[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-marketing] branch master updated: draft
|
From: |
gnunet |
|
Subject: |
[taler-marketing] branch master updated: draft |
|
Date: |
Mon, 27 Dec 2021 14:15:28 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository marketing.
The following commit(s) were added to refs/heads/master by this push:
new e65fecd draft
e65fecd is described below
commit e65fecd4bcea45d79c27c050b73243377f557f6c
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Dec 27 14:15:26 2021 +0100
draft
---
2022-privacy/literature.bib | 223 ++++++++++++++++++++++++++++++++++++++++++++
2022-privacy/privacy.tex | 104 +++++++++++++++++++++
2 files changed, 327 insertions(+)
diff --git a/2022-privacy/literature.bib b/2022-privacy/literature.bib
new file mode 100644
index 0000000..9453c3c
--- /dev/null
+++ b/2022-privacy/literature.bib
@@ -0,0 +1,223 @@
+@article{cap,
+author = {Gilbert, Seth and Lynch, Nancy},
+title = {Brewer's Conjecture and the Feasibility of Consistent, Available,
Partition-Tolerant Web Services},
+year = {2002},
+issue_date = {June 2002},
+publisher = {Association for Computing Machinery},
+address = {New York, NY, USA},
+volume = {33},
+number = {2},
+issn = {0163-5700},
+url = {https://doi.org/10.1145/564585.564601},
+doi = {10.1145/564585.564601},
+abstract = {When designing distributed web services, there are three
properties that are commonly desired: consistency, availability, and partition
tolerance. It is impossible to achieve all three. In this note, we prove this
conjecture in the asynchronous network model, and then discuss solutions to
this dilemma in the partially synchronous model.},
+journal = {SIGACT News},
+month = jun,
+pages = {51–59},
+numpages = {9}
+}
+
+@misc{christodorescu2020twotier,
+ title={Towards a Two-Tier Hierarchical Infrastructure: An Offline
Payment System for Central Bank Digital Currencies},
+ author={Mihai Christodorescu and Wanyun Catherine Gu and Ranjit
Kumaresan and Mohsen Minaei and Mustafa Ozdayi and Benjamin Price and
Srinivasan Raghuraman and Muhammad Saad and Cuy Sheffield and Minghua Xu and
Mahdi Zamani},
+ year={2020},
+ eprint={2012.08003},
+ archivePrefix={arXiv},
+ primaryClass={cs.CR}
+}
+
+@InProceedings{chaum1988offine,
+author="Chaum, David
+and Fiat, Amos
+and Naor, Moni",
+editor="Goldwasser, Shafi",
+title="Untraceable Electronic Cash",
+booktitle="Advances in Cryptology --- CRYPTO' 88",
+year="1990",
+publisher="Springer New York",
+address="New York, NY",
+pages="319--327",
+abstract="The use of credit cards today is an act of faith on the p a t of all
concerned. Each party is vulnerable to fraud by the others, and the cardholder
in particular has no protection against surveillance.",
+isbn="978-0-387-34799-8"
+}
+
+
+
+@Article{calhoun2019puf,
+ AUTHOR = {Calhoun, Jeff and Minwalla, Cyrus and Helmich, Charles and Saqib,
Fareena and Che, Wenjie and Plusquellic, Jim},
+ TITLE = {Physical Unclonable Function (PUF)-Based e-Cash Transaction
Protocol (PUF-Cash)},
+ JOURNAL = {Cryptography},
+ VOLUME = {3},
+ YEAR = {2019},
+ NUMBER = {3},
+ ARTICLE-NUMBER = {18},
+ URL = {https://www.mdpi.com/2410-387X/3/3/18},
+ ISSN = {2410-387X},
+ DOI = {10.3390/cryptography3030018}
+}
+
+@misc{ecb2020digitaleuro,
+ title = {Report on a digital euro},
+ year = {2020},
+ month = {October},
+ howpublished =
{\url{https://www.ecb.europa.eu/pub/pdf/other/Report_on_a_digital_euro~4d7268b458.en.pdf}},
+}
+
+@misc{chaum2021issue,
+ title={How to Issue a Central Bank Digital Currency},
+ author={David Chaum and Christian Grothoff and Thomas Moser},
+ year={2021},
+ eprint={2103.00254},
+ archivePrefix={arXiv},
+ primaryClass={econ.GN}
+}
+
+@inproceedings{chaum1988untraceable,
+ title={Untraceable electronic cash},
+ author={Chaum, David and Fiat, Amos and Naor, Moni},
+ booktitle={Conference on the Theory and Application of Cryptography},
+ pages={319--327},
+ year={1988},
+ organization={Springer}
+}
+
+@INPROCEEDINGS{samsung2017knox,
+ author={M. {Dorjmyagmar} and M. {Kim} and H. {Kim}},
+ booktitle={2017 19th International Conference on Advanced Communication
Technology (ICACT)},
+ title={Security analysis of Samsung Knox},
+ year={2017},
+ volume={},
+ number={},
+ pages={550-553},
+ doi={10.23919/ICACT.2017.7890150}}
+
+@INPROCEEDINGS{arm2016alias,
+ author={R. {Guanciale} and H. {Nemati} and C. {Baumann} and M. {Dam}},
+ booktitle={2016 IEEE Symposium on Security and Privacy (SP)},
+ title={Cache Storage Channels: Alias-Driven Attacks and Verified
Countermeasures},
+ year={2016},
+ volume={},
+ number={},
+ pages={38-55},
+ abstract={Caches pose a significant challenge to formal proofs of security
+ for code executing on application processors, as the cache
+ access pattern of security-critical services may leak secret
+ information. This paper reveals a novel attack vector,
+ exposing a low-noise cache storage channel that can be
+ exploited by adapting well-known timing channel analysis
+ techniques. The vector can also be used to attack various
+ types of security-critical software such as hypervisors and
+ application security monitors. The attack vector uses
+ virtual aliases with mismatched memory attributes and
+ self-modifying code to misconfigure the memory system,
+ allowing an attacker to place incoherent copies of the same
+ physical address into the caches and observe which addresses
+ are stored in different levels of cache. We design and
+ implement three different attacks using the new vector on
+ trusted services and report on the discovery of an 128-bit
+ key from an AES encryption service running in TrustZone on
+ Raspberry Pi 2. Moreover, we subvert the integrity
+ properties of an ARMv7 hypervisor that was formally verified
+ against a cache-less model. We evaluate well-known
+ countermeasures against the new attack vector and propose a
+ verification methodology that allows to formally prove the
+ effectiveness of defence mechanisms on the binary code of
+ the trusted software.},
+ keywords={Security;Cache storage;Timing;Monitoring;Program
processors;Virtual machine monitors;side channels;hypervisor;cache storage
channels;verification},
+ doi={10.1109/SP.2016.11},
+ ISSN={2375-1207},
+ month={May},}
+
+@inproceedings{arm2017boomerang,
+ title={BOOMERANG: Exploiting the Semantic Gap in Trusted Execution
Environments.},
+ author={Machiry, Aravind and Gustafson, Eric and Spensky, Chad and Salls,
Christopher and Stephens, Nick and Wang, Ruoyu and Bianchi, Antonio and Choe,
Yung Ryn and Kruegel, Christopher and Vigna, Giovanni},
+ booktitle={NDSS},
+ year={2017}
+}
+@article{zhang2016truspy,
+ title={TruSpy: Cache Side-Channel Information Leakage from the Secure World
on ARM Devices.},
+ author={Zhang, Ning and Sun, Kun and Shands, Deborah and Lou, Wenjing and
Hou, Y Thomas},
+ journal={IACR Cryptol. ePrint Arch.},
+ volume={2016},
+ pages={980},
+ year={2016}
+}
+
+
+
+@Misc{sim2019,
+ author = {Security Research Labs},
+ title = {New SIM attacks de-mystified, protection tools now available
},
+ howpublished = {\url{https://srlabs.de/bites/sim_attacks_demystified/}},
+ year = {2019},
+}
+
+@TechReport{intel2020sgx,
+ author = {Dan Goodin},
+ title = {Intel SGX is vulnerable to an unfixable flaw that can steal
crypto keys and more},
+ institution = {ARS Technica},
+ year = {2020},
+}
+
+
+
+
+@InProceedings{amd2019,
+ author = {Mengyuan Li and Yinqian Zhang and Zhiqiang Lin and Yan
Solihin},
+ title = {Exploiting Unprotected I/O Operations inAMD’s Secure
Encrypted Virtualization},
+ booktitle = {USENIX Security Symposium},
+ year = {2019},
+}
+
+@Misc{sim2020,
+ author = {Peter Buttler},
+ title = {WIB Vulnerability: Sim-Card that Allows Hackers to Takeover
Phones},
+ howpublished =
{\url{https://readwrite.com/2020/01/06/wib-vulnerability-sim-card-that-allows-hackers-to-takeover-phones/}},
+ month = {January},
+ year = {2020},
+}
+
+@Misc{intel2020sgaxe,
+ author = {Ravie Lakshmanan},
+ title = {Intel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk'
Side-Channel Attacks},
+ howpublished =
{\url{https://thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html}},
+ month = {June},
+ year = {2020},
+}
+
+@Misc{intel2006survey,
+ author = {Alexander Nilsson and Pegah Nikbakht Bideh and Joakim Brorsson},
+ title = {A Survey of Published Attacks on Intel SGX},
+ howpublished = {\url{https://arxiv.org/pdf/2006.13598v1.pdf}},
+ year = {2006},
+}
+
+@inproceedings{arm2017clkscrew,
+author = {Tang, Adrian and Sethumadhavan, Simha and Stolfo, Salvatore},
+title = {CLKSCREW: Exposing the Perils of Security-Oblivious Energy
Management},
+year = {2017},
+isbn = {9781931971409},
+publisher = {USENIX Association},
+address = {USA},
+abstract = {The need for power- and energy-efficient computing has resulted in
aggressive cooperative hardware-software energy management mechanisms on modern
commodity devices. Most systems today, for example, allow software to control
the frequency and voltage of the underlying hardware at a very fine granularity
to extend battery life. Despite their benefits, these software-exposed energy
management mechanisms pose grave security implications that have not been
studied before.In this [...]
+booktitle = {Proceedings of the 26th USENIX Conference on Security Symposium},
+pages = {1057–1074},
+numpages = {18},
+location = {Vancouver, BC, Canada},
+series = {SEC'17}
+}
+
+@inproceedings{arm2016cache,
+author = {Lipp, Moritz and Gruss, Daniel and Spreitzer, Raphael and Maurice,
Cl\'{e}mentine and Mangard, Stefan},
+title = {ARMageddon: Cache Attacks on Mobile Devices},
+year = {2016},
+isbn = {9781931971324},
+publisher = {USENIX Association},
+address = {USA},
+abstract = {In the last 10 years, cache attacks on Intel x86 CPUs have gained
increasing attention among the scientific community and powerful techniques to
exploit cache side channels have been developed. However, modern smartphones
use one or more multi-core ARM CPUs that have a different cache organization
and instruction set than Intel x86 CPUs. So far, no cross-core cache attacks
have been demonstrated on non-rooted Android smartphones. In this work, we
demonstrate how to solve key [...]
+booktitle = {Proceedings of the 25th USENIX Conference on Security Symposium},
+pages = {549–564},
+numpages = {16},
+location = {Austin, TX, USA},
+series = {SEC'16}
+}
\ No newline at end of file
diff --git a/2022-privacy/privacy.tex b/2022-privacy/privacy.tex
new file mode 100644
index 0000000..544a3e8
--- /dev/null
+++ b/2022-privacy/privacy.tex
@@ -0,0 +1,104 @@
+\documentclass{article}
+
+\usepackage{url}
+\usepackage{enumitem}
+
+\title{Accounts Considered Harmful}
+\author{Christian Grothoff \and \"Oezguer Kesim}
+\date{\today}
+\begin{document}
+
+\maketitle
+
+\abstract{
+The European Central Bank (ECB) published a report on ``Central Bank Digital
+Currency: functional scope, pricing and controls'' in its' Occasional Paper
+Series in December 2021 detailing various challenges for the Digital Euro.
+While the authors peripherally acknowledge the existence of token-based
+payment systems, the notion that a Digital Euro will somehow require citizens
+to have some kind of central bank account is pervasive in the paper. We argue
+that an account-based design cannot meet the ECB's stated design goals and
+that the ECB needs to fundamentally change its mindset when thinking about
+itself and the Digital Euro if it wants the project to succeed.
+}
+
+\section{The European Central Bank and Privacy}
+
+The ECB's report starts with a public interest-oriented self-image of central
+banks. For example, the authors claim that ``central banks operate in the
+interest of society, setting goals in the public interest rather than private
+interest'' and ``as public and independent institutions, central banks have no
+interest in monetising users' payment data. They would only process such data
+to the extent necessary for performing their functions and in full compliance
+with public interest objectives and legislation.'' While this is a laudable
+aspiration, it is false. The Bank of Greece, one of the central banks of the
+Eurosystem, is dominantly privately held and listed on the Athents stock
+exchange~\cite{wikipedia}. Similar constructions with privately owned central
+banks exist outside of the Eurozone, for example with the Swiss National
+Bank~\cite{SNB}. That all central banks are independent and operate in the
+public interest is currently widely questioned in the popular press in the
+case of Turkey~\cite{FIXME}. With counter-examples inside the ECB itself and
+within Europe, it is clear that the ECB's is caught in a dangerous
+self-delusion of central banks being an politically neutral and public-minded
+institutions.
+
+This delusion is dangerous because it leads to the ECB trusting itself with
+information and decisions that it must be entrusted with. In particular, the
+authors write that the ECB ``may also prefer the (...) the ability to control
+the privacy of payments data''. This is a fundamental misconception of the
+notion of privacy. Citizens will \emph{only} have privacy with a Digital Euro
+if they themselves have control over their payment data. Privacy and the human
+right of informational self-determination requires that each (legally capable)
+citizen is in control of their personal data. The ECB asserting the ``ability
+to control the privacy'' is thus an oxymoron: once anyone else has control,
+citizens have no privacy. As an institution that claims to act in the public
+interest, the ECB's report thus shows a fundamental lack of respect of its
+sovereign: the European citizens. If European democratic ideals are to
+prevail, we clearly need to reestablish the principles of personal
+self-reliance, personal independence and subsidiarity in the design processes
+for critical infrastructure created by European institutions.
+
+\section{Accounts}
+
+1) Die Autoren sind sehr in der Idee gefangen, dass eine CBDC durch Accounts
abgebildet werden muss. Gerade auf Seite 21 "A CBDC account/wallet" would need
to be associated with (...) a unique identity and identifier code" -- bei
Tokens bzw. mit Privacy geht dies gerade eben nicht.
+
+
+
+3) "As a way of combining use of digital identity and CBDC". Mit anderen
+Worten, wir wollen den glaesernen Buerger nach Chinesischem Vorbild. E-ID
+wurde in der Schweiz abgelehnt, Internetpassports sind politisch auch schnell
+von der Buehne verschwunden, aber ueber die CBDCs koennen wir das doch noch
+erreichen. Fehlt nur noch der Mastercard-Ansatz von "pay with your smile"
+(Gesichtserkennung). Schon nicht mehr witzig, wenn wir auf der einen Seite
+das EU-Parl haben was Gesichtserkennung verbieten will, und gleichzeitig eine
+EZB die eine --- natuerlich am Ende per multi-factor (inkl. Biometrie)
+authentifizierte --- Digitale Identitaet zum Bezahlen einfuehren will.
+
+
+\section{Technical Blindspots}
+
+
+2) Einer der Punkte von unserem SNB Paper, dass eine Token-Basierte Loesung
ein Aufbewahrungsrisko erzeugt, wurde nicht wahrgenommen. So schreiben sie zum
Thema "excessive hoardings of CBDC" dass "risk-free assets have a negative
yield (apart from banknotes, which are costly and risky to store in large
amounts)". Das eine Token-Basierte CBDC genau das gleiche Risiko fuer die
Besitzer erzeugen wuerde, blenden Sie als Loesungsansatz komplett aus.
+
+Dafuer wollen Sie "tier one allowances (...) calculated in accordance to
+(...) presumed cash needs". Aus dem CO2-Zertifikatsdisaster haben sie also
nichts gelernt, wo viele der schlimmsten Firmen sich durch hohe
Bedarfsmeldungen erst uebertrieben hohe CO2-Quoten zurechtgerechnet haben ---
und sich dann durch den CO2-Zertifikatsverkauf bereichert haben. Die Idee, man
koennte solche Bedarfsformeln aufstellen ist aus meiner Sicht naiv, denn da
wird es wieder Manipulationen geben, wo sich Firmen dann hohe negativzinzfreie
Quoten ausrechnen lassen. IMO eine ganz s [...]
+
+
+\section{Alternatives}
+
+Tokens.
+
+Privacy-preserving age-restrictions instead of E-ID.
+
+\section{Conclusion}
+
+
+\section*{Acknowledgements}
+
+% We thank XXX for insightful comments on an earlier draft of this text.
+
+\bibliographystyle{alpha}
+\bibliography{literature}
+
+
+\end{document}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-marketing] branch master updated: draft,
gnunet <=