[taler-anastasis] branch master updated (23d6287 -> a5ca501)

[gnunet]

This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a change to branch master
in repository anastasis.

    from 23d6287  different fixes
     new d647c0b  worked on introduction
     new 50a8a0c  merge
     new 11e30e3  merge
     new 0f70355  worked on introduction
     new a5ca501  worked on introduction

The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 doc/thesis/acknowledgments.tex              |   2 +-
 doc/thesis/bibliothek.bib                   |  28 +++++++++++----
 doc/thesis/images/system-architecture_2.png | Bin 0 -> 76910 bytes
 doc/thesis/images/user_id.png               | Bin 0 -> 44157 bytes
 doc/thesis/introduction.tex                 |  51 ++++++++++++++++++++++------
 doc/thesis/project_management.tex           |   2 +-
 doc/thesis/related_work.tex                 |  10 +++---
 7 files changed, 69 insertions(+), 24 deletions(-)
 create mode 100644 doc/thesis/images/system-architecture_2.png
 create mode 100644 doc/thesis/images/user_id.png

diff --git a/doc/thesis/acknowledgments.tex b/doc/thesis/acknowledgments.tex
index 3eced13..dd41ed1 100644
--- a/doc/thesis/acknowledgments.tex
+++ b/doc/thesis/acknowledgments.tex
@@ -1,6 +1,6 @@
 \section*{Acknowledgements}
 \addcontentsline{toc}{section}{Acknowledgements}
-We wish to thank Christian Grothoff for the help and support he has provided 
throughout our work on Anastasis. He helped us resolve bugs and provided us 
feedback for the development. Additionaly he helped us to edit our bachelor 
thesis documents.
+We wish to thank Christian Grothoff for the help and support he has provided 
throughout our work on Anastasis. He helped us resolve bugs and provided us 
feedback for the development. Additionally he helped us to edit our bachelor 
thesis documents.
 We also wish to thank the GNU Taler team, Vaishnavi Mohan, Nana Karlstetter 
and Leon Schumacher which supported us writing and presenting a funding 
proposal.
 Additionaly we want to thank Florian Dold which gave us feedback for our REST 
API documentation.
 We also want to thank Emmanuel Benoist for providing us the paper for MIDATA.  
\ No newline at end of file
diff --git a/doc/thesis/bibliothek.bib b/doc/thesis/bibliothek.bib
index 4e79252..8420d16 100644
--- a/doc/thesis/bibliothek.bib
+++ b/doc/thesis/bibliothek.bib
@@ -69,7 +69,7 @@
        organization = {heise online}, 
        year         = 2014,
        urldate      = {2020-03-07},
-       url          = 
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html
+       url          = 
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},
 }      
 @online{millions_lost,
        title        = {Bitcoin: Millions of dollars of cryptocurrency 'lost' 
after man dies with only password},
@@ -308,6 +308,20 @@
   author={Pohlmann, Norbert and Frintrop, Jan-Hendrik and Widdermann, Rick and 
Ziegler, Tim},
   year={2017}
 }
+@book{garfinkel1995,
+  title={PGP: pretty good privacy},
+  author={Garfinkel, Simson},
+  year={1995},
+  publisher={" O'Reilly Media, Inc."}
+}
+@inproceedings{LLLW*2017,
+  title={An efficient method to enhance Bitcoin wallet security},
+  author={Liu, Yi and Li, Ruilin and Liu, Xingtong and Wang, Jian and Zhang, 
Lei and Tang, Chaojing and Kang, Hongyan},
+  booktitle={2017 11th IEEE International Conference on Anti-counterfeiting, 
Security, and Identification (ASID)},
+  pages={26--29},
+  year={2017},
+  organization={IEEE}
+}
 @online{emailauthowasp,
        title        = {Forgot Password Cheat Sheet},
        organization = {OWASP Foundation},
@@ -315,8 +329,10 @@
        urldate      = {2020-06-05},
        url          = 
{https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html},
 }
-
-
-
-
-
+@online{pepdoc,
+       title        = {Welcome to p≡p Documentation!},
+       organization = {pEp Security SA},
+       year         = 2020,    
+       urldate      = {2020-06-06},
+       url          = {https://www.pep.security/docs/},
+}
diff --git a/doc/thesis/images/system-architecture_2.png 
b/doc/thesis/images/system-architecture_2.png
new file mode 100644
index 0000000..7c2cbd0
Binary files /dev/null and b/doc/thesis/images/system-architecture_2.png differ
diff --git a/doc/thesis/images/user_id.png b/doc/thesis/images/user_id.png
new file mode 100644
index 0000000..42c741c
Binary files /dev/null and b/doc/thesis/images/user_id.png differ
diff --git a/doc/thesis/introduction.tex b/doc/thesis/introduction.tex
index 5123595..b8e8b9a 100644
--- a/doc/thesis/introduction.tex
+++ b/doc/thesis/introduction.tex
@@ -1,15 +1,44 @@
 \section{Introduction}
-Secure storage of private cryptographic keys or in general every kind of core 
secret is a big problem
-because there is no reasonable solution solving it while meeting the following 
criteria:
-\begin{itemize}
-       \item Only the user must be in control of the core secret.
-       \item The solution must ensure confidentiality of the stored core 
secret.
-       \item The solution must ensure availability of the core secret.
-       \item The user doesn't need to memorize a password.
-\end{itemize}
+Secure storage of private cryptographic keys or in general every kind of core 
secret is a big problem because most current key management systems just reduce 
the problem of memorizing a high-entropy passphrase or key to memorizing a 
low-entropy passphrase. This of course cannot be the solution because you 
undermine the whole security of a cryptographic system using such solutions.\\
+Key management systems have to deal with the question, how to store a key. 
Keys are used to encrypt high sensitive personal data and therefore they must 
be kept safely. Only the legitimated owner of a key should have the possibility 
to recover a lost key. Most people have difficulties memorizing a high-entropy 
passphrase and therefore tend to use low-entropy passphrases. That is why you 
can't rely on memorizing a password which is needed to recover a key.\\
+We have a software solution for the described problem. We call our solution 
"Anastasis" which is a term for restoration to health in medicine.\\
 
-There are several applications which are in need of a key escrow system with 
the described properties. For example for email encryption using Pretty Good 
Privacy (PGP) \cite{garfinkel1995} you need a private key which is stored to 
the device running PGP. Losing the PGP private key means following: All 
received emails which are encrypted with a key derived from the private key are 
unreadable and you need to build your trust network again. Because emails could 
contain high sensitive inform [...]
+There are several applications which are in need of a key escrow system like 
Anastasis. For example for email encryption using Pretty Good Privacy 
(PGP)~\cite{garfinkel1995} you need a private key which is stored to the device 
running PGP. Losing the PGP private key means following: All received emails 
which are encrypted with a key derived from the private key are unreadable and 
you need to build your trust network again. Because emails could contain high 
sensitive information, it is ne [...]
 
-Another application relying on a core secret are cryptocurrencies like 
Bitcoin. Each user of Bitcoin needs a so called Wallet which stores and 
protects the private keys of the user. Those private keys legitimate its owners 
to spend the bitcoins corresponding to the keys \cite{LLLW*2017}. Therefor 
losing those keys means losing all the corresponding Bitcoins which in some 
cases could be a loss of millions of Euros \cite{millions_lost}.\\
+Pretty Easy privacy (short p\equiv p) is "a cyber security solution which 
protects the confidentiality and reliability of communications for citizens, 
for public offices and for enterprises"~\cite{pepdoc}. It secures communication 
via email by providing an end-to-end cryptography. For this the software uses a 
private key. The impact of losing the private key is similar to those of PGP.\\
 
-FIXME: PEP, TALER, Europaeische Zentralbank
+Another application relying on a core secret are cryptocurrencies like 
Bitcoin. Each user of Bitcoin needs a so called Wallet which stores and 
protects the private keys of the user. Those private keys legitimate its owners 
to spend the bitcoins corresponding to the keys \cite{LLLW*2017}. Therefore 
losing those keys means losing all the corresponding Bitcoins which in some 
cases could be a loss of millions of Euros \cite{millions_lost}.\\
+
+Taler is a new electronic payment system for privacy-friendly online 
transactions. Their digital wallet is also protected by a private key which 
loss means losing all the money stored in the wallet. Therefor the ECB 
(European Central Bank) informed Taler Systems SA about the requirement for 
electronic wallets denominated in Euros to support password-less data recovery. 
From this impulse the project Anastasis was finally born.
+
+\subsection{Principles}
+For Anastasis we have following design principles, in order of importance:
+\begin{enumerate}
+       \item Anastasis must be Free Software.
+       \item Anastasis must not rely on the trustworthiness of individual 
providers. It must be possible to use Anastasis safely even if an individual 
provider is compromised. Anastasis must minimize the amount of information 
exposed to providers and the network.
+       \item The user is in control.
+       \item The system must be economical viable to operate. This implies 
usability and efficiency of the system.
+       \item Anastasis must support a diverse range of use cases.
+\end{enumerate}
+
+\subsection{Approaches}
+\subsubsection{Secret sharing and recovery}
+Our approach to solve the problem of key management is to let the user split 
their secret across multiple escrow providers (see figure 
\ref{fig:system_arch2}). To restore the secret again, the user has to follow 
standard authentication procedures. After successful authentication the user 
gets the secret shares to reassemble the secret.
+\begin{figure}[H]
+\centering
+\includegraphics[scale=0.33]{images/system-architecture_2.png}
+\caption{System architecture}
+\label{fig:system_arch2}
+\end{figure}
+
+\subsubsection{Derive user identifier}
+Every person has some hard to guess, semi-private and unforgettably inherent 
attributes such as name and passport number, social security number or AHV 
number (in Switzerland). We use those attributes to derive an user identifier 
from (see figure \ref{fig:user_id}).
+\begin{figure}[H]
+\centering
+\includegraphics[scale=0.3]{images/user_id.png}
+\caption{Derivation of user identifier}
+\label{fig:user_id}
+\end{figure}
+
+\subsection{Applications}
+FIXME
\ No newline at end of file
diff --git a/doc/thesis/project_management.tex 
b/doc/thesis/project_management.tex
index 19391cd..b869c07 100644
--- a/doc/thesis/project_management.tex
+++ b/doc/thesis/project_management.tex
@@ -3,7 +3,7 @@ This section describes the project planing of Anastasis. A 
detailed reflection o
 \subsection{Project plan}
 The following graphic shows our project plan how we planed to implement 
Anastasis and write our bachelor thesis.
 \begin{figure}[H]
-               \includegraphics[scale=0.6]{images/project_plan_anastasis.pdf}
+               \includegraphics[scale=0.6]{images/project_plan_anastasis.png}
        \caption{Anasasis project plan}
        \label{fig:project_plan_anastasis}
 \end{figure}
diff --git a/doc/thesis/related_work.tex b/doc/thesis/related_work.tex
index e134d0f..5bde002 100644
--- a/doc/thesis/related_work.tex
+++ b/doc/thesis/related_work.tex
@@ -7,7 +7,7 @@ A pseudo random generator is an algorithm producing a sequence 
of bits for which
 
 \subsubsection{Pseudo random function (PRF)}
 A pseudo random function PRF(k, m) takes two arguments, a secret key k and 
some data m, and returns an output that is unpredictable as long the secret key 
k is unknown to an attacker and is a random value \cite{nielsen2002}.\\
-PRFs can be constructed using PRGs \cite{GGM1986}.
+PRFs can be constructed using PRGs.~\cite{GGM1986}
 
 \subsubsection{Hash function}
 Hash functions "compress a string of arbitrary length to a string of fixed 
length [...]" \cite{Preneel1999}. The output of a hash function often is called 
a "hash".  Hash functions in general should be very fast to compute. 
Cryptographic hash functions need to fulfil additional security requirements 
which are called:
@@ -22,10 +22,10 @@ Pre-image resistance, also called "one way property", means 
that for a given has
 The second pre-image resistance is described by following: For a given hash 
function H and a hash value H(x), it is computationally infeasible to find x 
and x' such that H(x) = H(x') \cite{SG2012}. In Anastasis hash functions also 
are involved in signing our so called recovery document. Hence an attacker 
should not be able to create a malicious recovery document with the same hash 
value as the original one.\\ 
 The definition of collision resistance slightly differs from the second 
pre-image resistance: For a given hash function H, it is computationally 
infeasible to find a pair (x, y) such that H(x) = H(y) \cite{SG2012}. As we are 
using HKDFs for deriving keys in Anastasis, an attacker should not be able to 
find some other input values also leading to the same keys we use.\\
 A cryptographic hash function should also behave as a pseudo random function. 
This means that although a hash function is purely deterministic, the output 
must not be predictable.\\
-The avalanche effect describes the property of an algorithm that causes a 
significant change of the output value, usually a bit flipping of more than 
half the output is desired, if the input is changed slightly (for example, 
flipping a single bit) \cite{RK2011}. The more bits are flipping in the output 
value the higher the entropy of the randomness of the hash function.
+The avalanche effect describes the property of an algorithm that causes a 
significant change of the output value, usually a bit flipping of more than 
half the output is desired, if the input is changed slightly (for example, 
flipping a single bit).~\cite{RK2011} The more bits are flipping in the output 
value the higher the entropy of the randomness of the hash function.
 
 There are several applications for cryptographic hash functions. For example 
you can store the hash value of a passphrase instead of the passphrase itself 
in a computer to protect the passphrase. Another important application is 
verification of message integrity: Before and after transmission of a message 
you can calculate the hash values of it and compare them to determine if the 
message changed during transmission.\\
-In Anastasis we use SHA-512 \cite{GJW2011} for fast hash functions.
+In Anastasis we use SHA-512~\cite{GJW2011} for fast hash functions.
 
 \subsubsection{HMAC}
 When it comes to integrity of messages during communication of two parties 
over an insecure channel Keyed-Hash Message Authentication Codes (HMAC) are 
used as check values. An HMAC function is based on a hash function and takes 
two arguments, a key K and a message M:\\
@@ -104,8 +104,8 @@ In Anastasis we also need to store the phone number to the 
server. But in our ca
 \subsubsection{E-mail authentication}
 Authentication by email is very similar to SMS authentication. Here, the user 
receives a token by email and has to provide it during the authentication 
process.
 The handling of this token needs some considerations. The token should have 
-a validity period, this means for example the token would only be valid for 
one hour. This is a security measure to prevent malicious actions if the user's 
email account was compromised. Also the token should be a randomly generated 
passphrase which has atleast 8 characters.\\
-Another import part is that the email should never contain the requested 
information, in our case the keyshare. Because there is no guarante that the 
email channel is encrypted. Also the email and the keyshare information would 
be stored for a indefinite period in the user's mailbox. Also the mailbox could 
be compromised of read by an IT department.\cite{emailauthowasp} \\
+a validity period, this means for example the token would only be valid for 
one hour. This is a security measure to prevent malicious actions if the user's 
email account was compromised. Also the token should be a randomly generated 
passphrase which has at least 8 characters.\\
+Another import part is that the email should never contain the requested 
information, in our case the keyshare. Because there is no guarantee that the 
email channel is encrypted. Also the email and the keyshare information would 
be stored for a indefinite period in the user's mailbox. Also the mailbox could 
be compromised of read by an IT department.\cite{emailauthowasp} \\
 As mentioned in the SMS authentication section we also store the email 
encrypted on the server. The user has to provide the corresponding key to the 
server during authentication process.
 
 \subsubsection{VideoIdent}

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.