[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: ypsomed draft
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: ypsomed draft |
Date: |
Thu, 01 Oct 2020 15:11:17 +0200 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 23c84bc ypsomed draft
23c84bc is described below
commit 23c84bc5d9c29b68d15c0e288235ce30a3c97431
Author: Dominik Meister <dominik.meister@hotmail.ch>
AuthorDate: Thu Oct 1 15:11:10 2020 +0200
ypsomed draft
---
doc/ypsomed/step1.png | Bin 0 -> 185483 bytes
doc/ypsomed/step1_recovery.png | Bin 0 -> 245134 bytes
doc/ypsomed/step2.png | Bin 0 -> 86360 bytes
doc/ypsomed/step2_recovery.png | Bin 0 -> 207479 bytes
doc/ypsomed/step3.png | Bin 0 -> 199023 bytes
doc/ypsomed/step3_recovery.png | Bin 0 -> 313747 bytes
doc/ypsomed/system-architecture_2.png | Bin 0 -> 76910 bytes
doc/ypsomed/system_design.png | Bin 0 -> 57272 bytes
doc/ypsomed/user_id.png | Bin 0 -> 44157 bytes
doc/ypsomed/ypsomed.tex | 358 ++++++++++++++++++++++++++++++++++
10 files changed, 358 insertions(+)
diff --git a/doc/ypsomed/step1.png b/doc/ypsomed/step1.png
new file mode 100644
index 0000000..7619973
Binary files /dev/null and b/doc/ypsomed/step1.png differ
diff --git a/doc/ypsomed/step1_recovery.png b/doc/ypsomed/step1_recovery.png
new file mode 100644
index 0000000..455c445
Binary files /dev/null and b/doc/ypsomed/step1_recovery.png differ
diff --git a/doc/ypsomed/step2.png b/doc/ypsomed/step2.png
new file mode 100644
index 0000000..b60b715
Binary files /dev/null and b/doc/ypsomed/step2.png differ
diff --git a/doc/ypsomed/step2_recovery.png b/doc/ypsomed/step2_recovery.png
new file mode 100644
index 0000000..2213133
Binary files /dev/null and b/doc/ypsomed/step2_recovery.png differ
diff --git a/doc/ypsomed/step3.png b/doc/ypsomed/step3.png
new file mode 100644
index 0000000..b31f60e
Binary files /dev/null and b/doc/ypsomed/step3.png differ
diff --git a/doc/ypsomed/step3_recovery.png b/doc/ypsomed/step3_recovery.png
new file mode 100644
index 0000000..6edbf06
Binary files /dev/null and b/doc/ypsomed/step3_recovery.png differ
diff --git a/doc/ypsomed/system-architecture_2.png
b/doc/ypsomed/system-architecture_2.png
new file mode 100644
index 0000000..7c2cbd0
Binary files /dev/null and b/doc/ypsomed/system-architecture_2.png differ
diff --git a/doc/ypsomed/system_design.png b/doc/ypsomed/system_design.png
new file mode 100644
index 0000000..52ff118
Binary files /dev/null and b/doc/ypsomed/system_design.png differ
diff --git a/doc/ypsomed/user_id.png b/doc/ypsomed/user_id.png
new file mode 100644
index 0000000..42c741c
Binary files /dev/null and b/doc/ypsomed/user_id.png differ
diff --git a/doc/ypsomed/ypsomed.tex b/doc/ypsomed/ypsomed.tex
new file mode 100644
index 0000000..3b27176
--- /dev/null
+++ b/doc/ypsomed/ypsomed.tex
@@ -0,0 +1,358 @@
+\documentclass{scrartcl}
+\usepackage{lipsum}
+%%\usepackage[french]{babel}
+%%\usepackage[ngerman]{babel}
+
+
+%% Choose default font for the document
+%% Warning : only ONE of the following should be enabled
+\usepackage{kpfonts}
+%%\usepackage{libertine}
+%% The following chose the default language for the document and
+%% use the default typography rules for the choosen language.
+\usepackage{polyglossia}
+\setdefaultlanguage{english}
+%% \setdefaultlanguage{german}
+%%\setdefaultlanguage{french}
+\usepackage{listings}
+\usepackage[backend=biber, style=ieee]{biblatex}
+\addbibresource{seminar.bib}
+
+\usepackage{graphicx}
+
+\begin{document}
+\title{Anastasis}
+\subtitle{Key recovery solution}
+\date{\today} %% or \date{01 november 2018}
+\author{Dominik Meister (\texttt{dominik.meister@hotmail.ch})\\
+Dennis Neufeld (\texttt{dennis-neufeld@gmx.de})}
+\maketitle
+\clearpage
+\tableofcontents
+\clearpage
+
+\section{Introduction}
+Users of cryptography are frequently facing the challenge to secure their core
secrets (private keys), and the
+contemporary default of asking them to remember strong passphrases is
inadequate for mass adoption. The loss
+of such a core secret can cause severe data and financial losses for a user.
Our project was conceived as a solution
+to similar problems several privacy-enhancing software projects are facing
today. Specifically, the Swiss pretty
+Easy privacy project (https://pep.foundation), an E-Mail encryption solution,
needs an easy way for users to
+recover their private keys to avoid the loss of encrypted E-Mails.
Furthermore, Taler Systems SA is building an
+electronic payment system and is facing an equivalent challenge: The European
Central Bank informed them
+about a requirement for electronic wallets denominated in Euros to support
password-less data recovery.
+Cryptocurrencies and E-health data platforms like MI-DATA where end-users are
expected to be in control of their
+data also face this well-known issue. The problem is simultaneously assuring
availability and confidentiality,
+instead of trading one for the other.
+We designed Anastasis to address this common problem of cryptographic consumer
products.
+
+\section{Solution}
+Anastasis is a key recovery system that allows the user to securely deposit
shares of a core secret with an open set of escrow
+providers, and to recover the secret if the user lost it. The main objective
of Anastasis is to ensure that the user
+can reliably recover the core secret, while making this as difficult as
possible for everyone else. The core secret
+itself is protected from the escrow providers by giving each provider only
part of the information, and additionally
+by encrypting it with an identity-based key unknown to the providers. Our
protocol ensures that - without prior
+knowledge- the service providers learn nothing from the protocol except the
minimum amount of data required to
+authenticate the user. Even that information is only disclosed at the time of
authentication.
+
+\subsection{Approach}
+???????????????????????????
+
+\subsubsection*{Secret sharing and recovery}
+Our approach to solve the problem of key recovery is to let the user
+split their core secret across multiple escrow providers (see
+Figure~\ref{fig:system_arch2}). To recover their core secret, the user has to
+authorize key the recovery, usually by passing an authentication check
+which they configured for the respective provider.
+
+After successful authentication the user receives the secret shares
+and is able to reassemble their core secret locally on their computer.
+\begin{center}
+\includegraphics[scale=0.33]{system-architecture_2.png}
+\end{center}
+
+\subsubsection*{Derive user identifier}
+Every person has some hard to guess, semi-private and unforgettable
+inherent attributes such as name and passport number, social security
+number or AHV~\cite{jerome2015} number (in Switzerland). We use those
attributes to
+improve the security and privacy provided by Anastasis. Basically,
+these attributes serve as weak key material, raising the bar for
+attackers without the availability disadvantages of passphrases ---
+which users may forget. Anastasis derives a ``user identifier'' from
+such a set of unforgettable attributes (see Figure~\ref{fig:user_id}).
+
+\begin{center}
+\includegraphics[scale=0.3]{user_id.png}
+\end{center}
+
+\subsubsection*{Encrypt and encrypt and encrypt}
+Anastasis uses several layers of encryption. First, the user's core
+secret is encrypted with a master key. The master key is encrypted
+with various policy keys. The policy keys are derived from various
+secrets which are encrypted and distributed across various providers
+together with information about the desired recovery authorization
+procedure. This last encryption is done based on keys derived from the
+user identity. These many layers of encryption are designed to
+distribute trust and to minimize or delay information disclosure.
+
+\subsection{System architecture}
+This graphic shows the basic architecture of the Anastasis
+application. It shows a simplified flow of the application. The
+details of each component are explained later.
+
+\begin{center}
+\includegraphics[scale=0.4]{system_design.png}
+\end{center}
+
+\begin{enumerate}
+\item The Anastasis CLI interacts with the Anastasis API. The
+ Anastasis API is responsible for triggering interactions with the
+ user, and also manages the interactions between the
+ various client-side components.
+\item After the user provided their unforgettable secret, the
+ Crypto API derives the needed key material for the further
+ communication. This is simplified, in reality the client would first
+ need to download the server salt to generate the user keys. The
+ crypto API is later also responsible for the decryption and
+ encryption of the data, sent or received from the server.
+\item The Service API is responsible for the communication with the
+ Anastasis server. The Anastasis API sends the previously generated
+ data and the user selected request to the service.
+ The Service API is also responsible to handle
+ the server's response to the request.
+\item The central webserver logic handles HTTP requests sent to it by the
+ clients. It will dispatch requests to the corresponding handler. The
+ webserver's core logic also returns the response and the status code
+ of the operation to the client application.
+\item Each REST endpoint of the Anastasis server is implemented by
+ a specific handler. The handler prcesses the requests, typically
+ by storing or looking up the requested
+ data with the database. When the request is finished, the handler will
+ send back the data or the status code to the webserver's core logic.
+\end{enumerate}
+
+
+\subsection{Recovery and backup flow}
+ Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu
Miau Katze Pingu Miau Katze Pingu Miau Katze \\
+ \begin{center}
+ \includegraphics[scale=0.35]{step1.png}
+ \end{center}
+ Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu
Miau Katze Pingu Miau Katze Pingu Miau Katze \\
+\begin{center}
+ \includegraphics[scale=0.35]{step2.png}
+ \end{center}
+ Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu Miau Katzevv Pingu
Miau Katze Pingu Miau Katze Pingu Miau Katze\\
+\begin{center}
+ \includegraphics[scale=0.35]{step3.png}
+ \end{center}
+
+ Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu
Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu \\
+\begin{center}
+ \includegraphics[scale=0.35]{step1_recovery.png}
+ \end{center}
+
+\begin{center}
+ \includegraphics[scale=0.35]{step2_recovery.png}
+ \end{center}
+
+ \begin{center}
+ \includegraphics[scale=0.3]{step3_recovery.png}
+ \end{center}
+
+Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu Miau Katze Pingu Miau
Katze Pingu Miau Katze Pingu Miau Katze Pingu \\
+
+\section{Team}
+Einleitung in die Team Mitglieder :)
+
+
+
+\section{Project plan}
+A key challenge for Anastasis is that we need to offer a diverse set of
authentication methods, as required from
+our business customers. To fully offer these in-house would substantially
increase the complexity of our business.
+While we need to be able to authenticate users on demand, this will be an
infrequent business process. Thus, our
+strategy is to outsource the execution of specific authentication procedures
to specialised providers. For example,
+inexpensive cloud services exist for sending SMS, physical mail, or performing
video identification. Thus, our
+development focus will be the integration of these services.
+A second challenge is to acquire new customers. Our main distribution channel
are companies offering privacy-
+enhancing solutions to consumers. We will work with these companies to
integrate Anastasis with their products,
+and to enter into business agreements to ensure that we are the default
provider in the software delivered to the
+customer.
+If we receive the BRIDGE funding, we will definitely found a GmbH to operate
the service. We already have
+recruited some members for the advisory board, including two professors from
the BFH and two representatives
+of cooperate customers.
+
+Our objective for the first year is for Anastasis to implement several
authentication services, have a working cloud
+deployment with monitoring, and to be integrated with various cryptographic
consumer products.
+Key milestones are the various integrations of the different authentication
methods, the integration of
+cryptographic consumer products, and the deployment of our application.
+Additionally, we would always look out for new customers and clients who could
benefit from Anastasis.
+
+%Grafik Projektplan
+
+
+\section{Business model}
+%FIXME CITES !!
+We are currently in the process of building a start-up for the
+Anastasis application. This business model shows an overview how we
+want to build our start-up and how we want to continue our work on the
+project.
+
+\subsection{Market review and innovation potential}
+
+There are already some key recovery or key splitting solutions on the
+market. For example, there is a solution from Coinbase. Coinbase is a
+global digital asset exchange company, providing a venue to buy and
+sell digital currencies. Coinbase also uses wallets secured with
+private keys. To recover this private key the user has to provide a 12
+words recovery phrase. Coinbase now offers a solution to securely
+deposit this recovery phrase onto the users Google Drive. The security
+here lies within the Google Account and the password used to encrypt
+the security phrase~\cite{coinbase}. The problem here is that this approach
undermines
+confidentiality. It exchanges a hard to guess password with a shorter
+and easier to guess password. The difficulty is to simultaneously
+assure availability and confidentiality, instead of trading one for
+the other. By allowing citizens to simultaneously achieve
+confidentiality and availability we improve their ability to exercise
+their right to informational self-determination.
+
+Today information losses from security incidents are rampant, either
+because data is exposed (loss of confidentiality) or because users
+lose their data because of lacking backups (loss of availability). As
+seen in the study of the Global Data Protection Index
+2018~\cite{global_data_index}, 76\% of those interviewed had an
+availability incident. 1TB of data loss or 20 hours of downtime
+reportedly costs half a million dollars. On the other hand, loss of
+confidential private data can result in fines under data protection
+regulation, as well as a difficult to quantify loss of reputation.
+Prominent cases in which sometimes enormous amounts of money have been
+gone useless by losing the key to the digital wallet clarify the
+urgent need of a key recovery system like Anastasis. For example the
+case QuadrigaCX exchange was heavily discussed in the media when the
+chief executive, Gerald Cotton, unexpectedly died and left £145
+million in a “cold wallet”.~\cite{millions_lost}
+
+In some cases there is a workaround to recover a lost key, provided
+there is a security hole in the digital wallet software that can be
+exploited, but it is far from user friendly and also questions the
+confidentiality of data in such a system. In his article “’I Forgot My
+PIN’: An Epic Tale of Losing \$30,000 in Bitcoin” \cite{forgot_my_pin}
+Mark Frauenfelder, a former editor at WIRED and the director of
+research at the Institute of the Future’s Blockchain Futures Lab,
+writes about his experiences in losing and trying to recover his
+wallet key.
+
+\subsection{Business model canvas}
+
+\subsubsection{Key partners}
+
+Our key partners for Anastasis are three entities. First the business
+partners, Taler Systems SA and p$\equiv$p Foundation, with whom we could
+already make contracts and wish to integrate our product. Second are
+the providers of Cloud services. To operate Anastasis with minimal
+cost we need the service of these providers. These providers can
+additionally provide us authentication services, this also minimizes
+the complexity of our solution since we do not have to implement these
+services by ourselves. Such a provider could be for example Amazon
+AWS, Azure, Google.
+
+In addition to these industry partners, we also count on the continued
+support by the BFH for hosting and mentoring. Prof. Dubius has already
+agreed to serve on our advisory board, and Prof. Grothoff would be
+happy to serve as non-executive chairman for the company.
+
+\subsubsection{Key activities}
+
+The main work of our start up is the completion of our software for
+commercial use. This involves the integration of different
+authentication methods and the integration of our application into the
+different consumer applications. Another key activity is the
+maintenance and deployment of our service.
+
+\subsubsection{Key resources}
+
+Our developers need a device to work with, we agreed to the policy to
+“bring your own device” this means the start-up does not have to
+invest in hardware. To operate our application, we will need servers
+to provide our service, as previously mentioned we would provide our
+service on a Cloud provider. For the timely further development of
+our service and integration with various authentication providers,
+payment solutions and applications needing key recovery, we see an
+initial need for at least two fulltime employees. These developers
+would also be responsible for the maintenance and deployment of the
+application.
+
+Additionally, the start-up needs a person who is responsible for the
+business of Anastasis. This employee would be responsible to find new
+business partners and present our application to investors. This
+employee might initially work only part-time. To be able to properly
+launch the start-up, we are hoping to find a combination of investors
+and grants.
+
+\subsubsection{Value propositions}
+
+As mentioned earlier there are many applications which need a key
+recovery system. Anastasis is also a privacy friendly and transparent
+solution. Furthermore, Anastasis will make sure that the application
+is user friendly and inexpensive.
+
+\subsubsection{Customer relationships}
+
+In the early stages of our start-up our customers are primary going to
+be business customers like Taler Systems SA, p$\equiv$p Foundation,
+Fraunhofer AISEC and NymTech, which all want to integrate our solution
+into their products. Thus, early on we will likely pursue B2B sales,
+lining up businesses that would want to integrate Anastasis with
+existing security products.
+
+Once successful products exist in the market, our revenue should
+inherently shift to a B2C model, as then customers will pay for the
+recovery service. We may then also ourselves invest in integration of
+Anastasis with further software solutions to grow the business, even
+in domains where there is no significant business partner. This will
+be the case for applications where popular non-commercial solutions
+are freely available. An example for this domain would be consumer
+software that enables disk encryption.
+
+\subsubsection{Customer segments}
+
+Our business customers will be primarily developers of security
+applications which need a way to enable end-users to securely
+backup end-user key material.
+
+End-users paying for the recovery service will be all users using
+privacy-enhancing technologies, where the putting the user in charge
+of their data also burdens the user with taking care of their private
+keys. Specific applications include payment services including
+crypto-currencies and end-to-end encrypted communication services.
+
+\subsubsection{Cost structure}
+
+The main cost for our start-up is the salary of our employees. We need
+to have two or more fulltime employees for the development and one
+part time employee for the business development. Additional costs for
+the start-up are the costs for registering a company. To provide
+Anastasis as a service, we expect to make use of existing public Cloud
+services, which also cost a little bit.
+
+\subsubsection{Revenue streams}
+
+In the beginning, businesses like Taler Systems SA will pay us to
+operate an Anastasis server and to help them integrate our protocol
+with their software. Once we have many end-users utilizing Anastasis,
+they will have to pay directly for the service. The users have to pay
+a subscription fee and possibly additional fees for expensive recovery
+operations. For example a user might pay 0.10 CHF per month for the
+subscription and 0.01 CHF for each encrypted truth
+upload. Additionally, the user would have to pay for expensive
+authentication methods like video identification.
+
+%% Print the bibibliography and add the section to th table of content
+\newpage
+
+\printbibliography[heading=bibintoc]
+
+\end{document}
+
+
+
+
+
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: ypsomed draft,
gnunet <=