[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: toc refactor
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: toc refactor |
Date: |
Tue, 20 Oct 2020 10:29:53 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 7f173bd toc refactor
7f173bd is described below
commit 7f173bd64f447b010fbcd741862196eb5611b78d
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Oct 20 10:29:51 2020 +0200
toc refactor
---
doc/ypsomed/ypsomed.tex | 81 ++++++++++++++++++++++---------------------------
1 file changed, 37 insertions(+), 44 deletions(-)
diff --git a/doc/ypsomed/ypsomed.tex b/doc/ypsomed/ypsomed.tex
index 4a127a5..87652d9 100644
--- a/doc/ypsomed/ypsomed.tex
+++ b/doc/ypsomed/ypsomed.tex
@@ -42,19 +42,19 @@ Dennis Neufeld also recently completed his bachelor's
degree in IT security.
He was the partner of Dominik in his bachelor thesis.
He is also a developer and is responsible for the integration of Anastasis
into other products.
-Christian Grothoff is Professor at the BFH in Biel. He was the project expert
and product owner
+Christian Grothoff is Professor at the BFH in Biel. He was the project expert
and product owner
of the Anastasis thesis. He is the chairman of the Anastasis start-up and
supports the development
process with his experience.
Berna Alp is an economist by trade. She is currently council member at the
pretty Easy privacy (pEp) foundation,
a board member at ISOC Switzerland and she owns a consulting business
specialized in IT transformation and ERP projects.
-She has worked as Project Coordinator on World Bank projects, as Senior FI/CO
Consultant at Andersen Consulting in New York City
+She has worked as Project Coordinator on World Bank projects, as Senior FI/CO
Consultant at Andersen Consulting in New York City
and as SAP FI/CO \& JVA team lead at a multi-national steel company
implementing SAP in 28 companies and 17 countries.
-She takes on the general manager role at Anastasis.
+She takes on the general manager role at Anastasis.
Vaishnavi Mohan is a software engineer with a master's in distributed software
systems. She specializes in the development
-and secure deployment of applications on public clouds. She will steer the
technical development and decide
-on the specifics for the deployment in the cloud and integration with existing
cloud services at Anastasis.
+and secure deployment of applications on public clouds. She will steer the
technical development and decide
+on the specifics for the deployment in the cloud and integration with existing
cloud services at Anastasis.
\section{Problem statement}
Today information losses from security incidents are rampant, either
@@ -83,20 +83,20 @@ research at the Institute of the Future’s Blockchain
Futures Lab,
writes about his experiences in losing and trying to recover his
wallet key.
-All these cases show the need for a way to backup a core secret.
+All these cases show the need for a way to backup a core secret.
The most common solution for this problem is to ask the user to remember
-a strong passphrase, but this is inadequate for mass adoption. Users
+a strong passphrase, but this is inadequate for mass adoption. Users
tend to either make passwords too easy or are bad at remembering them.
-As previously mentioned the loss of such a core secret can cause severe
+As previously mentioned the loss of such a core secret can cause severe
data and financial losses for a user. Our project was conceived as a solution
to similar problems several privacy-enhancing software projects are facing
today.
Specifically, the Swiss pretty Easy privacy project (https://pep.foundation),
an E-Mail encryption solution,
-needs an easy way for users to recover their private keys to avoid the loss of
+needs an easy way for users to recover their private keys to avoid the loss of
encrypted E-Mails. Furthermore, Taler Systems SA is building an electronic
payment
system and is facing an equivalent challenge: The European Central Bank
informed them
about a requirement for electronic wallets denominated in Euros to support
password-less data recovery.
Cryptocurrencies and E-health data platforms like MI-DATA where end-users are
expected to be in control of their
-data also face this well-known issue. We designed Anastasis to address this
common problem of cryptographic consumer products.
+data also face this well-known issue. We designed Anastasis to address this
common problem of cryptographic consumer products.
\section{Summary of the work accomplished}
@@ -110,7 +110,7 @@ authenticate the user. Even that information is only
disclosed at the time of au
\subsection{Approach}
Our approach to solve the problem of key recovery is to let the user
-split their core secret across multiple escrow providers.
+split their core secret across multiple escrow providers.
To recover their core secret, the user has to authorize the
key recovery, usually by passing an authentication check
which they configured for the respective provider.
@@ -125,7 +125,7 @@ The following graphic gives an overview of the Anastasis
architecture.
\label{fig:system_architecture}
\end{figure}
-\subsubsection{Derive user identifier}
+\subsection{Derive user identifier}
Every person has some hard to guess, semi-private and unforgettable
inherent attributes such as name and passport number, social security
number or AHV number (in Switzerland). We use those attributes to
@@ -139,21 +139,21 @@ for the up- and download procedure.
\subsection{Recovery and backup flow}
The following is a very simplified description of the Anastasis protocol. It
is only intended to illustrate how Anastasis basically works:\\
\begin{figure}[H]
- \centering
+ \centering
\includegraphics[scale=0.35]{images/key_gen.eps}
\caption{Key generation}
\label{fig:key_generation}
\end{figure}
Before each backup or recovery process, two keys (K1 and K2) are derived from
the user attributes.\\
\begin{figure}[H]
- \centering
+ \centering
\includegraphics[scale=0.35]{images/step1.eps}
\caption{Split secret and encrypt}
\label{fig:step1}
\end{figure}
During a backup process, the core secret is first split into several parts.
These parts are then each encrypted with the first key (K1). \\
\begin{figure}[H]
- \centering
+ \centering
\includegraphics[scale=0.35]{images/step2.eps}
\caption{Add authentication data and encrypt}
\label{fig:step2}
@@ -166,7 +166,7 @@ Authentication data is then added to the encrypted parts
(e.g. mobile phone numb
\label{fig:step3}
\end{figure}
In the last step of the backup procedure the prepared parts are distributed
to the various provider servers.\\
-
+
\begin{figure}[H]
\centering
\includegraphics[scale=0.35]{images/step1_recovery.eps}
@@ -175,34 +175,34 @@ Authentication data is then added to the encrypted parts
(e.g. mobile phone numb
\end{figure}
In a recovery process the user must authenticate himself with the
corresponding providers using his stored authentication data. However, since
these providers cannot yet access the data, the user must send them the second
key (K2). This key enables them to read only the necessary data.\\
\begin{figure}[H]
- \centering
+ \centering
\includegraphics[scale=0.35]{images/step2_recovery.eps}
\caption{Authenticate and receive parts}
- \label{fig:step2_rec}
+ \label{fig:step2_rec}
\end{figure}
If the user has authenticated himself correctly, he will receive the encrypted
parts of the core secret from the respective providers. The user can decrypt
these parts with the first key (K1).\\
\begin{figure}[H]
- \centering
+ \centering
\includegraphics[scale=0.3]{images/step3_recovery.eps}
\caption{Reassemble parts recover secret}
\label{fig:step3_rec}
\end{figure}
In the last step the user reassembles the decrypted parts of the core secret.\\
-\subsection{Current status}
-We created a working prototype of the application during our Bachelor thesis.
-We developed a working backend and a command line program as client.
+\subsection{Current status}
+We created a working prototype of the application during our Bachelor thesis.
+We developed a working backend and a command line program as client.
As a payment system we have already integrated GNU Taler.
-At the moment we only developed the authentication with the secure question.
+At the moment we only developed the authentication with the secure question.
We are currently implementing the other authentication methods (email, SMS,
post, video).
-Besides that we are currently developing a client with a graphical user
interface.
+Besides that we are currently developing a client with a graphical user
interface.
Another open point is the integration of the software into other applications
(Taler, PEP).
For a more detailed overview of the open work see the project plan below.
-
+
\section{Discussion of the technical implementation potential}
There are a few key recovery solutions on the market today. Some examples of
existing key recovery solutions and their problems shall be introduced in the
following.
-Coinbase is a global digital asset exchange company which provides a venue to
buy and sell crypto currencies. Coinbase uses wallets secured with private
keys. To recover this private key the user must provide a 12-word recovery
phrase. Coinbase now offers a “solution” to securely deposit this recovery
phrase onto the users Google Drive. The security here lies within the Google
Account and the password used to encrypt the security phrase. The problem here
is that this approach undermines [...]
+Coinbase is a global digital asset exchange company which provides a venue to
buy and sell crypto currencies. Coinbase uses wallets secured with private
keys. To recover this private key the user must provide a 12-word recovery
phrase. Coinbase now offers a “solution” to securely deposit this recovery
phrase onto the users Google Drive. The security here lies within the Google
Account and the password used to encrypt the security phrase. The problem here
is that this approach undermines [...]
Vault12 is a service using Shamir Secret Sharing provided by the Vault-Tec
Corporation. Shamir Secret Sharing is a so called „Social Recovery“ method. It
allows to split all kind of data, (pictures, passphrases, cryptographic keys)
into shares and distribute them to trusted entities, called „Guardians“ in
Vault12. To recover the data a subset of the chosen Guardians is asked to
release their share. The released shares are used to reconstruct the data
again. Vault12 is available for iOS, [...]
@@ -210,9 +210,9 @@ MI-DATA is a Swiss platform for e-health data. They also
use Shamir secret split
Connect.me is a closed source digital identity wallet. The recovery of the
used key and the wallet works similar to Coinbase: An encrypted backup of the
user data is stored on the cloud, which can be downloaded and decrypted using a
recovery phrase. The software offers no solution how the user keeps this
phrase. The user is therefore responsible for storing it correctly.
-uPort is an opensource digital identity wallet based on Etherium. uPort also
works with the 12-word-recovery phrase and also doesn’t offer a solution for
the user to securely store the phrase.
+uPort is an opensource digital identity wallet based on Etherium. uPort also
works with the 12-word-recovery phrase and also doesn’t offer a solution for
the user to securely store the phrase.
-As we can see the most solutions either work with shamir secret splitting or
with a passphrase. The Method with the passphrase is too unreliable, the user
+As we can see the most solutions either work with shamir secret splitting or
with a passphrase. The Method with the passphrase is too unreliable, the user
has to remember his secret or his key is lost, resulting in a single point of
failure.
The other solutions are based on Shamir secret splitting. The main problem of
shamir secret splitting is that it is not flexible. With Shamir secret
splitting, the user can only define a threshold at which point the
authentication is successful. With Anastasis the user can define which
combinations of providers can successfully recover the secret. As an example we
have the Providers A, B, C and D. The user knows the provider A and fully
trusts him. This means the user can now set up comb [...]
@@ -241,9 +241,7 @@ We are currently in the process of building a start-up for
the
Anastasis application. This business model shows an overview how we
operate Anastasis within our start-up.
-\subsection{Business model canvas}
-
-\subsubsection{Key partners}
+\subsection{Key partners}
Our key partners for Anastasis are three entities. First the business
partners, Taler Systems SA and p$\equiv$p Foundation, with whom we could
@@ -260,7 +258,7 @@ support by the BFH for hosting and mentoring. Prof. Dubius
has already
agreed to serve on our advisory board, and Prof. Grothoff would be
happy to continue his support in the development process.
-\subsubsection{Key activities}
+\subsection{Key activities}
The main work of our start up is the completion of our software for
commercial use. This involves the integration of different
@@ -268,7 +266,7 @@ authentication methods and the integration of our
application into the
different consumer applications. Another key activity is the
maintenance and deployment of our service.
-\subsubsection{Key resources}
+\subsection{Key resources}
Our developers need a device to work with, we agreed to the policy to
“bring your own device” this means the start-up does not have to
@@ -284,16 +282,16 @@ application.
Additionally, the start-up needs a person who is responsible for the
business of Anastasis. This employee would be responsible to find new
business partners and present our application to investors. This
-employee might initially work only part-time.
+employee might initially work only part-time.
-\subsubsection{Value propositions}
+\subsection{Value propositions}
As mentioned earlier there are many applications which need a key
recovery system. Anastasis is also a privacy friendly and transparent
solution. Furthermore, Anastasis will make sure that the application
is user friendly and inexpensive.
-\subsubsection{Customer relationships}
+\subsection{Customer relationships}
In the early stages of our start-up our customers are primary going to
be business customers like Taler Systems SA, p$\equiv$p Foundation,
@@ -311,7 +309,7 @@ be the case for applications where popular non-commercial
solutions
are freely available. An example for this domain would be consumer
software that enables disk encryption.
-\subsubsection{Customer segments}
+\subsection{Customer segments}
Our business customers will be primarily developers of security
applications which need a way to enable end-users to securely
@@ -323,7 +321,7 @@ of their data also burdens the user with taking care of
their private
keys. Specific applications include payment services including
crypto-currencies and end-to-end encrypted communication services.
-\subsubsection{Cost structure}
+\subsection{Cost structure}
The main cost for our start-up is the salary of our employees. We need
to have two or more fulltime employees for the development and one
@@ -332,7 +330,7 @@ the start-up are the costs for registering a company. To
provide
Anastasis as a service, we expect to make use of existing public Cloud
services, which also cost a little bit.
-\subsubsection{Revenue streams}
+\subsection{Revenue streams}
In the beginning, businesses like Taler Systems SA will pay us to
operate an Anastasis server and to help them integrate our protocol
@@ -348,8 +346,3 @@ authentication methods like video identification.
\printbibliography[heading=bibintoc]
\end{document}
-
-
-
-
-
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: toc refactor,
gnunet <=