante that the
email channel is encrypted. Also the email and the keyshare information would
be stored for a indefinite period in the user's mailbox. Also the mailbox could
be compromised of read by an IT department.\cite{emailauthowasp} \\
+As mentioned in the SMS authentication section we also store the email
encrypted on the server. The user has to provide the corresponding key to the
server during authentication process.
\subsubsection{VideoIdent}
VideoIdent uses a video chat to verify the identity of a user. The user needs
to show his face using a camera to an employee of the VideoIdent-service who
verifies the correct user by a picture of the user \cite{pohlmann2017}.\\
diff --git a/doc/thesis/thesis.tex b/doc/thesis/thesis.tex
index 6332ace..cc806d4 100644
--- a/doc/thesis/thesis.tex
+++ b/doc/thesis/thesis.tex
@@ -32,7 +32,7 @@
\begin{document}
\pagenumbering{gobble}
-\clearpage
+\clearpage
\thispagestyle{empty}
\title{Anastasis}
\date{\today} %% or \date{01 november 2018}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: different fixes,
gnunet <=