[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: overwork...
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: overwork... |
|
Date: |
Wed, 10 Jun 2020 15:53:44 +0200 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 2538679 overwork...
2538679 is described below
commit 25386799f8252fdf44ee2aa8a4e48904dd9252cb
Author: Dominik Meister <dominiksamuel.meister@students.bfh.ch>
AuthorDate: Wed Jun 10 15:53:33 2020 +0200
overwork...
---
doc/thesis/Journal.tex | 19 +-----------
doc/thesis/client_architecture.tex | 2 +-
doc/thesis/design.tex | 55 ++++++++++++++++++++---------------
doc/thesis/glossary.tex | 4 ++-
doc/thesis/implementation.tex | 15 +++++-----
doc/thesis/rest_api_documentation.tex | 38 ++----------------------
doc/thesis/server_architecture.tex | 4 +--
doc/thesis/thesis.tex | 7 ++++-
8 files changed, 54 insertions(+), 90 deletions(-)
diff --git a/doc/thesis/Journal.tex b/doc/thesis/Journal.tex
index ce7253e..0b3ffa9 100644
--- a/doc/thesis/Journal.tex
+++ b/doc/thesis/Journal.tex
@@ -1,26 +1,10 @@
-\documentclass{scrartcl}
-\usepackage{lipsum}
-%%\usepackage[french]{babel}
-%%\usepackage[ngerman]{babel}
-
-%% Choose default font for the document
-%% Warning : only ONE of the following should be enabled
-\usepackage{kpfonts}
-%%\usepackage{libertine}
-\usepackage[table]{xcolor}
-%% The following chose the default language for the document and
-%% use the default typography rules for the choosen language.
-\usepackage{polyglossia}
-\setdefaultlanguage{english}
-%% \setdefaultlanguage{german}
-%%\setdefaultlanguage{french}
-\begin{document}
\title{Anastasis work journal}
\date{\today} %% or \date{01 november 2018}
\author{Dominik Meister (\texttt{dominiksamuel.meister@students.bfh.ch}) \\
Dennis Neufeld (\texttt{dennis.neufeld@students.bfh.ch })}
\maketitle
\clearpage
+\section{Work journal}
\section*{Meeting 20.02.2020}
Present at the Meeting were:"Dominik Meister, Dennis Neufeld and Christian
Grothoff".
\subsection*{Reflection}
@@ -224,6 +208,5 @@ has not enough details and needs some more work. Also in
the business model were
the documentation progresses very quick, it also has to since we dont have
much time left.
\subsection*{Next Steps}
Work on documentation
-\end{document}
diff --git a/doc/thesis/client_architecture.tex
b/doc/thesis/client_architecture.tex
index 0c5e3eb..ebe34a5 100644
--- a/doc/thesis/client_architecture.tex
+++ b/doc/thesis/client_architecture.tex
@@ -277,4 +277,4 @@ The service API is responsible for sending the requests to
the REST
API of the server. The client has implemented functions for every
endpoint.
For more details see REST API documentation in
-Section~\ref{sec:restAPI}. % FIXME: create appendix!
+appendix~\ref{appendix_server_api}.
diff --git a/doc/thesis/design.tex b/doc/thesis/design.tex
index d458c52..efd1bdf 100644
--- a/doc/thesis/design.tex
+++ b/doc/thesis/design.tex
@@ -19,30 +19,33 @@ concatenation of the full name of the user and their social
security
or passport number(s). For Swiss citizens, the AHV number could also
be used.\\
-The figure~\ref{fig:keys_anastasis} on page~\pageref{fig:keys_anastasis}
-illustrates which keys/secrets are used in Anastasis, how they are created and
-in which way they are used. The figure~\ref{fig:legend_keys_anastasis} on
page~\pageref{fig:legend_keys_anastasis} shows the corresponding legend.
-
+The figure~\ref{fig:legend_keys_anastasis} shows the legend for the
+illustration of the Anastasis key usage shown in
figure~\ref{fig:keys_anastasis}
+on page~\pageref{fig:keys_anastasis}.
+The figure~\ref{fig:keys_anastasis} gives an overview of the keys used in
Anastasis. It also shows how they are created and used.\\
+\newline
\begin{figure}[H]
\centering
- \includegraphics[scale=0.48]{images/keys_anastasis.png}
- \caption{Secrets used in Anastasis}
- \label{fig:keys_anastasis}
+ \includegraphics[scale=0.48]{images/legend_keys_anastasis.png}
+ \caption{Legend of figure~\ref{fig:keys_anastasis}} on
page~\pageref{fig:keys_anastasis}
+ \label{fig:legend_keys_anastasis}
\end{figure}
\begin{figure}[H]
\centering
- \includegraphics[scale=0.48]{images/legend_keys_anastasis.png}
- \caption{Legend of figure~\ref{fig:keys_anastasis}} on
page~\pageref{fig:keys_anastasis}
- \label{fig:legend_keys_anastasis}
+ \includegraphics[scale=0.48]{images/keys_anastasis.png}
+ \caption{Secrets used in Anastasis}
+ \label{fig:keys_anastasis}
\end{figure}
\noindent In the following the keys shown in the
figure~\ref{fig:keys_anastasis} on
page~\pageref{fig:keys_anastasis} are explained:
+
+FIXME IDENTITY KEY -> KDF\_ID
\begin{description}
\item[identity key] {The {\em identity key} is derived from the user
attributes and a
randomly generated server salt provided by the escrow provider using
Argon2. It is used to derive
- the {\em private account key}, the {\em symmetric key 1} and the {\em
symmetric key 2} from.}
+ the {\em private account key}, the {\em symmetric key 1} and the {\em
symmetric key 2}.}
\item[private account key] {The {\em private account key} is used to
sign the {\em encrypted
recovery document}. It is derived from the {\em identity key} using
{\em HKDF-1}}.
\item[public account key] {The {\em public account key} is derived from
its corresponding
@@ -53,7 +56,7 @@ page~\pageref{fig:keys_anastasis} are explained:
the provider.}
\item[symmetric key 2] {The {\em symmetric key 2} is derived from the
{\em identity key} using
{\em HKDF-3}. It is used to encrypt and decrypt the different {\em
encrypted key shares} which
- are stored at the providers server.}
+ are stored by the escrow providers.}
\item[truth key] {The {\em truth key} is randomly generated for each
{\em encrypted authentication data}
and is stored within the {\em encrypted recovery document}. It must be
provided by the user to let the
server decrypt the {\em encrypted authentication data} for
authentication purposes.}
@@ -62,6 +65,7 @@ page~\pageref{fig:keys_anastasis} are explained:
\item[policy key] {The {\em policy keys} are used for encryption and
decryption of the {\em encrypted master key}. A {\em policy key} is constructed
by hashing a specific combination of {\em key shares} specified by the
user. For hashing SHA512 is used here.}
\end{description}
+\newpage
\subsection{Adversary model}
@@ -109,7 +113,7 @@ adversaries must not be able to deduce information about a
user’s
recovery document (except for meta data such as its length or
approximate creation time, which may be exposed to an adversary which
monitors the user’s network traffic or operates an escrow provider).
-
+\newpage
\subsection{Identity-derived encryption}
@@ -211,10 +215,10 @@ from other cases where we hash kdf\_id.
\begin{lstlisting}
eddsa_keys_create (kdf_id, salt, keysize)
{
-ver_secret = HKDF(kdf_id, salt, keysize)
-eddsa_priv = eddsa_d_to_a(ver_secret)
-eddsa_pub = get_eddsa_pub(eddsa_priv)
-return eddsa_priv, eddsa_pub
+ ver_secret = HKDF(kdf_id, salt, keysize)
+ eddsa_priv = eddsa_d_to_a(ver_secret)
+ eddsa_pub = get_eddsa_pub(eddsa_priv)
+ return eddsa_priv, eddsa_pub
}
\end{lstlisting}
@@ -251,8 +255,8 @@ fundamentally. For example for the recovery document key
the salt
\begin{lstlisting}
encryption_key_create(kdf_id, salt, nonce)
{
-iv, key = HKDF (kdf_id, nonce, salt, keysize + ivsize)
-return iv,key
+ iv, key = HKDF (kdf_id, nonce, salt, keysize + ivsize)
+ return iv,key
}
\end{lstlisting}
@@ -291,9 +295,11 @@ key_share_encrypt(kdf_id, key_share)
encrypted_key_share = encrypt(kdf_id, key_share, "eks")
return encrypted_key_share
}
+
recovery_document_encrypt(kdf_id, recovery_document)
{
- encrypted_recovery_document = encrypt(kdf_id, recovery_document, "erd")
+ encrypted_recovery_document =
+ encrypt(kdf_id, recovery_document, "erd")
return encrypted_recovery_document
}
@@ -316,7 +322,8 @@ algorithm is also used to generate the
\begin{lstlisting}
(anastasis-account-signature) = eddsa_sign(h_body, eddsa_priv)
-ver_res = eddsa_verifiy(h_body, anastasis-account-signature, eddsa_pub
+ver_res =
+ eddsa_verifiy(h_body, anastasis-account-signature, eddsa_pub)
\end{lstlisting}
\begin{description}
@@ -329,11 +336,13 @@ ver_res = eddsa_verifiy(h_body,
anastasis-account-signature, eddsa_pub
When requesting policy downloads, the client must also provide a signature:
\begin{lstlisting}
(anastasis-account-signature) = eddsa_sign(version, eddsa_priv)
-ver_res = eddsa_verifiy(version, anastasis-account-signature, eddsa_pub)
+ver_res =
+ eddsa_verifiy(version, anastasis-account-signature, eddsa_pub)
\end{lstlisting}
\begin{description}
- \item[anastasis-account-signature] {Signature over the SHA-512 hash of
the body using the purpose code TALER\_SIGNATURE\_ANASTASIS\_POLICY\_DOWNLOAD
(1401) (see GNUnet EdDSA signature API for the use of purpose).}
+ \item[anastasis-account-signature] {Signature over the SHA-512 hash of
the body using the purpose code TALER\_SIGNATURE\_ANASTASIS\_POLICY\_DOWNLOAD
\\
+ (1401) (see GNUnet EdDSA signature API for the use of purpose).}
\item[version] {The version requested as a 64-bit integer, for the
“latest version”.}
\item[ver\_res] {A Boolean value. True: Signature verification passed,
False: Signature verification failed.}
\end{description}
diff --git a/doc/thesis/glossary.tex b/doc/thesis/glossary.tex
index c429cf1..e6bc657 100644
--- a/doc/thesis/glossary.tex
+++ b/doc/thesis/glossary.tex
@@ -4,9 +4,11 @@
\textbf{policy}, a policy is a list of challenges which need to be solved to
recover the core secret.\\
\textbf{challenge}, a challenge is a data structure which holds information
about a user authentication for a escrow provider.\\
\textbf{truth}, truth is a data structure which defines how a user
authentication is performed, it also contains the key share which is released
upon successful authentication..\\
-\textbf{escrow provider}, this is referred to servers which operate Anastasis.
+\textbf{escrow provider}, this is referred to servers which operate
Anastasis.\\
\textbf{key share}, a key share is a random byte sequence which is combined
with other key shares to create a policy key.\\
\textbf{core secret}, the core secret is the data which the user wants to
protect with Anastasis. \\
\textbf{master key}, the master key is a randomly generated key which is used
to encrypt the user's core secret. \\
\textbf{policy key}, every policy holds a separate policy key which is built
through the combination of the key shares. The policy key is used to encrypt
the master key.\\
\textbf{kdf\_id}, the kdf\_id is an Argon2 hash over the user's unforgettable
password.\\
+
+FIXME authentication method!!
diff --git a/doc/thesis/implementation.tex b/doc/thesis/implementation.tex
index a4a3e6d..40a5095 100644
--- a/doc/thesis/implementation.tex
+++ b/doc/thesis/implementation.tex
@@ -8,7 +8,7 @@ testing of Anastasis much easier.
The whole Anastasis application consists of multiple components.
Figure~\ref{fig:secret_split} gives an overview over all the
-components of Anastasis.
+components.
\begin{figure}[H]
\centering
@@ -17,8 +17,7 @@ components of Anastasis.
\label{fig:secret_split}
\end{figure}
-In the center is the core implementation of Anastasis.
-
+\noindent In the center is the core implementation of Anastasis.
On the left are some of the planed authentication methods from the
application. On the right side of the box are the core parts which are
necessary to operate Anastasis commercially. These parts are
@@ -27,7 +26,7 @@ implementation for this thesis.
At the bottom section are the external libraries used for the project.
These libraries are presented in Section~\ref{sec:libraries}.
-
+\newpage
\subsection{System architecture}
@@ -75,7 +74,7 @@ details of each component are explained later.
\input{client_architecture}
-
+\newpage
\subsection{Application flow}
This section describes a happy flow of the two protocols of Anastasis,
@@ -92,7 +91,7 @@ process.
\caption{Secret split process}
\label{fig:secret_split}
\end{figure}
-
+\newpage
\begin{enumerate}
\item The user selects a new escrow provider on which per wants to
store a truth object.
@@ -133,7 +132,7 @@ process.
replicated and recovery can proceed without a single point of
failure.
\end{enumerate}
-
+\newpage
\subsubsection{Secret recovery}
Figure~\ref{fig:recovery_process} illustrates the recovery process.
@@ -359,7 +358,7 @@ payments the user would no longer be anonymous which is
helpful for
the security of Anastasis as it allows us to use the user's name in
the user's identity attributes. GNU Taler is also a GNU package
and Free Software.~\cite{gnu_taler}
-
+\newpage
\subsubsection{PostgreSQL}
PostgreSQL is a Free/Libre Open Source object-relational
diff --git a/doc/thesis/rest_api_documentation.tex
b/doc/thesis/rest_api_documentation.tex
index f24ad9a..9c7c3cb 100644
--- a/doc/thesis/rest_api_documentation.tex
+++ b/doc/thesis/rest_api_documentation.tex
@@ -1,43 +1,11 @@
-\documentclass{scrartcl}
-\usepackage{lipsum}
-%%\usepackage[french]{babel}
-%%\usepackage[ngerman]{babel}
-
-%% Choose default font for the document
-%% Warning : only ONE of the following should be enabled
-\usepackage{kpfonts}
-%%\usepackage{libertine}
-\usepackage[table]{xcolor}
-%% The following chose the default language for the document and
-%% use the default typography rules for the choosen language.
-\usepackage{polyglossia}
-\setdefaultlanguage{english}
-%% \setdefaultlanguage{german}
-%%\setdefaultlanguage{french}
-
-\usepackage[backend=biber, style=ieee]{biblatex}
-\addbibresource{bibliothek.bib}
-
-\usepackage{abstract}
-\usepackage{graphicx}
-\usepackage{listings}
-\lstset{language=C,
- basicstyle=\ttfamily,
- keywordstyle=\bfseries,
- showstringspaces=false,
- morekeywords={include, printf, interface}
-}
-
-\begin{document}
\title{Anastasis REST API}
\date{\today} %% or \date{01 november 2018}
\author{Dominik Meister (\texttt{dominiksamuel.meister@students.bfh.ch}) \\
Dennis Neufeld (\texttt{dennis.neufeld@students.bfh.ch })}
\maketitle
-\tableofcontents
\clearpage
-\section{Server API}
+\section{REST API documentation} \label{appendix_server_api}
The server api is a RESTful API which has the following endpoints.
\subsection{Obtain Salt}
@@ -361,6 +329,4 @@ interface KeyShare {
// Signature over method, uuid, and key_share.
account_sig: EddsaSignature;
}
-\end{lstlisting}
-
-\end{document}
\ No newline at end of file
+\end{lstlisting}
\ No newline at end of file
diff --git a/doc/thesis/server_architecture.tex
b/doc/thesis/server_architecture.tex
index 72bc5df..dc8996e 100644
--- a/doc/thesis/server_architecture.tex
+++ b/doc/thesis/server_architecture.tex
@@ -13,9 +13,9 @@ these two components is shown in
Figure~\ref{fig:anastasis:server}.
The webserver of Anastasis provides a RESTful API. For a detailed
documentation of the REST API, see
-Section~\ref{appendix:rest_api_documentation}.
-
+appendix ~\ref{appendix_server_api}.
+\newpage
\subsubsection{Database}
The database schema of Anastasis is shown in
diff --git a/doc/thesis/thesis.tex b/doc/thesis/thesis.tex
index 305fdf9..8f19584 100644
--- a/doc/thesis/thesis.tex
+++ b/doc/thesis/thesis.tex
@@ -15,7 +15,7 @@
%% \setdefaultlanguage{german}
%%\setdefaultlanguage{french}
\usepackage{float}
-
+\usepackage[toc,page]{appendix}
\usepackage[backend=biber, style=ieee]{biblatex}
\addbibresource{bibliothek.bib}
@@ -65,6 +65,11 @@
%% Print the bibibliography and add the section to th table of content
\printbibliography[heading=bibintoc]
+\newpage
\listoffigures
%\listoftables
+\appendix
+\include{rest_api_documentation}
+\include{Journal}
+
\end{document}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: overwork...,
gnunet <=