[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated (587f55e -> 22509e9)
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated (587f55e -> 22509e9) |
Date: |
Tue, 02 Jun 2020 17:57:20 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a change to branch master
in repository anastasis.
from 587f55e minor fixes
new a35480f some fixes
new 22509e9 merge
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
doc/thesis/bibliothek.bib | 2 +-
doc/thesis/images/system-architecture.png | Bin 0 -> 137904 bytes
doc/thesis/implementation.tex | 18 +++++++++---------
doc/thesis/related_work.tex | 13 ++++++-------
4 files changed, 16 insertions(+), 17 deletions(-)
create mode 100644 doc/thesis/images/system-architecture.png
diff --git a/doc/thesis/bibliothek.bib b/doc/thesis/bibliothek.bib
index cc95d28..eb76b9e 100644
--- a/doc/thesis/bibliothek.bib
+++ b/doc/thesis/bibliothek.bib
@@ -223,7 +223,7 @@
title={Alterable application specific integrated circuit (ASIC)},
author={Madurawe, Raminda Udaya},
year={2006},
- month=jun # "~20",
+ month=6,
publisher={Google Patents},
note={US Patent 7,064,579}
}
diff --git a/doc/thesis/images/system-architecture.png
b/doc/thesis/images/system-architecture.png
new file mode 100644
index 0000000..6243799
Binary files /dev/null and b/doc/thesis/images/system-architecture.png differ
diff --git a/doc/thesis/implementation.tex b/doc/thesis/implementation.tex
index d44f5e6..ebbed60 100644
--- a/doc/thesis/implementation.tex
+++ b/doc/thesis/implementation.tex
@@ -1,7 +1,7 @@
\section{Implementation}
The whole Anastasis software is written in C. We decided to use C because of
the various cryptographic libraries and the available documentations.
-Additionaly GNU Taler and Sync which are working close with anastasis are also
written in C. This makes the integration of our application much easier.\\
-The whole Anastasis application consits of multiple components. On the
following
+Additionally GNU Taler and Sync which are working close with Anastasis are
also written in C. This makes the integration of our application much easier.\\
+The whole Anastasis application consists of multiple components. On the
following
graphic is a overview over all the components in Anastasis. \\
\begin{figure}[H]
\centering
@@ -9,7 +9,7 @@ graphic is a overview over all the components in Anastasis. \\
\caption{Secret split process}
\label{fig:secret_split}
\end{figure}
-On the left are some of the planed authentication methods from the
application. On the right side of the box are the core parts which are
neccessary to operate Anastasis commercialy, these parts are planned for the
future and not part of this thesis. \\
+On the left are some of the planed authentication methods from the
application. On the right side of the box are the core parts which are
necessary to operate Anastasis commercially, these parts are planned for the
future and not part of this thesis. \\
At the bottom section are the external libraries used for the project. These
libraries are presented in the section Libraries. \\
In the center is the core implementation of Anastasis.
@@ -44,9 +44,9 @@ This section describes a happy flow of the two protocols of
Anastasis, key split
\begin{enumerate}
\item The user selects a server on which he previously stored a recovery
document.
\item Next the client downloads the server salt to compute the server specific
account public key(GET /salt).
-\item After the user generated the public key he will downlaod the recovery
document. At this point he can define if he wants a specific version or the
latest version of the recovery document. In the graphic the client downloads
the latest version(GET /policy/\$ACCOUNT\_PUB).
-\item The clien will now decrypt the recovery document and list all policies
and authentication methods. The user now has to solve these challenges. For
example he has to answer a secure question or he has to type in a pin which was
sent to him by SMS.(GET /truth/\$UUID?resonse=\$RESPONSE) \\
-After each successfully solved challenge the client will check if one of the
policies is fullfilled. If one of the policies is finished, the client will
decrypt the core secret and provide it to the user.
+\item After the user generated the public key he will download the recovery
document. At this point he can define if he wants a specific version or the
latest version of the recovery document. In the graphic the client downloads
the latest version(GET /policy/\$ACCOUNT\_PUB).
+\item The client will now decrypt the recovery document and list all policies
and authentication methods. The user now has to solve these challenges. For
example he has to answer a secure question or he has to type in a pin which was
sent to him by SMS.(GET /truth/\$UUID?resonse=\$RESPONSE) \\
+After each successfully solved challenge the client will check if one of the
policies is fulfilled. If one of the policies is finished, the client will
decrypt the core secret and provide it to the user.
\end{enumerate}
\subsection{Libraries}
@@ -57,18 +57,18 @@ GNU Taler is one of the main reason why we started to
implement Anastasis, since
"GNU Taler is a privacy-preserving payment system. Customers can stay
anonymous, but merchants can not hide their income through payments with GNU
Taler. This helps to avoid tax evasion and money laundering."\cite{gnu_taler}
\\
To operate GNU Taler the user needs to install an electronic wallet. This
wallet is secured with a private key. Here comes Anastasis into play, Anastasis
will secure this private key for the user. \\
In our implementation GNU Taler is also our payment system. We decided to use
GNU Taler because both Anastasis and GNU Taler are privacy preserving
applications. If we for example used credit cards for payments the user would
no longer be anonymous which is a core part of Anastasis.
-Additionaly GNU Taler is in the GNU package, this means it will always remain
free software.\cite{gnu_taler}
+Additionally GNU Taler is in the GNU package, this means it will always remain
free software.\cite{gnu_taler}
\subsubsection{PostgreSQL}
PostgreSQL is a open source object-relational database. PostgreSQL has over 30
years of active development which makes it a very stable and reliable software.
\\
We use PostgreSQL as our database on the Anastasis server. We decided to use
PostgreSQL because its a open source and lightweight software which has a big
community.
This means there are alot of helpful documentations and
forums.\cite{postgresql}
\subsubsection{Libcurl}
Libcurl is a free URL transfer library. Libcurl supports a wide range of
protocols and a C API. Libcurl is also ready for IPv6 and SSL certificates. \\
-For Anastasis we use Libcurl to generate the client side HTTP requests. We
decided to use Libcurl because it is also written in C and free software. The
software is also well suported and has a good documentation.
+For Anastasis we use Libcurl to generate the client side HTTP requests. We
decided to use Libcurl because it is also written in C and free software. The
software is also well supported and has a good documentation.
This makes the integration in our application very easy.\cite{libcurl}
\subsubsection{GNU Libmicrohttpd}
GNU libmicrottpd is a small C library which provides a easy way to run a HTTP
server.
-We use GNU Libmicrohttpd in Anastasis to provide a simple webserver. The main
reason why we didnt use apache or nginx is that we do not need a standalone
webserver. The Anastasis webserver just has to handle some API requests, a
standalone webserver is not needed for that and would make the infrastructure
more complex to maintain and develop. Since GNU Libmicrohttpd is also part of
the GNU project it will remain free software.\cite{libmicrohttpd}
+We use GNU Libmicrohttpd in Anastasis to provide a simple webserver. The main
reason why we didn't use apache or nginx is that we do not need a standalone
webserver. The Anastasis webserver just has to handle some API requests, a
standalone webserver is not needed for that and would make the infrastructure
more complex to maintain and develop. Since GNU Libmicrohttpd is also part of
the GNU project it will remain free software.\cite{libmicrohttpd}
\subsection{Testing}
diff --git a/doc/thesis/related_work.tex b/doc/thesis/related_work.tex
index 6401f32..d5919bb 100644
--- a/doc/thesis/related_work.tex
+++ b/doc/thesis/related_work.tex
@@ -52,29 +52,28 @@ In Anastasis the user is the trusted dealer who splits the
secret and also recon
\subsubsection{Shamir's Secret Sharing}
The algorithm "Shamir's Secret Sharing" is one of the most well known secret
sharing scheme. It „divide[s] data D into n pieces in such a way that D is
easily reconstructible from any k pieces, but even complete knowledge of k - 1
pieces reveals absolutely no information about D“ \cite{shamir_sharing}.\\
Shamir’s simple secret sharing scheme has two key limitations. First, it
requires a trusted dealer who initially generates the secret to be distributed,
and second the shares are not verifiable during reconstruction. Therefore,
malicious shareholders could submit corrupt shares to prevent the system from
reconstructing the secret -- without these corrupt shareholders being
detectable as malicious. Furthermore, the dealer distributing the shares could
be corrupt and distribute some incons [...]
-Despite this, Shamir's Secret Sharing is inflexible because the "k out of
n"-design and also is very inefficient for big n. For Anastasis we need a more
flexible solution allowing other cases too. The user of Anastasis should be
able to decide himself which combinations of \textit{players} shall be used.
FIXME
+Despite this, Shamir's Secret Sharing is inflexible because the "k out of
n"-design and also is very inefficient for big n. For Anastasis we need a more
flexible solution allowing other cases too. The user of Anastasis should be
able to decide himself which combinations of \textit{players} shall be used.
\subsubsection{Verifiable Secret Sharing}
Verifiability can be achieved by using so called commitment schemes like the
Pederson commitment. It allows „to distribute a secret to n persons such that
each person can verify that he has received correct information about the
secret without talking with other persons“ \cite{pedersen_sharing_0}. In his
paper „A Practical Scheme for Non-interactive Verifiable Secret Sharing“
\cite{feldman_sharing}, Paul Feldman combines the two schemes Shamir Secret
Sharing and Pederson commitment. His [...]
-Because in Anastasis we have a trusted dealer, the shares must not be verified
and therefor we don't use VSS.
+Because in Anastasis we have a trusted dealer, the shares must not be verified
and therefor we don't need VSS.
\subsubsection{Distributed Key Generation}
Distributed key generation algorithms, short DKG, solve the problem of needing
a trustworthy dealer by relying on a threshold of honest persons. Contrary to
the above-mentioned schemes, in distributed key generation algorithms every
participant is involved in key generation.\\
The Pederson DKG is such „a secret sharing scheme without a mutually trusted
authority“ \cite{pedersen_sharing_5.2}. Basically, this DKG works as follows: \\
First, each involved party generates a pre-secret and distributes it to all
parties using the verifiable secret sharing scheme of Feldman.\\
-Afterwards, each party recombines the received shares, including its own
pre-secret, to a share of the main secret. The main secret can be reconstructed
by summing up each recombination of the shared pre-secrets.
+Afterwards, each party recombines the received shares, including its own
pre-secret, to a share of the main secret. The main secret can be reconstructed
by summing up each recombination of the shared pre-secrets.\\
+For Anastasis we do not need a DKG because the dealer is the user himself and
therefore, he is fully trustworthy.
+
\subsection{MIDATA}
MIDATA is a project that aims to give patients back control over their medical
data and to enable them to share their data only with those they trust
\footnote{\url{https://www.midata.coop/}}. In case the patient lost his device
running the MIDATA-application and his MIDATA-password, MIDATA build in a key
recovery system using the Shamir Secret Sharing Scheme mentioned above. In
their case a few "persons working at MIDATA have generated a public-private key
pair (Recovery key) on their o [...]
-The security of MIDATA as described in ASDHJGSADJGH is broken in two ways:
+The security of MIDATA as described in "Patient empowerment in IoT for eHealth
- How to deal with lost keys?" \cite{midata} is broken in two ways:
\begin{enumerate}
\item The password is reconstructed at the server, not at the patients
device. An administrator of the server can theoretically access the recovered
password at that time. A correct use of Shamir Secret Sharing scheme would
reconstruct the password.
\item It is not clear which authentication methods the persons working
for MIDATA use for their decisions and activities regarding the key recovery.
The business process used here could be vulnerable. For example, an attacker
could use social engineering to illegitimately trigger a recovery process via
e-mail if it is the chosen authentication method.
\end{enumerate}
-\subsubsection{Key sharing in Anastasis}
-FIXMEFor Anastasis we do not need a DKG because the dealer is the user himself
and therefore, he is fully trustworthy. But we need verifiability. In our case
we achieve verifiability by using HMACs. Furthermore, for our purposes the
above-mentioned algorithms are inadequate because we are dealing with a
manageable number of sharing parties and we need a more flexible solution. FIXME
-
\subsection{Authentication}
Anastasis is designed to use a wide range of authentication methods to
authenticate its users. There are several authentication methods available, a
short overview of the methods is presented here.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-anastasis] branch master updated (587f55e -> 22509e9),
gnunet <=