gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-anastasis] 05/05: worked on introduction

From: gnunet
Subject: [taler-anastasis] 05/05: worked on introduction
Date: Sat, 06 Jun 2020 11:48:45 +0200 
This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a commit to branch master
in repository anastasis.

commit a5ca501bc47396b7a4e99681beab035e286ddec8
Author: Dennis Neufeld <dennis.neufeld@students.bfh.ch>
AuthorDate: Sat Jun 6 09:48:35 2020 +0000

    worked on introduction
---
 doc/thesis/bibliothek.bib   |  9 ++++++++-
 doc/thesis/introduction.tex | 10 +++++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/doc/thesis/bibliothek.bib b/doc/thesis/bibliothek.bib
index 3b6bd7c..8420d16 100644
--- a/doc/thesis/bibliothek.bib
+++ b/doc/thesis/bibliothek.bib
@@ -69,7 +69,7 @@
        organization = {heise online}, 
        year         = 2014,
        urldate      = {2020-03-07},
-       url          = 
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html
+       url          = 
{https://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html},
 }      
 @online{millions_lost,
        title        = {Bitcoin: Millions of dollars of cryptocurrency 'lost' 
after man dies with only password},
@@ -329,3 +329,10 @@
        urldate      = {2020-06-05},
        url          = 
{https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html},
 }
+@online{pepdoc,
+       title        = {Welcome to p≡p Documentation!},
+       organization = {pEp Security SA},
+       year         = 2020,    
+       urldate      = {2020-06-06},
+       url          = {https://www.pep.security/docs/},
+}
diff --git a/doc/thesis/introduction.tex b/doc/thesis/introduction.tex
index 97b33a0..b8e8b9a 100644
--- a/doc/thesis/introduction.tex
+++ b/doc/thesis/introduction.tex
@@ -5,9 +5,11 @@ We have a software solution for the described problem. We call 
our solution "Ana
 
 There are several applications which are in need of a key escrow system like 
Anastasis. For example for email encryption using Pretty Good Privacy 
(PGP)~\cite{garfinkel1995} you need a private key which is stored to the device 
running PGP. Losing the PGP private key means following: All received emails 
which are encrypted with a key derived from the private key are unreadable and 
you need to build your trust network again. Because emails could contain high 
sensitive information, it is ne [...]
 
+Pretty Easy privacy (short p\equiv p) is "a cyber security solution which 
protects the confidentiality and reliability of communications for citizens, 
for public offices and for enterprises"~\cite{pepdoc}. It secures communication 
via email by providing an end-to-end cryptography. For this the software uses a 
private key. The impact of losing the private key is similar to those of PGP.\\
+
 Another application relying on a core secret are cryptocurrencies like 
Bitcoin. Each user of Bitcoin needs a so called Wallet which stores and 
protects the private keys of the user. Those private keys legitimate its owners 
to spend the bitcoins corresponding to the keys \cite{LLLW*2017}. Therefore 
losing those keys means losing all the corresponding Bitcoins which in some 
cases could be a loss of millions of Euros \cite{millions_lost}.\\
 
-FIXME: PEP, TALER, Europaeische Zentralbank
+Taler is a new electronic payment system for privacy-friendly online 
transactions. Their digital wallet is also protected by a private key which 
loss means losing all the money stored in the wallet. Therefor the ECB 
(European Central Bank) informed Taler Systems SA about the requirement for 
electronic wallets denominated in Euros to support password-less data recovery. 
From this impulse the project Anastasis was finally born.
 
 \subsection{Principles}
 For Anastasis we have following design principles, in order of importance:
@@ -20,7 +22,8 @@ For Anastasis we have following design principles, in order 
of importance:
 \end{enumerate}
 
 \subsection{Approaches}
-Our approach to solve the problem of key management is to split a secret into 
several shares and to distribute the shares with an open set of escrow 
providers (see figure \ref{fig:system_arch2}). To restore the secret again, the 
user has to authenticate with the escrow providers. After successful 
authentication the user gets the shares to reassemble the secret.
+\subsubsection{Secret sharing and recovery}
+Our approach to solve the problem of key management is to let the user split 
their secret across multiple escrow providers (see figure 
\ref{fig:system_arch2}). To restore the secret again, the user has to follow 
standard authentication procedures. After successful authentication the user 
gets the secret shares to reassemble the secret.
 \begin{figure}[H]
 \centering
 \includegraphics[scale=0.33]{images/system-architecture_2.png}
@@ -28,7 +31,8 @@ Our approach to solve the problem of key management is to 
split a secret into se
 \label{fig:system_arch2}
 \end{figure}
 
-
+\subsubsection{Derive user identifier}
+Every person has some hard to guess, semi-private and unforgettably inherent 
attributes such as name and passport number, social security number or AHV 
number (in Switzerland). We use those attributes to derive an user identifier 
from (see figure \ref{fig:user_id}).
 \begin{figure}[H]
 \centering
 \includegraphics[scale=0.3]{images/user_id.png}

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]