[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated (23d6287 -> a5ca501)
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated (23d6287 -> a5ca501) |
Date: |
Sat, 06 Jun 2020 11:48:40 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a change to branch master
in repository anastasis.
from 23d6287 different fixes
new d647c0b worked on introduction
new 50a8a0c merge
new 11e30e3 merge
new 0f70355 worked on introduction
new a5ca501 worked on introduction
The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
doc/thesis/acknowledgments.tex | 2 +-
doc/thesis/bibliothek.bib | 28 +++++++++++----
doc/thesis/images/system-architecture_2.png | Bin 0 -> 76910 bytes
doc/thesis/images/user_id.png | Bin 0 -> 44157 bytes
doc/thesis/introduction.tex | 51 ++++++++++++++++++++++------
doc/thesis/project_management.tex | 2 +-
doc/thesis/related_work.tex | 10 +++---
7 files changed, 69 insertions(+), 24 deletions(-)
create mode 100644 doc/thesis/images/system-architecture_2.png
create mode 100644 doc/thesis/images/user_id.png
diff --git a/doc/thesis/acknowledgments.tex b/doc/thesis/acknowledgments.tex
index 3eced13..dd41ed1 100644
--- a/doc/thesis/acknowledgments.tex
+++ b/doc/thesis/acknowledgments.tex
@@ -1,6 +1,6 @@
\section*{Acknowledgements}
\addcontentsline{toc}{section}{Acknowledgements}
-We wish to thank Christian Grothoff for the help and support he has provided
throughout our work on Anastasis. He helped us resolve bugs and provided us
feedback for the development. Additionaly he helped us to edit our bachelor
thesis documents.
+We wish to thank Christian Grothoff for the help and support he has provided
throughout our work on Anastasis. He helped us resolve bugs and provided us
feedback for the development. Additionally he helped us to edit our bachelor
thesis documents.
We also wish to thank the GNU Taler team, Vaishnavi Mohan, Nana Karlstetter
and Leon Schumacher which supported us writing and presenting a funding
proposal.
Additionaly we want to thank Florian Dold which gave us feedback for our REST
API documentation.
We also want to thank Emmanuel Benoist for providing us the paper for MIDATA.
\ No newline at end of file
diff --git a/doc/thesis/bibliothek.bib b/doc/thesis/bibliothek.bib
index 4e79252..8420d16 100644
--- a/doc/thesis/bibliothek.bib
+++ b/doc/thesis/bibliothek.bib
@@ -69,7 +69,7 @@
organization = {heise online},
year = 2014,
urldate = {2020-03-07},
- url =
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html
+ url =
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},
}
@online{millions_lost,
title = {Bitcoin: Millions of dollars of cryptocurrency 'lost'
after man dies with only password},
@@ -308,6 +308,20 @@
author={Pohlmann, Norbert and Frintrop, Jan-Hendrik and Widdermann, Rick and
Ziegler, Tim},
year={2017}
}
+@book{garfinkel1995,
+ title={PGP: pretty good privacy},
+ author={Garfinkel, Simson},
+ year={1995},
+ publisher={" O'Reilly Media, Inc."}
+}
+@inproceedings{LLLW*2017,
+ title={An efficient method to enhance Bitcoin wallet security},
+ author={Liu, Yi and Li, Ruilin and Liu, Xingtong and Wang, Jian and Zhang,
Lei and Tang, Chaojing and Kang, Hongyan},
+ booktitle={2017 11th IEEE International Conference on Anti-counterfeiting,
Security, and Identification (ASID)},
+ pages={26--29},
+ year={2017},
+ organization={IEEE}
+}
@online{emailauthowasp,
title = {Forgot Password Cheat Sheet},
organization = {OWASP Foundation},
@@ -315,8 +329,10 @@
urldate = {2020-06-05},
url =
{https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html},
}
-
-
-
-
-
+@online{pepdoc,
+ title = {Welcome to p≡p Documentation!},
+ organization = {pEp Security SA},
+ year = 2020,
+ urldate = {2020-06-06},
+ url = {https://www.pep.security/docs/},
+}
diff --git a/doc/thesis/images/system-architecture_2.png
b/doc/thesis/images/system-architecture_2.png
new file mode 100644
index 0000000..7c2cbd0
Binary files /dev/null and b/doc/thesis/images/system-architecture_2.png differ
diff --git a/doc/thesis/images/user_id.png b/doc/thesis/images/user_id.png
new file mode 100644
index 0000000..42c741c
Binary files /dev/null and b/doc/thesis/images/user_id.png differ
diff --git a/doc/thesis/introduction.tex b/doc/thesis/introduction.tex
index 5123595..b8e8b9a 100644
--- a/doc/thesis/introduction.tex
+++ b/doc/thesis/introduction.tex
@@ -1,15 +1,44 @@
\section{Introduction}
-Secure storage of private cryptographic keys or in general every kind of core
secret is a big problem
-because there is no reasonable solution solving it while meeting the following
criteria:
-\begin{itemize}
- \item Only the user must be in control of the core secret.
- \item The solution must ensure confidentiality of the stored core
secret.
- \item The solution must ensure availability of the core secret.
- \item The user doesn't need to memorize a password.
-\end{itemize}
+Secure storage of private cryptographic keys or in general every kind of core
secret is a big problem because most current key management systems just reduce
the problem of memorizing a high-entropy passphrase or key to memorizing a
low-entropy passphrase. This of course cannot be the solution because you
undermine the whole security of a cryptographic system using such solutions.\\
+Key management systems have to deal with the question, how to store a key.
Keys are used to encrypt high sensitive personal data and therefore they must
be kept safely. Only the legitimated owner of a key should have the possibility
to recover a lost key. Most people have difficulties memorizing a high-entropy
passphrase and therefore tend to use low-entropy passphrases. That is why you
can't rely on memorizing a password which is needed to recover a key.\\
+We have a software solution for the described problem. We call our solution
"Anastasis" which is a term for restoration to health in medicine.\\
-There are several applications which are in need of a key escrow system with
the described properties. For example for email encryption using Pretty Good
Privacy (PGP) \cite{garfinkel1995} you need a private key which is stored to
the device running PGP. Losing the PGP private key means following: All
received emails which are encrypted with a key derived from the private key are
unreadable and you need to build your trust network again. Because emails could
contain high sensitive inform [...]
+There are several applications which are in need of a key escrow system like
Anastasis. For example for email encryption using Pretty Good Privacy
(PGP)~\cite{garfinkel1995} you need a private key which is stored to the device
running PGP. Losing the PGP private key means following: All received emails
which are encrypted with a key derived from the private key are unreadable and
you need to build your trust network again. Because emails could contain high
sensitive information, it is ne [...]
-Another application relying on a core secret are cryptocurrencies like
Bitcoin. Each user of Bitcoin needs a so called Wallet which stores and
protects the private keys of the user. Those private keys legitimate its owners
to spend the bitcoins corresponding to the keys \cite{LLLW*2017}. Therefor
losing those keys means losing all the corresponding Bitcoins which in some
cases could be a loss of millions of Euros \cite{millions_lost}.\\
+Pretty Easy privacy (short p\equiv p) is "a cyber security solution which
protects the confidentiality and reliability of communications for citizens,
for public offices and for enterprises"~\cite{pepdoc}. It secures communication
via email by providing an end-to-end cryptography. For this the software uses a
private key. The impact of losing the private key is similar to those of PGP.\\
-FIXME: PEP, TALER, Europaeische Zentralbank
+Another application relying on a core secret are cryptocurrencies like
Bitcoin. Each user of Bitcoin needs a so called Wallet which stores and
protects the private keys of the user. Those private keys legitimate its owners
to spend the bitcoins corresponding to the keys \cite{LLLW*2017}. Therefore
losing those keys means losing all the corresponding Bitcoins which in some
cases could be a loss of millions of Euros \cite{millions_lost}.\\
+
+Taler is a new electronic payment system for privacy-friendly online
transactions. Their digital wallet is also protected by a private key which
loss means losing all the money stored in the wallet. Therefor the ECB
(European Central Bank) informed Taler Systems SA about the requirement for
electronic wallets denominated in Euros to support password-less data recovery.
From this impulse the project Anastasis was finally born.
+
+\subsection{Principles}
+For Anastasis we have following design principles, in order of importance:
+\begin{enumerate}
+ \item Anastasis must be Free Software.
+ \item Anastasis must not rely on the trustworthiness of individual
providers. It must be possible to use Anastasis safely even if an individual
provider is compromised. Anastasis must minimize the amount of information
exposed to providers and the network.
+ \item The user is in control.
+ \item The system must be economical viable to operate. This implies
usability and efficiency of the system.
+ \item Anastasis must support a diverse range of use cases.
+\end{enumerate}
+
+\subsection{Approaches}
+\subsubsection{Secret sharing and recovery}
+Our approach to solve the problem of key management is to let the user split
their secret across multiple escrow providers (see figure
\ref{fig:system_arch2}). To restore the secret again, the user has to follow
standard authentication procedures. After successful authentication the user
gets the secret shares to reassemble the secret.
+\begin{figure}[H]
+\centering
+\includegraphics[scale=0.33]{images/system-architecture_2.png}
+\caption{System architecture}
+\label{fig:system_arch2}
+\end{figure}
+
+\subsubsection{Derive user identifier}
+Every person has some hard to guess, semi-private and unforgettably inherent
attributes such as name and passport number, social security number or AHV
number (in Switzerland). We use those attributes to derive an user identifier
from (see figure \ref{fig:user_id}).
+\begin{figure}[H]
+\centering
+\includegraphics[scale=0.3]{images/user_id.png}
+\caption{Derivation of user identifier}
+\label{fig:user_id}
+\end{figure}
+
+\subsection{Applications}
+FIXME
\ No newline at end of file
diff --git a/doc/thesis/project_management.tex
b/doc/thesis/project_management.tex
index 19391cd..b869c07 100644
--- a/doc/thesis/project_management.tex
+++ b/doc/thesis/project_management.tex
@@ -3,7 +3,7 @@ This section describes the project planing of Anastasis. A
detailed reflection o
\subsection{Project plan}
The following graphic shows our project plan how we planed to implement
Anastasis and write our bachelor thesis.
\begin{figure}[H]
- \includegraphics[scale=0.6]{images/project_plan_anastasis.pdf}
+ \includegraphics[scale=0.6]{images/project_plan_anastasis.png}
\caption{Anasasis project plan}
\label{fig:project_plan_anastasis}
\end{figure}
diff --git a/doc/thesis/related_work.tex b/doc/thesis/related_work.tex
index e134d0f..5bde002 100644
--- a/doc/thesis/related_work.tex
+++ b/doc/thesis/related_work.tex
@@ -7,7 +7,7 @@ A pseudo random generator is an algorithm producing a sequence
of bits for which
\subsubsection{Pseudo random function (PRF)}
A pseudo random function PRF(k, m) takes two arguments, a secret key k and
some data m, and returns an output that is unpredictable as long the secret key
k is unknown to an attacker and is a random value \cite{nielsen2002}.\\
-PRFs can be constructed using PRGs \cite{GGM1986}.
+PRFs can be constructed using PRGs.~\cite{GGM1986}
\subsubsection{Hash function}
Hash functions "compress a string of arbitrary length to a string of fixed
length [...]" \cite{Preneel1999}. The output of a hash function often is called
a "hash". Hash functions in general should be very fast to compute.
Cryptographic hash functions need to fulfil additional security requirements
which are called:
@@ -22,10 +22,10 @@ Pre-image resistance, also called "one way property", means
that for a given has
The second pre-image resistance is described by following: For a given hash
function H and a hash value H(x), it is computationally infeasible to find x
and x' such that H(x) = H(x') \cite{SG2012}. In Anastasis hash functions also
are involved in signing our so called recovery document. Hence an attacker
should not be able to create a malicious recovery document with the same hash
value as the original one.\\
The definition of collision resistance slightly differs from the second
pre-image resistance: For a given hash function H, it is computationally
infeasible to find a pair (x, y) such that H(x) = H(y) \cite{SG2012}. As we are
using HKDFs for deriving keys in Anastasis, an attacker should not be able to
find some other input values also leading to the same keys we use.\\
A cryptographic hash function should also behave as a pseudo random function.
This means that although a hash function is purely deterministic, the output
must not be predictable.\\
-The avalanche effect describes the property of an algorithm that causes a
significant change of the output value, usually a bit flipping of more than
half the output is desired, if the input is changed slightly (for example,
flipping a single bit) \cite{RK2011}. The more bits are flipping in the output
value the higher the entropy of the randomness of the hash function.
+The avalanche effect describes the property of an algorithm that causes a
significant change of the output value, usually a bit flipping of more than
half the output is desired, if the input is changed slightly (for example,
flipping a single bit).~\cite{RK2011} The more bits are flipping in the output
value the higher the entropy of the randomness of the hash function.
There are several applications for cryptographic hash functions. For example
you can store the hash value of a passphrase instead of the passphrase itself
in a computer to protect the passphrase. Another important application is
verification of message integrity: Before and after transmission of a message
you can calculate the hash values of it and compare them to determine if the
message changed during transmission.\\
-In Anastasis we use SHA-512 \cite{GJW2011} for fast hash functions.
+In Anastasis we use SHA-512~\cite{GJW2011} for fast hash functions.
\subsubsection{HMAC}
When it comes to integrity of messages during communication of two parties
over an insecure channel Keyed-Hash Message Authentication Codes (HMAC) are
used as check values. An HMAC function is based on a hash function and takes
two arguments, a key K and a message M:\\
@@ -104,8 +104,8 @@ In Anastasis we also need to store the phone number to the
server. But in our ca
\subsubsection{E-mail authentication}
Authentication by email is very similar to SMS authentication. Here, the user
receives a token by email and has to provide it during the authentication
process.
The handling of this token needs some considerations. The token should have
-a validity period, this means for example the token would only be valid for
one hour. This is a security measure to prevent malicious actions if the user's
email account was compromised. Also the token should be a randomly generated
passphrase which has atleast 8 characters.\\
-Another import part is that the email should never contain the requested
information, in our case the keyshare. Because there is no guarante that the
email channel is encrypted. Also the email and the keyshare information would
be stored for a indefinite period in the user's mailbox. Also the mailbox could
be compromised of read by an IT department.\cite{emailauthowasp} \\
+a validity period, this means for example the token would only be valid for
one hour. This is a security measure to prevent malicious actions if the user's
email account was compromised. Also the token should be a randomly generated
passphrase which has at least 8 characters.\\
+Another import part is that the email should never contain the requested
information, in our case the keyshare. Because there is no guarantee that the
email channel is encrypted. Also the email and the keyshare information would
be stored for a indefinite period in the user's mailbox. Also the mailbox could
be compromised of read by an IT department.\cite{emailauthowasp} \\
As mentioned in the SMS authentication section we also store the email
encrypted on the server. The user has to provide the corresponding key to the
server during authentication process.
\subsubsection{VideoIdent}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-anastasis] branch master updated (23d6287 -> a5ca501),
gnunet <=
- [taler-anastasis] 02/05: merge, gnunet, 2020/06/06
- [taler-anastasis] 03/05: merge, gnunet, 2020/06/06
- [taler-anastasis] 01/05: worked on introduction, gnunet, 2020/06/06
- [taler-anastasis] 04/05: worked on introduction, gnunet, 2020/06/06
- [taler-anastasis] 05/05: worked on introduction, gnunet, 2020/06/06