gnunet-svn
[Top][All Lists]

## [taler-anastasis] branch master updated: merged with dennis edits

 From: gnunet Subject: [taler-anastasis] branch master updated: merged with dennis edits Date: Tue, 20 Oct 2020 00:22:56 +0200

This is an automated email from the git hooks/post-receive script.

ds-meister pushed a commit to branch master
in repository anastasis.

new 3c30605  merged with dennis edits
3c30605 is described below

commit 3c306051d587004aa5ec942778efdfc26423c0ca
Author: Dominik Meister <dominik.meister@hotmail.ch>
AuthorDate: Tue Oct 20 00:22:41 2020 +0200

merged with dennis edits
---
doc/ypsomed/ypsomed.tex | 223 +++++++++++++++++++++---------------------------
1 file changed, 98 insertions(+), 125 deletions(-)

diff --git a/doc/ypsomed/ypsomed.tex b/doc/ypsomed/ypsomed.tex
index 2a735f7..4a127a5 100644
--- a/doc/ypsomed/ypsomed.tex
+++ b/doc/ypsomed/ypsomed.tex
@@ -16,7 +16,7 @@
%%\setdefaultlanguage{french}
\usepackage{listings}
\usepackage[backend=biber, style=ieee]{biblatex}

\usepackage{graphicx}
\usepackage{float}
@@ -33,28 +33,71 @@ Dennis Neufeld (\texttt{dennis-neufeld@gmx.de})}
\clearpage

\section{About the author and the team members}
-My name is Dominik Meister and I recently completed my Bachelor's degree in IT
Security.\\
-The design and implementation of Anastasis was the topic of my bachelor thesis.
-During the thesis I could successfully develop a proof of concept of the
software.
-I am responsible for the development of the backend and the deployment of the
software.\\
+Dominik Meister recently completed his Bachelor's degree in IT Security.
+The design and implementation of Anastasis was the topic of his bachelor
thesis.
+During the thesis he could successfully develop a proof of concept of the
software.
+He is responsible for the development of the backend and the deployment of the
software.

-Dennis Neufeld was my partner during the bachelor thesis. He also recently
completed his bachelor's degree in IT security.
-He is also a developer and is responsible for the integration of Anastasis
into other products.\\
+Dennis Neufeld also recently completed his bachelor's degree in IT security.
+He was the partner of Dominik in his bachelor thesis.
+He is also a developer and is responsible for the integration of Anastasis
into other products.

+Christian Grothoff is Professor at the BFH in Biel. He was the project expert
and product owner
+of the Anastasis thesis. He is the chairman of the Anastasis start-up and
supports the development
+process with his experience.
+
+Berna Alp is an economist by trade. She is currently council member at the
pretty Easy privacy (pEp) foundation,
+a board member at ISOC Switzerland and she owns a consulting business
specialized in IT transformation and ERP projects.
+She has worked as Project Coordinator on World Bank projects, as Senior FI/CO
Consultant at Andersen Consulting in New York City
+and as SAP FI/CO \& JVA team lead at a multi-national steel company
implementing SAP in 28 companies and 17 countries.
+She takes on the general manager role at Anastasis.
+
+Vaishnavi Mohan is a software engineer with a master's in distributed software
systems. She specializes in the development
+and secure deployment of applications on public clouds. She will steer the
technical development and decide
+on the specifics for the deployment in the cloud and integration with existing
cloud services at Anastasis.

\section{Problem statement}
-Users of cryptography are frequently facing the challenge to secure their core
secrets (private keys), and the
-contemporary default of asking them to remember strong passphrases is
-of such a core secret can cause severe data and financial losses for a user.
Our project was conceived as a solution
-to similar problems several privacy-enhancing software projects are facing
today. Specifically, the Swiss pretty
-Easy privacy project (https://pep.foundation), an E-Mail encryption solution,
needs an easy way for users to
-recover their private keys to avoid the loss of encrypted E-Mails.
Furthermore, Taler Systems SA is building an
-electronic payment system and is facing an equivalent challenge: The European
Central Bank informed them
+Today information losses from security incidents are rampant, either
+because data is exposed (loss of confidentiality) or because users
+lose their data because of lacking backups (loss of availability). As
+seen in the study of the Global Data Protection Index
+2018~\cite{global_data_index}, 76\% of those interviewed had an
+availability incident. 1TB of data loss or 20 hours of downtime
+reportedly costs half a million dollars. On the other hand, loss of
+confidential private data can result in fines under data protection
+regulation, as well as a difficult to quantify loss of reputation.
+Prominent cases in which sometimes enormous amounts of money have been
+gone useless by losing the key to the digital wallet clarify the
+urgent need of a key recovery system like Anastasis. For example the
+case QuadrigaCX exchange was heavily discussed in the media when the
+chief executive, Gerald Cotton, unexpectedly died and left £145
+million in a “cold wallet”.~\cite{millions_lost}
+
+In some cases there is a workaround to recover a lost key, provided
+there is a security hole in the digital wallet software that can be
+exploited, but it is far from user friendly and also questions the
+confidentiality of data in such a system. In his article “’I Forgot My
+PIN’: An Epic Tale of Losing \$30,000 in Bitcoin” \cite{forgot_my_pin} +Mark Frauenfelder, a former editor at WIRED and the director of +research at the Institute of the Future’s Blockchain Futures Lab, +writes about his experiences in losing and trying to recover his +wallet key. + +All these cases show the need for a way to backup a core secret. +The most common solution for this problem is to ask the user to remember +a strong passphrase, but this is inadequate for mass adoption. Users +tend to either make passwords too easy or are bad at remembering them. +As previously mentioned the loss of such a core secret can cause severe +data and financial losses for a user. Our project was conceived as a solution +to similar problems several privacy-enhancing software projects are facing today. +Specifically, the Swiss pretty Easy privacy project (https://pep.foundation), an E-Mail encryption solution, +needs an easy way for users to recover their private keys to avoid the loss of +encrypted E-Mails. Furthermore, Taler Systems SA is building an electronic payment +system and is facing an equivalent challenge: The European Central Bank informed them about a requirement for electronic wallets denominated in Euros to support password-less data recovery. Cryptocurrencies and E-health data platforms like MI-DATA where end-users are expected to be in control of their -data also face this well-known issue. The problem is simultaneously assuring availability and confidentiality, -instead of trading one for the other. -We designed Anastasis to address this common problem of cryptographic consumer products. +data also face this well-known issue. We designed Anastasis to address this common problem of cryptographic consumer products. + \section{Summary of the work accomplished} Anastasis is a key recovery system that allows the user to securely deposit shares of a core secret with an open set of escrow @@ -78,6 +121,8 @@ The following graphic gives an overview of the Anastasis architecture. \begin{figure}[H] \centering \includegraphics[scale=0.33]{images/system_architecture.eps} + \caption{System overview} + \label{fig:system_architecture} \end{figure} \subsubsection{Derive user identifier} @@ -91,94 +136,56 @@ which users may forget. Anastasis derives a user identifier'' from such a set of unforgettable attributes. This user identifier is used for the up- and download procedure. -\begin{figure}[H] - \centering - \includegraphics[scale=0.35]{images/id_gen.eps} -\end{figure} - -\subsubsection{Encrypt and encrypt and encrypt} -Anastasis uses several layers of encryption. First, the user's core -secret is encrypted with a master key. The master key is encrypted -with various policy keys. The policy keys are derived from various -secrets which are encrypted and distributed across various providers -together with information about the desired recovery authorization -procedure. This last encryption is done based on keys derived from the -user identity. These many layers of encryption are designed to -distribute trust and to minimize or delay information disclosure. - -\subsection{System architecture} -This graphic shows the basic architecture of the Anastasis -application. - -\begin{figure}[H] - \centering - \includegraphics[scale=0.5]{system_design.png} -\end{figure} - -\begin{enumerate} -\item The Anastasis CLI interacts with the Anastasis API. The - Anastasis API is responsible for triggering interactions with the - user, and also manages the interactions between the - various client-side components. -\item After the user provided their unforgettable secret, the - Crypto API derives the needed key material for the further - communication. This is simplified, in reality the client would first - need to download the server salt to generate the user keys. The - crypto API is later also responsible for the decryption and - encryption of the data, sent or received from the server. -\item The Service API is responsible for the communication with the - Anastasis server. The Anastasis API sends the previously generated - data and the user selected request to the service. - The Service API is also responsible to handle - the server's response to the request. -\item The central webserver logic handles HTTP requests sent to it by the - clients. It will dispatch requests to the corresponding handler. The - webserver's core logic also returns the response and the status code - of the operation to the client application. -\item Each REST endpoint of the Anastasis server is implemented by - a specific handler. The handler processes the requests, typically - by storing or looking up the requested - data with the database. When the request is finished, the handler will - send back the data or the status code to the webserver's core logic. -\end{enumerate} - - \subsection{Recovery and backup flow} The following is a very simplified description of the Anastasis protocol. It is only intended to illustrate how Anastasis basically works:\\ \begin{figure}[H] \centering \includegraphics[scale=0.35]{images/key_gen.eps} + \caption{Key generation} + \label{fig:key_generation} \end{figure} Before each backup or recovery process, two keys (K1 and K2) are derived from the user attributes.\\ \begin{figure}[H] \centering \includegraphics[scale=0.35]{images/step1.eps} + \caption{Split secret and encrypt} + \label{fig:step1} \end{figure} During a backup process, the core secret is first split into several parts. These parts are then each encrypted with the first key (K1). \\ \begin{figure}[H] \centering \includegraphics[scale=0.35]{images/step2.eps} + \caption{Add authentication data and encrypt} + \label{fig:step2} \end{figure} Authentication data is then added to the encrypted parts (e.g. mobile phone number for SMS authentication). The parts modified in this way are now encrypted again, but this time with the second key (K2). \\ \begin{figure}[H] \centering \includegraphics[scale=0.35]{images/step3.eps} + \caption{Distribute parts to the providers} + \label{fig:step3} \end{figure} In the last step of the backup procedure the prepared parts are distributed to the various provider servers.\\ \begin{figure}[H] \centering \includegraphics[scale=0.35]{images/step1_recovery.eps} + \caption{Send Key and authenticate} + \label{fig:step1_rec} \end{figure} In a recovery process the user must authenticate himself with the corresponding providers using his stored authentication data. However, since these providers cannot yet access the data, the user must send them the second key (K2). This key enables them to read only the necessary data.\\ \begin{figure}[H] \centering \includegraphics[scale=0.35]{images/step2_recovery.eps} + \caption{Authenticate and receive parts} + \label{fig:step2_rec} \end{figure} If the user has authenticated himself correctly, he will receive the encrypted parts of the core secret from the respective providers. The user can decrypt these parts with the first key (K1).\\ \begin{figure}[H] \centering \includegraphics[scale=0.3]{images/step3_recovery.eps} + \caption{Reassemble parts recover secret} + \label{fig:step3_rec} \end{figure} In the last step the user reassembles the decrypted parts of the core secret.\\ @@ -192,6 +199,25 @@ Besides that we are currently developing a client with a graphical user interfac Another open point is the integration of the software into other applications (Taler, PEP). For a more detailed overview of the open work see the project plan below. +\section{Discussion of the technical implementation potential} +There are a few key recovery solutions on the market today. Some examples of existing key recovery solutions and their problems shall be introduced in the following. + +Coinbase is a global digital asset exchange company which provides a venue to buy and sell crypto currencies. Coinbase uses wallets secured with private keys. To recover this private key the user must provide a 12-word recovery phrase. Coinbase now offers a “solution” to securely deposit this recovery phrase onto the users Google Drive. The security here lies within the Google Account and the password used to encrypt the security phrase. The problem here is that this approach undermines [...] + +Vault12 is a service using Shamir Secret Sharing provided by the Vault-Tec Corporation. Shamir Secret Sharing is a so called „Social Recovery“ method. It allows to split all kind of data, (pictures, passphrases, cryptographic keys) into shares and distribute them to trusted entities, called „Guardians“ in Vault12. To recover the data a subset of the chosen Guardians is asked to release their share. The released shares are used to reconstruct the data again. Vault12 is available for iOS, [...] + +MI-DATA is a Swiss platform for e-health data. They also use Shamir secret splitting to distribute recovery information among a fixed set of staff members. However, during key recovery their system administrator can have full access to the private health data, voiding all the safety assurances key-splitting is supposed to achieve. + +Connect.me is a closed source digital identity wallet. The recovery of the used key and the wallet works similar to Coinbase: An encrypted backup of the user data is stored on the cloud, which can be downloaded and decrypted using a recovery phrase. The software offers no solution how the user keeps this phrase. The user is therefore responsible for storing it correctly. + +uPort is an opensource digital identity wallet based on Etherium. uPort also works with the 12-word-recovery phrase and also doesn’t offer a solution for the user to securely store the phrase. + +As we can see the most solutions either work with shamir secret splitting or with a passphrase. The Method with the passphrase is too unreliable, the user +has to remember his secret or his key is lost, resulting in a single point of failure. +The other solutions are based on Shamir secret splitting. The main problem of shamir secret splitting is that it is not flexible. With Shamir secret splitting, the user can only define a threshold at which point the authentication is successful. With Anastasis the user can define which combinations of providers can successfully recover the secret. As an example we have the Providers A, B, C and D. The user knows the provider A and fully trusts him. This means the user can now set up comb [...] + +Anastasis offers a generic API for the clients. This means Anastasis can be used for many different use cases. The main use cases for Anastasis are applications which need a private key to operate. For example: Encrypted email communication like PGP or PEP, Digital currencies and payment solutions like Bitcoin and Ethereum. Other use cases which need a passphrase are also a good use case for Anastasis. For example: Password managers where you must remember your master password or Hard dr [...] + \section{Project plan} A key challenge for Anastasis is that we need to offer a diverse set of authentication methods, as required from @@ -210,60 +236,10 @@ Key milestones are the various integrations of the different authentication meth cryptographic consumer products, and the deployment of our application. Additionally, we would always look out for new customers and clients who could benefit from Anastasis. -\begin{figure}[H] - \centering - \includegraphics[scale=0.34]{plan.png} -\end{figure} - \section{Business model} We are currently in the process of building a start-up for the Anastasis application. This business model shows an overview how we -want to build our start-up and how we want to continue our work on the -project. - -\subsection{Market review and innovation potential} - -There are already some key recovery or key splitting solutions on the -market. For example, there is a solution from Coinbase. Coinbase is a -global digital asset exchange company, providing a venue to buy and -sell digital currencies. Coinbase also uses wallets secured with -private keys. To recover this private key the user has to provide a 12 -words recovery phrase. Coinbase now offers a solution to securely -deposit this recovery phrase onto the users Google Drive. The security -here lies within the Google Account and the password used to encrypt -the security phrase~\cite{coinbase}. The problem here is that this approach undermines -confidentiality. It exchanges a hard to guess password with a shorter -and easier to guess password. The difficulty is to simultaneously -assure availability and confidentiality, instead of trading one for -the other. By allowing citizens to simultaneously achieve -confidentiality and availability we improve their ability to exercise -their right to informational self-determination. - -Today information losses from security incidents are rampant, either -because data is exposed (loss of confidentiality) or because users -lose their data because of lacking backups (loss of availability). As -seen in the study of the Global Data Protection Index -2018~\cite{global_data_index}, 76\% of those interviewed had an -availability incident. 1TB of data loss or 20 hours of downtime -reportedly costs half a million dollars. On the other hand, loss of -confidential private data can result in fines under data protection -regulation, as well as a difficult to quantify loss of reputation. -Prominent cases in which sometimes enormous amounts of money have been -gone useless by losing the key to the digital wallet clarify the -urgent need of a key recovery system like Anastasis. For example the -case QuadrigaCX exchange was heavily discussed in the media when the -chief executive, Gerald Cotton, unexpectedly died and left £145 -million in a “cold wallet”.~\cite{millions_lost} - -In some cases there is a workaround to recover a lost key, provided -there is a security hole in the digital wallet software that can be -exploited, but it is far from user friendly and also questions the -confidentiality of data in such a system. In his article “’I Forgot My -PIN’: An Epic Tale of Losing \$30,000 in Bitcoin” \cite{forgot_my_pin}
-Mark Frauenfelder, a former editor at WIRED and the director of
-research at the Institute of the Future’s Blockchain Futures Lab,
-writes about his experiences in losing and trying to recover his
-wallet key.
+operate Anastasis within our start-up.

@@ -282,7 +258,7 @@ AWS, Azure, Google.
In addition to these industry partners, we also count on the continued
support by the BFH for hosting and mentoring. Prof. Dubius has already
agreed to serve on our advisory board, and Prof. Grothoff would be
-happy to serve as non-executive chairman for the company.
+happy to continue his support in the development process.

\subsubsection{Key activities}

@@ -308,9 +284,7 @@ application.
Additionally, the start-up needs a person who is responsible for the
business of Anastasis. This employee would be responsible to find new
business partners and present our application to investors. This
-employee might initially work only part-time. To be able to properly
-launch the start-up, we are hoping to find a combination of investors
-and grants.
+employee might initially work only part-time.

\subsubsection{Value propositions}

@@ -369,7 +343,6 @@ operations. For example a user might pay 0.10 CHF per month
for the
subscription and 0.01 CHF for each encrypted truth
authentication methods like video identification.
-
\newpage

--
gnunet@gnunet.org.