preisacm
/
masterthesis-ecdaa-network-wrapper
1
0
Fork 0
Code Issues Releases Wiki Activity
Network wrapper protocol as part of the practical master thesis
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 Commits
1 Branch
0 Tags
422 KiB
 
 
Tree: 5866669066
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5866669066'
${ noResults }
Michael Preisach 5866669066
added basic lib test and fixed bugs 		5 years ago
.idea network protocol skeleton of issuer and member finished, missing verifier 6 years ago
.gitignore verify message with bsn working 5 years ago
CMakeLists.txt added basic lib test and fixed bugs 5 years ago
README.md Fixed variable name for TPM support 5 years ago
client.c issuer and member can exchange keys, verifier ist not yet tested. 6 years ago
client.h network protocol skeleton of issuer and member finished, missing verifier 6 years ago
common.c added basic lib test and fixed bugs 5 years ago
common.h added basic lib test and fixed bugs 5 years ago
daa-test.c added basic lib test and fixed bugs 5 years ago
daa-test.h added basic lib test and fixed bugs 5 years ago
ecdaa_issuer Message transmission works with bsn but not without 5 years ago
ecdaa_member Message transmission works with bsn but not without 5 years ago
ecdaa_verifier Message transmission works with bsn but not without 5 years ago
issuer.c added basic lib test and fixed bugs 5 years ago
issuer.h updated member, testing of new functions needed 5 years ago
member-tpm.c verify message with bsn working 5 years ago
member-tpm.h verifier works, tpm needs to be used for member 6 years ago
member.c Message transmission works with bsn but not without 5 years ago
member.h verify message with bsn working 5 years ago
server.c network protocol skeleton of issuer and member finished, missing verifier 6 years ago
server.h network protocol skeleton of issuer and member finished, missing verifier 6 years ago
tags updated member, testing of new functions needed 5 years ago
verifier.c added basic lib test and fixed bugs 5 years ago
verifier.h removed tpm dependencies from verifier 5 years ago

README.md

ECDAA

This project is a wrapper for the xaptum ecdaa protocol which introduces network functionality to it.

Prerequisities

Tested system: Ubuntu 20.04 LTS

Only the ECDAA member can have TPM-backed cryptography. There exist however a member instance where all crypto is done without using a TPM

The following guideline is adapred from the Xaptum ECDAA project page at https://github.com/xaptum/ecdaa/blob/master/doc/BUILDING.md

Building prerequisities from source

# Install required packages for the following build from source
apt install gcc cmake build-essential doxygen doxygen-latex parallel
git clone https://github.com/xaptum/ecdaa.git #tested with commit d9b1ef7

# Create subdirectory for build
mkdir -p ecdaa/build && cd ecdaa/build

# Build Dependencing from source
export CMAKE_PREFIX_PATH=/usr
../.travis/install-amcl.sh ./amcl /usr FP256BN

Installing TPM support for TPM-backed member

There is a tpm2-tss version required (2.3.3) which is not available in Ubuntu 20.04 (has 2.3.2). From Ubuntu 20.10 and later, installing libtss2-dev should work.

For Ubuntu 20.04, this should be built from source:

# Install further required packages for building this lib
apt install autoconf autoconf-archive libcmocka0 libcmocka-dev procps iproute2 \
    pkg-config libtool libssl-dev uthash-dev libjson-c-dev libini-config-dev
# Build the tpm2-tss lib from source
../.travis/install-tpm2-tss.sh ./tpm2-tss /usr

Installing xaptum/ecdaa

When the TPM should be available for use on this host, set ECDAA_TPM_SUPPORT accordingly

# Build the project from source with TPM support
cmake .. -DCMAKE_BUILD_TYPE=Release -DECDAA_CURVES=FP256BN -DCMAKE_INSTALL_PREFIX=/usr -DECDAA_TPM_SUPPORT=ON
cmake --build . --target install

Installing

  1. Create the CMake files
cmake .
  1. Compile the preferred targets
  • ecdaa_issuer
  • ecdaa_member (without TPM support)
  • ecdaa_verifier
  • ecdaa_member_tpm (with TPM support)
  • all (all of the above)
cmake --build . --target ecdaa_issuer -- -j 2

Usage

At this point this project just demonstrates the functionality of ECDAA over the network interface. All session data about memberships are only held in RAM and never persisted. Restarting the Issuer introduces a fresh ECDAA group.

Setting IP addresses in common.h

The IP addresses are defined statically in common.h. There is no assumed service discovery.

Protocol

For full function of the protocol, all three parties need to be active.

  1. The issuer setups its group
  2. A member candidate contact the issuer to become member of his group
  3. If the issuer accepts the request, he generates a personalized private key in cooperation with the member. This key may be saved in the TPM.
  4. The member can now sign messages in the name of the issuer's group.
  5. Given a message signed by a member, the verifier can proof the signature with only the provided issuer's public key. The issuer can not detect which member was the signer of this message

A detailed theoretical description can be found at Camenisch et al., 2016. Xaptum decided to slightly differ from the protocol specified in the paper: https://github.com/xaptum/ecdaa/blob/master/doc/IMPLEMENTATION.md