updated thesis template to RevC1

resources/networkview3.fig

@@ -0,0 +1,406 @@
+#FIG 3.2  Produced by xfig version 3.2.7
+Landscape
+Center
+Metric
+A4
+100.00
+Single
+-2
+1200 2
+0 32 #8e8e8e
+0 33 #414541
+0 34 #c0c0c0
+0 35 #808080
+0 36 #e0e0e0
+0 37 #9e9e9e
+0 38 #868286
+0 39 #717571
+0 40 #e7e3e7
+0 41 #aaaaaa
+0 42 #aeaaae
+0 43 #555555
+0 44 #444444
+0 45 #c7c3c7
+0 46 #c7c7c7
+0 47 #757575
+0 48 #f3f3f3
+0 49 #c6b797
+0 50 #eff8ff
+0 51 #dccba6
+0 52 #404040
+0 53 #8e8f8e
+0 54 #565151
+0 55 #d7d7d7
+0 56 #85807d
+0 57 #d2d2d2
+0 58 #3a3a3a
+0 59 #4573aa
+0 60 #aeaeae
+0 61 #7b79a5
+0 62 #73758c
+0 63 #f7f7f7
+0 64 #635dce
+0 65 #bebebe
+0 66 #515151
+0 67 #000049
+0 68 #797979
+0 69 #303430
+0 70 #414141
+0 71 #c7b696
+0 72 #dd9d93
+0 73 #f1ece0
+0 74 #c3c3c3
+0 75 #e2c8a8
+0 76 #e1e1e1
+0 77 #ededed
+0 78 #da7a1a
+0 79 #f1e41a
+0 80 #887dc2
+0 81 #b0a193
+0 82 #837cdd
+0 83 #d6d6d6
+0 84 #8c8ca5
+0 85 #4a4a4a
+0 86 #8c6b6b
+0 87 #5a5a5a
+0 88 #636363
+0 89 #b79b73
+0 90 #4193ff
+0 91 #bf703b
+0 92 #db7700
+0 93 #dab800
+0 94 #006400
+0 95 #5a6b3b
+0 96 #d3d3d3
+0 97 #8e8ea4
+0 98 #f3b95d
+0 99 #89996b
+0 100 #646464
+0 101 #b7e6ff
+0 102 #86c0ec
+0 103 #bdbdbd
+0 104 #d39552
+0 105 #98d2fe
+0 106 #616161
+0 107 #aeb2ae
+0 108 #717171
+0 109 #ff9a00
+0 110 #8c9c6b
+0 111 #f76b00
+0 112 #5a6b39
+0 113 #8c9c6b
+0 114 #8c9c7b
+0 115 #184a18
+0 116 #adadad
+0 117 #f7bd5a
+0 118 #636b9c
+0 119 #de0000
+0 120 #adadad
+0 121 #f7bd5a
+0 122 #adadad
+0 123 #f7bd5a
+0 124 #636b9c
+0 125 #526b29
+0 126 #949494
+0 127 #006300
+0 128 #00634a
+0 129 #7b844a
+0 130 #e7bd7b
+0 131 #a5b5c6
+0 132 #6b6b94
+0 133 #846b6b
+0 134 #529c4a
+0 135 #d6e7e7
+0 136 #526363
+0 137 #186b4a
+0 138 #9ca5b5
+0 139 #ff9400
+0 140 #ff9400
+0 141 #00634a
+0 142 #7b844a
+0 143 #63737b
+0 144 #e7bd7b
+0 145 #184a18
+0 146 #f7bd5a
+0 147 #000000
+0 148 #f73829
+0 149 #000000
+0 150 #ffff52
+0 151 #52794a
+0 152 #639a5a
+0 153 #c66142
+0 154 #e76942
+0 155 #ff7952
+0 156 #dedede
+0 157 #f3eed3
+0 158 #f5ae5d
+0 159 #95ce99
+0 160 #b5157d
+0 161 #eeeeee
+0 162 #848484
+0 163 #7b7b7b
+0 164 #005a00
+0 165 #e77373
+0 166 #ffcb31
+0 167 #29794a
+0 168 #de2821
+0 169 #2159c6
+0 170 #f8f8f8
+0 171 #e6e6e6
+0 172 #21845a
+0 173 #9c0000
+0 174 #8c8c8c
+0 175 #424242
+0 176 #8c8c8c
+0 177 #424242
+0 178 #8c8c8c
+0 179 #424242
+0 180 #8c8c8c
+0 181 #424242
+0 182 #8c8c8c
+0 183 #424242
+0 184 #8c8c8c
+0 185 #424242
+0 186 #c2c2c2
+0 187 #6e6e6e
+0 188 #333333
+0 189 #949395
+0 190 #747075
+0 191 #b3b3b3
+0 192 #6d6d6d
+0 193 #454545
+# Desktop tower
+# Drawn by Dirko van Schalkwyk
+6 8640 5085 9900 6840
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 9228 5849 20 17 9228 5849 9248 5867
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 9224 5947 37 31 9224 5947 9261 5979
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 9007 6139 12 11 9007 6139 9009 6149
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 9004 6197 12 11 9004 6197 9007 6208
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8955 6629 8955 6715 9049 6719 9047 6629 8951 6625
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8726 5267 8726 5422 9319 5441 9315 5282 8726 5267
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 8726 5423 8728 5578 9322 5606 9319 5441
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 8731 5583 8731 5734 9326 5764 9322 5609
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8736 5770 8736 5863 9132 5887 9133 5787 8734 5768
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 8738 5863 8736 5961 9130 5988 9132 5885
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 9
+	 8655 5246 8663 6203 8665 6704 8665 6736 8675 6740 8691 6740
+	 8717 6740 8731 6740 8733 6027
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 14
+	 8733 6743 8733 6749 8733 6758 8867 6782 9029 6801 9186 6815
+	 9259 6821 9335 6823 9329 6803 9327 6782 9324 6758 9317 6450
+	 9319 6188 9329 5820
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 5
+	 9332 6826 9340 6820 9351 6815 9355 6809 9337 5965
+	 0.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 12
+	 9358 6813 9405 6815 9441 6813 9457 6813 9439 5723 9431 5291
+	 9429 5269 9421 5263 9410 5259 9037 5255 8757 5247 8655 5243
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 17
+	 9452 6813 9455 6813 9468 6803 9486 6790 9492 6782 9486 6700
+	 9475 6156 9468 5653 9460 5288 9460 5272 9455 5257 9452 5250
+	 9441 5247 8775 5227 8744 5224 8697 5222 8693 5224
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 15
+	 8649 5240 8820 5193 9110 5122 9231 5094 9701 5098 9858 5103
+	 9876 5101 9881 5111 9884 5125 9888 5180 9899 6361 9899 6400
+	 9879 6421 9677 6614 9492 6787
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 2
+	 9465 5297 9886 5144
+	 0.000 0.000
+-6
+6 8685 6930 9945 7380
+4 1 0 50 -1 3 12 0.0000 0 150 1185 9315 7110 DAA Member\001
+4 1 0 50 -1 3 12 0.0000 0 195 375 9315 7335 (BS)\001
+-6
+6 8775 4185 9450 4815
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8775 4185 9450 4185 9450 4815 8775 4815 8775 4185
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	1 1 1.00 60.00 120.00
+	 9045 4590 9315 4590
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	1 1 1.00 60.00 120.00
+	 9045 4320 9315 4320
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 1 2
+	1 1 1.00 60.00 120.00
+	 8910 4410 9180 4410
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 1 2
+	1 1 1.00 60.00 120.00
+	 8910 4680 9180 4680
+-6
+6 8595 3645 9585 4095
+4 1 0 50 -1 3 12 0.0000 0 195 975 9090 3825 unmanaged\001
+4 1 0 50 -1 3 12 0.0000 0 150 555 9090 4080 switch\001
+-6
+6 10350 5580 11520 6075
+6 10755 5580 11340 5850
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 10755 5580 11160 5580 11160 5850 10755 5850 10755 5580
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 11160 5670 11340 5625 11340 5805 11160 5760
+-6
+4 1 0 50 -1 3 12 0.0000 0 150 1140 10935 6075 USB Webcam\001
+-6
+6 11700 5535 12600 7290
+6 11700 5535 12600 7020
+1 4 0 1 0 7 100 0 -1 4.000 1 0.0000 12150 5716 176 176 12015 5604 12285 5829
+2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 3
+	 11700 7020 12150 6570 12600 7020
+2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 16
+	 12150 6570 12150 6525 12150 6480 12150 6435 12150 6390 12150 6345
+	 12150 6300 12150 6255 12150 6210 12150 6165 12150 6120 12150 6075
+	 12150 6030 12150 5985 12150 5940 12150 5895
+2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 2
+	 11700 6120 12600 6120
+-6
+4 1 0 50 -1 2 12 0.0000 0 150 420 12150 7290 User\001
+-6
+6 6480 2475 7830 5040
+6 6480 2475 7740 4815
+# Desktop tower
+# Drawn by Dirko van Schalkwyk
+6 6480 3060 7740 4815
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 7068 3824 20 17 7068 3824 7088 3842
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 7064 3922 37 31 7064 3922 7101 3954
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 6847 4114 12 11 6847 4114 6849 4124
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 6844 4172 12 11 6844 4172 6847 4183
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6795 4604 6795 4690 6889 4694 6887 4604 6791 4600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6566 3242 6566 3397 7159 3416 7155 3257 6566 3242
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 6566 3398 6568 3553 7162 3581 7159 3416
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 6571 3558 6571 3709 7166 3739 7162 3584
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6576 3745 6576 3838 6972 3862 6973 3762 6574 3743
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 6578 3838 6576 3936 6970 3963 6972 3860
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 9
+	 6495 3221 6503 4178 6505 4679 6505 4711 6515 4715 6531 4715
+	 6557 4715 6571 4715 6573 4002
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 14
+	 6573 4718 6573 4724 6573 4733 6707 4757 6869 4776 7026 4790
+	 7099 4796 7175 4798 7169 4778 7167 4757 7164 4733 7157 4425
+	 7159 4163 7169 3795
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 5
+	 7172 4801 7180 4795 7191 4790 7195 4784 7177 3940
+	 0.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 12
+	 7198 4788 7245 4790 7281 4788 7297 4788 7279 3698 7271 3266
+	 7269 3244 7261 3238 7250 3234 6877 3230 6597 3222 6495 3218
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 17
+	 7292 4788 7295 4788 7308 4778 7326 4765 7332 4757 7326 4675
+	 7315 4131 7308 3628 7300 3263 7300 3247 7295 3232 7292 3225
+	 7281 3222 6615 3202 6584 3199 6537 3197 6533 3199
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 15
+	 6489 3215 6660 3168 6950 3097 7071 3069 7541 3073 7698 3078
+	 7716 3076 7721 3086 7724 3100 7728 3155 7739 4336 7739 4375
+	 7719 4396 7517 4589 7332 4762
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 2
+	 7305 3272 7726 3119
+	 0.000 0.000
+-6
+4 1 0 50 -1 3 12 0.0000 0 195 1155 7155 2655 DAA Verifier\001
+4 1 0 50 -1 3 12 0.0000 0 195 495 7155 2895 (PIA)\001
+-6
+4 0 0 50 -1 4 12 0.0000 0 165 1335 6480 5040 192.168.10.10\001
+-6
+6 10530 2700 11880 5040
+6 10620 2700 11880 4815
+# Desktop tower
+# Drawn by Dirko van Schalkwyk
+6 10620 3060 11880 4815
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 11208 3824 20 17 11208 3824 11228 3842
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 11204 3922 37 31 11204 3922 11241 3954
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 10987 4114 12 11 10987 4114 10989 4124
+1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 10984 4172 12 11 10984 4172 10987 4183
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 10935 4604 10935 4690 11029 4694 11027 4604 10931 4600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 10706 3242 10706 3397 11299 3416 11295 3257 10706 3242
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 10706 3398 10708 3553 11302 3581 11299 3416
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 10711 3558 10711 3709 11306 3739 11302 3584
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 10716 3745 10716 3838 11112 3862 11113 3762 10714 3743
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 10718 3838 10716 3936 11110 3963 11112 3860
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 9
+	 10635 3221 10643 4178 10645 4679 10645 4711 10655 4715 10671 4715
+	 10697 4715 10711 4715 10713 4002
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 14
+	 10713 4718 10713 4724 10713 4733 10847 4757 11009 4776 11166 4790
+	 11239 4796 11315 4798 11309 4778 11307 4757 11304 4733 11297 4425
+	 11299 4163 11309 3795
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 5
+	 11312 4801 11320 4795 11331 4790 11335 4784 11317 3940
+	 0.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 12
+	 11338 4788 11385 4790 11421 4788 11437 4788 11419 3698 11411 3266
+	 11409 3244 11401 3238 11390 3234 11017 3230 10737 3222 10635 3218
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 17
+	 11432 4788 11435 4788 11448 4778 11466 4765 11472 4757 11466 4675
+	 11455 4131 11448 3628 11440 3263 11440 3247 11435 3232 11432 3225
+	 11421 3222 10755 3202 10724 3199 10677 3197 10673 3199
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 15
+	 10629 3215 10800 3168 11090 3097 11211 3069 11681 3073 11838 3078
+	 11856 3076 11861 3086 11864 3100 11868 3155 11879 4336 11879 4375
+	 11859 4396 11657 4589 11472 4762
+	 0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
+	 1.000 1.000 1.000 1.000 1.000 1.000 0.000
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 2
+	 11445 3272 11866 3119
+	 0.000 0.000
+-6
+4 1 0 50 -1 3 12 0.0000 0 150 1005 11340 2880 DAA Issuer\001
+-6
+4 2 0 50 -1 4 12 0.0000 0 165 1335 11880 5040 192.168.10.11\001
+-6
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 9900 5445 10125 5445 10125 4680 9450 4680
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 8775 4320 7740 4320
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 9450 4320 10620 4320
+3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 6
+	 9900 5580 10125 5580 10170 5895 10440 5850 10620 5715 10755 5715
+	 0.000 1.000 1.000 1.000 1.000 0.000
+4 2 0 50 -1 4 12 0.0000 0 165 1335 8550 6615 192.168.10.12\001

thesis/01_introduction.tex

@@ -1,10 +1,10 @@
 \chapter{Introduction}
 We all live in a world full of digital systems.
 They appear as PCs, notebooks, cellular phones or embedded devices.
-Especially the footprint of embedded computers became so small that they can be used in almost all elctrical devices.
+Especially the footprint of embedded computers became so small that they can be used in almost all electrical devices.
-This product category form the so called \emph{smart} devices.
+These embedded systems form the so called \emph{smart} devices.
 
-With all these new devices a lot of societal problems could be solved in the past few decades.
+With all these new devices, a lot of societal problems could be solved in the past few decades.
 Many of them automate services to the public like managing the bank account, public transportation or health services.
 The list of digital service is endless and will still grow in the next decades.
 
@@ -16,38 +16,106 @@ What kind of device is that?
 Is the software of the device up to date? 
 Was this device here in the past?
 What else did the owner on the device?
-This list of questions can be continued arbitrarily.
+This set of questions is not complete.
-Reselling the metadata brings the product manufacturer more margin on the product and hence more profit.
+
-Consequently the market for metadata is growing with the Internet itself.
+Aggregating metadata is not required to fulfill the function of the requested service.
-The result is a loss of trust in all kind of connected devices and software.
+However, reselling the metadata brings the provider more margin on the product and hence more profit.
-A User cannot know what is happening on a device she is using.
+Consequently, the market for metadata is growing and yet only partly regulated.
-
+This is a downside of the service which may prevent users from actually using it.
-The Institute for Networks and Security therefore introduced the project DigiDow.
+So the providers are hiding the aggregation functions in a proprietary layer.
-It introduces a digital authentication system, which minimizes the generation of metadata and hence preserves privacy for all users of the system.
+Either the software on a client device or the counterpart on the server side is using such a layer.
+The result is a piece of software which is provided as binary and the user cannot prove what this software is exactly doing besides the visible front end features.
+
+There are of course other purposes for delivering software in a closed source manner.
+Firmware of hardware vendors is usually not disclosed and provide an API where an \emph{Operating System} (OS) can connect to.
+Some companies deliver complete devices with internet connection.
+In this case a user has no chance to detect what the device is doing in this very moment.
+
+Especially when providing confidential data like passwords or biometric data, a certain level of trust is required.
+This means that the user assumes that the provided sensible data is handled properly for only the designated usage.
+One may argue that a password can easily be changed when revealed to the public.
+Unfortunately, this does not apply to a fingerprint since a human usually has only ten of them during lifetime.
+
+\section{Trust}
+When using a system with an authentication method, trust plays a key role.
+For black box systems this trust is cast to the vendor of the system or device.
+There is however no mathematical proof that the device is indeed executing the software as intended from the vendor.
+This thesis will therefore use the term \emph{trust} as a cryptographic chain of proofs, that a system is behaving in an intended way, a so called \emph{Chain of Trust}.
+By providing a Chain of Trust, a user can ask the vendor for a certification of its devices and consequently comprehend the state of the system at hand.
 
 \section{Project DigiDow}
-The Project \emph{Digital Shadow} is under ongoing development at the Institute of Networks and Security and creates a scalable system for authentication.
+The Institute for Networks and Security is heavily using the cryptographic form of trust in the project \emph{Digital Shadow} (DigiDow).
-Key feature is privacy by design and a provable system to create trust to the end user.
+DigiDow introduces an electronic authentication system, which aims minimize generation of metadata on the system level and hence preserves privacy for their users.
+It furthermore should be scalable for nationwide or even worldwide applications and provide provable trust and integrity to the user.
+
+\begin{figure}
+	\centering
+	\includegraphics[width=0.9\textwidth]{../resources/globalview}
+	\caption{Overview of the DigiDow authentication process}
+	\label{fig:globalview}
+\end{figure}
+
+The picture in \autoref{fig:globalview} provide an overview of the authentication process within DigiDow.
+At the time of this writing, the exact order and definition of every step is not yet finished and may change during the progress of the whole project.
+DigiDow introduces three main parties which are involved in a common authentication process.
+\begin{description}
+	\item[\emph{Personal Identity Agent} (PIA):] The PIA is the digital shadow of an individual who wants to be authenticated. 
+		This individual is also the owner of the PIA and should be able to manage sensible data and software on it.
+	\item[\emph{Verifier} (V):] This is the party that verifies the whole authentication process and may finally trigger the desired action if all went well.
+	\item[\emph{Biometric Sensor} (BS):] For Authentication, an individual has to be uniquely identified. 
+		The BS records therefore biometric data from the individual and passes it into the DidiDow network.
+\end{description}
+For scalability, we assume that there are large numbers of all parties.
+The illustration also shows a draft of how which steps need to be performed between above mentioned parties during an authentivation process.
+\begin{enumerate}
+	\item[(1)] All relevant parties need to find each other via the DigiDow network. When this step is finished, it is assumed that for every step the individual hosts for communication are identifiable and ready for the authentication process.
+	\item[(2)(3)] Eventually an individual wants to authenticate itself and the BS records the biometric data. 
+		With this data and a corresponding unique ID, the BS knows which PIA to contact.
+	\item [(4)(5)(6)] The BS contacts the PIA and sends the recorded data set as well as a cryptographic signature to proof that the sensor is valid and this is an honest authentication attempt.
+	\item [(7)] The PIA proofs authenticity of the received signature and compares the data with its own saved biometric data sets.
+		Assuming all is correct, the PIA certifies that the person standing in front of the BS is indeed the owner of the PIA.
+		The verifier checks the certification and finally triggers the desired action for the asking individual.
+\end{enumerate}
 
-At this early stage the interfaces and interaction points are not fully defined.
+The above illustration is an early draft of the whole setup and is under constant development. 
+A more recent version of the whole system can be found at the DigiDow Project Page\footnote{\url{https://digidow.eu}}. 
+This thesis will contribute a prototype setup the Biometric Sensor and discuss how to create trust into this system.
 
-This is a brief description of the process of authentication:
+\section{Our Contribution: Deriving Trust from the Biometric Sensor}
-%TODO paste image here and describe it
+The DigiDow network is designed to preserve privacy and build trust for any user.
+A key feature is to show the user that all involved parts of the system are working as intended.
+So we design a prototype based on the common x86 architecture and use the cryptographic features of the \emph{Trusted Platform Module} (TPM).
+A TPM is a passive crypto coprocessor available on many modern PC platforms which has an independent storage for crypto variables and provides functions to support above mentioned features.
 
-\section{Biometric Sensor use case in DigiDow}
+We define a solution for installing and booting a Linux Kernel with integrity measurements in place.
-derive the use case of the Biometric sensor out of the above model.
+Finally we use an attached camera as sensor to create the data set to continue with the authentication process.
-%TODO description of BS in DigiDow
+This data set will be forwarded to the PIA with the integrity measurements of the system and a signature from the TPM.
+
+The thesis focuses on a working setup as basis for future research.
+Since the DigiDow protocols are not yet finalized some assumptions are defined for this work and the prototype implementation:
+\begin{itemize}
+	\item Any betwork discovery (Step 1 in \autoref{fig:globalview}) is omitted. BS and PIA are assumed to be reachable directly via TCP/IP
+	\item We look into a protocol which proofs trustworthiness from BS to PIA.
+		Any further proofs necessary for the Verifier are also not focused in this thesis. 
+	\item The sensible data sets will be transmitted in cleartext between BS and PIA. 
+		It is considered easy to provide an additional layer of encryption for transportation.
+		However this should be considered in the DigiDow network protocol design. 
+		This thesis focuses only on the trust part between BS and PIA.
+	\item Any built system is considered secure on a hardware level.
+		Any threats which are attacking the system without changing any running software on the system may be not detected. This includes USB wire tapping or debug interfaces within the system revealing sensible information.
+\end{itemize}
+%TODO edit pointer
 
 \section{Goals and Definitions}
 You should be able to attach a variety of sensors to the system. 
 The system should then fulfill the following requirements
 \begin{itemize}
-	\item \emph{Sensor Monitoring.} The System should be able to monitor the sensor itself.
+	\item \emph{Sensor Monitoring.} The system should be able to monitor the hardware sensor (fingerprint sensor, camera, etc.) itself.
 	\item \emph{System Monitoring.} It should be possible to track the state of the system. Especially every modification of the system should be detected.
 	\item \emph{Freshness of Sensor Data.} To prevent replay attacks, the system should proof that the provided biometric data is captured live.
 	\item \emph{Integrity of Sensor Data.} As it is possible for an adversary to modify the provided data during the capturing process, integrity should guarantee that the data originates from the BS.
 	\item \emph{Confidentiality of Sensor Data.} It should not be possible to eavesdrop any sensitive data out of the system. 
-	Furthermore almost all kinds of metadata (e.\,g. information about the system or network information) should not be published
+		Furthermore almost all kinds of metadata (e.\,g. information about the system or network information) should not be published
 	\item \emph{Anonymity.} Given a message from a BS, an adversary should not be able to detect which BS created it
 	\item \emph{Unforgeability.} Only honest BS should be able to be part of the DigiDow network. Corrupt systems should not be able to send valid messages.
 \end{itemize}
@@ -76,14 +144,15 @@ Scope of this thesis is on implementing the system from from hardware to applica
 Is is not supposed to think about the network communication.
 
 \section{Description of structure}
-\begin{enumerate}
+In Chapter~\autoref{cha:relatedwork} we will outline a variety of projects which do not contribute to this thesis.
-	\item What exists out there?
+There is, however, scientific work that contribute to our project as described in \autoref{cha:concept}.
-	\item What is the theoretical solution
+Together with that, we will introduce our theoretical solution for the previously stated problems.
-	\item What about the implementations used - what is the limitation of the used tools?
+This includes an overview of the cryptographic system and the used standards.
-	\item How far are we? what has to be considered next?
+Chapter~\ref{cha:implementation} introduces then a working implementation with all necessary parts for correct function.
-\end{enumerate}
+Finally we will present the results and limitations in \autoref{cha:conclusion} and give an overview of future work.
 
-\chapter{Related Work}
+
+\chapter{Related Work}\label{cha:relatedwork}
 There exist already many interesting projects and implementations which touch the field of trusted computing.
 We will introduce some of these projects and discuss why these do not meet the purpose of this thesis.
 
@@ -96,7 +165,7 @@ Furthermore, the the system should be self contained as good as possible and it
 
 \begin{itemize}
 	\item What exists in the field?
-	\item Keylime - DONE
+	\item Keylime -- DONE
 	\item Xaptum ECDAA
 	\item FIDO 2 ECDAA
 	\item Strongswan Attestation
@@ -105,5 +174,4 @@ Furthermore, the the system should be self contained as good as possible and it
 	\item Intel TXT
 	\item Trusted Execution Environment (TEE)
 	\item nanovm (\url{nanovms.com})
-	
+\end{itemize}
-\end{itemize}

thesis/02_concept.tex

@@ -17,10 +17,57 @@ Record Sensor data, Network Discovery, send sensor data via trusted channel to P
 \end{enumerate}
 
 \section{Attack Vectors and Threat Model}
-\subsection{The Threat Model}
+The Biometric Sensor will work in an exposed environment.
+Neither the user providing biometric data nor the network environment should be trusted for proper function.
+There should only be a connection to the Digidow network for transmitting the recorded data.
+This assumption of autonomy provides independence to the probably diverse target environments and use cases.
+
+In addition to autonomy, the Biometric Sensor should also ensure proper handling of received and generated data.
+The recorded dataset from a sensor is \emph{sensitive data} due to its ability to identify an individual (Who?). 
+Due to its narrow definition, it is affordable to protect sensitive data.
+Besides that, \emph{metadata} is information generated during the whole transaction phase. 
+Timestamps and host information are metadata as well as connection lists, hash sums and log entries and much more (What? Where? When?)
+There exists no exact definition or list of metadata which makes it hard to prevent any exposure of it.
+Metadata does not directly identify an individual.
+However huge notwork providers are able to combine lots of metadata to traces of individuals.
+Eventually an action of those traced individuals might unveil their identity. 
+Consequently, a central goal of Digidow is to minimize the amount to minimize the risk of traces.
+
+Privacy defines the ability of individuals to keep information about themselves private from others.
+In context to the Biometric Sensor, this is related to the recorded biometric data.
+Furthermore, to prevent tracking. any interaction with a Sensor should not be matched to personal information.
+Only the intended and trusted way of identification within the Digidow network should be possible.
+
+\subsection{Threat Model}
 \label{ssec:threatmodel}
+
+To fulfill the Sensor's use case in an exposed environment, we need to consider the following attack vectors.
+\begin{itemize}
+	\item \emph{Rogue Hardware Components}: Modified components of the Biometric Sensor could, depending on their contribution to the system, collect data or create a gateway to the internal processes of the system. 
+	Although the produced hardware piece itself is fine, the firmware on it is acting in a malicious way.
+	This threat addresses the manufacturing and installation of the system.
+	\item \emph{Hardware Modification}: Similar to rogue hardware components, the system could be modified in the target environment by attaching additional hardware.
+	With this attack, adversaries may get direct access to memory or to data transferred from or to attached devices,
+	\item \emph{Metadata Extraction}: The actual sensor like camera or fingerprint sensor is usually attached via USB or similar cable connection. 
+	It is possible to log the protocol of those attached devices via Man in the Middle attack on the USB cable.
+	\item \emph{Attribute Extraction}: The actual sensor like camera or fingerprint sensor is usually attached via USB or similar cable connection. 
+	It is possible to log the protocol of those attached devices via wiretapping the USB cable. 
+	With that attack, an adversary is able to directly access the attributes to identify individuals.
+	\item \emph{Modification or aggregation of sensitive data within Biometric Sensor}: The program which prepares the sernsor data for transmission could modify the data before sealing it.
+	The program can also just save the sensible data for other purposes. 
+	\item \emph{Metadata extraction on Network}: During transmission of data from the sensor into the Digidow network, there will be some metadata generated.
+	An adversary could use this datasets to generate tracking logs and eventually match these logs to individuals.
+	\item \emph{Retransmission of sensor data of a rogue Biometric Sensor}: When retransmitting sensor data, the authentication of an individual could again be proven.
+	Any grants provided to this individual could then given to another person.
+	\item \emph{Rogue Biometric Sensor blocks transmission}: By blocking any transmission of sensor data, any transaction within the Digidow network could be blocked and therefore the whole authentication process is stopped.
+	\item \emph{Rogue Personal Identity Agent}: A rogue PIA might receive the sensor data instead of the honest one.
+	Due to this error, a wrong identity and therefore false claims would be made out of that.
+\end{itemize}
+
+Given this threat model and the use cases described in \autoref{sec:bs-usecase}, we will introduce an approach to minimize most of the attack vectors.
+
 \begin{itemize}
-	\item Definition of sensitive data / privacy / metadata
+	\item DONE Definition of sensitive data / privacy / metadata
 	\item This version of BS is not owned by the user, there is no personal data in the System
 	\item Rogue Personal Identity Agent (PIA)
 	\item Metadata Extraction
@@ -185,15 +232,15 @@ The most recent description of the registers, as defined in section 2.3.3 of the
 	%\rowcolors{2}{lightgray}{white}
 	\begin{tabular}{rl}
 		\toprule
-		\multicolumn{1}{c}{\textit{PCR}} & \multicolumn{1}{p{6cm}}{\textit{Explanation}}\\
+		\multicolumn{1}{c}{\textit{PCR}} & \multicolumn{1}{p{5.8cm}}{\textit{Explanation}}\\
 		\midrule
-		0 & SRTM, BIOS, Host Platform Extensions, Embedded Option ROMs and PI Drivers  \\
+		0 & SRTM, BIOS, host platform extensions, embedded option ROMs and PI drivers  \\
 		1 & Host platform configuration\\
 		2 & UEFI driver and application code  \\
 		3 & UEFI driver and application configuration and data \\
-		4 & UEFI Boot Manager Code and Boot Attempts  \\
+		4 & UEFI Boot Manager code and boot attempts  \\
-		5 & Boot Manager Code Configuration and Data and GPT\,/\,Partition Table\\
+		5 & Boot Manager code configuration and data and GPT\,/\,partition table\\
-		6 & Host Platform Manufacturer specific  \\
+		6 & Host platform manufacturer specific  \\
 		7 & Secure Boot Policy \\
 		8-15 & Defined for use by the static OS  \\
 		16 & Debug \\
@@ -403,7 +450,7 @@ $\mathcal{L}$ is the list of registered group members which is maintained by \is
 		\begin{itemize}
 			\item Retrieve group record $(gsk, (b,d))$ and message record $(m, \bsn, r)$.
 			\item Compute $b'\leftarrow b^r, d'\leftarrow d^r$.
-			\item If $\bsn = \bot$ set $\nym \leftarrow\bot$ and compute $\pi \sassign SPK\{(gsk):d'=b'^{gsk}\}(m, \bsn)$
+			\item If $\bsn = \bot$ set $\nym\leftarrow\bot$ and compute \\$\pi \sassign SPK\{(gsk):d'=b'^{gsk}\}(m, \bsn)$
 			\item If $\bsn \neq \bot$ set $\nym\leftarrow H_1(\bsn)^{gsk}$ and compute $\pi \sassign SPK\{(gsk):\nym=H_1(\bsn)^{gsk}\wedge d'=b'^{gsk}\}(m, \bsn)$.
 			\item Send $(\pi,\nym)$ to \host[j].
 		\end{itemize}
@@ -436,4 +483,4 @@ $\mathcal{L}$ is the list of registered group members which is maintained by \is
 	\end{enumerate}
 \end{itemize}
 
-%TODO: Discussion: sid removed, RL only works with private keys, etc.
+%TODO: Discussion: sid removed, RL only works with private keys, etc.

thesis/03_implementation.tex

@@ -1,20 +1,145 @@
 \chapter{Implementation}
+\label{cha:implementation}
+The concept decscribed in \autoref{cha:concept} will be implemented as a prototype.
+Although the goal is to put all these features on a highly integrated system, we decided to start with widely available hardware based on Intel's x86 architecture.
+
+\begin{figure}[ht]
+	\centering
+	\includegraphics[width=0.6\textwidth]{../resources/networkview3}
+	\caption[Prototype schematic]{Prototype setup to show DAA features and the Dataflow from BS to PIA}
+	\label{fig:prototype}
+\end{figure}
+\autoref{fig:prototype} shows the setup on a connection level.
+To show the features of DAA, it is necessary to have three independent systems which are connected via a TCP/IP network.
+Every host is connected via Ethernet to the other systems.
+To keep the setup minimal, the IP addresses are static and Internet is only required during installation.
+
+\section{Hardware Setup}
+
+\begin{table}[ht]
+	\renewcommand{\arraystretch}{1.2}
+	\centering
+	\caption{Systems used for demonstration prototype} \label{tab:systems}
+	%\rowcolors{2}{lightgray}{white}
+	\begin{tabular}{rp{3.7cm}p{3.7cm}p{3.7cm}}
+		\toprule
+		&\textit{System 1}&\textit{System 2}&\textit{System 3} \\
+		\midrule
+		\textbf{Processor}	&AMD Athlon 240GE &Intel Pentium G4560T &Intel Pentium G4560T\\
+		\textbf{Mainboard}	&Gigabyte B450I Aorus Pro Wifi	&Gigybyte GA H110N	&Gigabyte GA H310N\\
+		\textbf{Memory} &8GB DDR4	&8GB DDR4	&8GB DDR4\\
+		\textbf{Storage} &NVMe SSD 128GB &NVMe SSD 128GB   &NVMe SSD 128GB  \\
+		\textbf{TPM}   &Gigabyte TPM2.0\_L	&Gigabyte TPM2.0\_L   &Gigabyte TPM2.0\_L   \\
+		\bottomrule
+	\end{tabular}
+\end{table}
+For demonstrating remote attestation via DAA over a simple network infrastructure, we use 3 systems with similar configuration. 
+\autoref{tab:systems} show the specification of these systems.
+We decided to order one system with an AMD processor in it to find differences in handling the TPM between Intel and AMD systems.
+All features used in this thesis were available on both platform types, so there were no differences found.
+
+The used mainboards come with a dedicated TPM2.0 header which may differ from board to board.
+A 19-pin header is available on the older platform of \emph{System 2}.
+As long as TPM and mainboard have the same 19-pin connector they will be compatible to each other.
+The newer Gigabyte mainboards come with a proprietary 11-pin connector which is only compatible with Gigabyte's TPM2.0\_S module.
+All other modules are however electrical compatible since only unused pins of the full size connector are removed.
+With a wiring adapter any TPM board would work on any mainboard supporting TPM2.0 even when coming with a prorietary header.
+
+\section{Operating System}
+The Operating System need to fulfill three requirements for this prototype.
+First, the TPM must be supported by the Kernel.
+Second, the OS has to support a recent version of the TPM Software Stack (TSS 3.0.x or newer at the point of writing) for using the Xaptum ECDAA\footnote{\url{https://github.com/xaptum/ecdaa}} project with enabled hardware TPM.
+Similarly, the \texttt{tpm2-tools} must be available in a version newer than \texttt{4.0.0}.
+Finally, the support for the Integrity Measurement Architecture (IMA) must be activated in the Kernel and supported by the OS. 
+This feature is available in the mainline Linux Kernel, however, the according Kernel compile parameters must be set.
+
+The most recent version of Ubuntu 20.04 LTS does fulfill above mentioned requirements by default.
+Ubuntu is also supported by the Xaptum ECDAA project, although it was tested with an older version (18.04).
+When installing Ubuntu on the prototype, we used \emph{Full Disk Encryption} (FDE) which leads to the disk allocation described in \autoref{tab:disklayout}.
+
+\begin{table}
+	\centering
+	\begin{tabular}{llll}
+		\toprule
+		\emph{Partition}	&\emph{Size}	&\emph{Mountpoint}	&\emph{Comment}\\
+		\midrule
+		\texttt{nvme0n1p1}	&512M	&\texttt{/boot/efi}	&EFI boot partition\\
+		\texttt{nvme0n1p2}	&1G		&\texttt{/boot}		&Bootloader partition (Grub)\\
+		\texttt{nvme0n1p3}	&118G	&	&lvm on dm\_crypt\\
+		\texttt{ubuntu--vg-ubuntu--lv}	&118G	&\texttt{/}	&root partition on lvm\\
+		\bottomrule
+	\end{tabular}
+	\caption{Disk layout of the BS prototype} 
+	\label{tab:disklayout}
+\end{table}
+%In the next section we describe the basic setup of the OS to prepare Trusted Boot.
+%The DAA implementation of Xaptum\footnote{\url{https://github.com/xaptum/ecdaa}} supports Debian Linux and Ubuntu as operating system when interacting with a hardware TPM.
+
+%At the time of writinng, the most recent version of Ubuntu 20.04 LTS supports the TPM2.0 as well as the Xaptum DAA library and the Integrity features which are integrated in the Kernel
+
+
+
 \section{Trusted Boot}
+By default, every Mainboard with support for TPM2.0 supports also Trusted Boot.
+When a TPM becomes available, the BIOS itself takes all required measures until the boot process is handed over to the OS bootloader (e.g. Grub).
+Since Ubuntu uses Grub 2.04 as bootloader, Trusted Boot is directly supported and needs just to be enabled in the configuration.
+In this case, Grub will be measured from the BIOS to the PCRs 4 and 5, as shown in \ref{tab:PCR}.
+Grub itself uses PCR 8 for executed commands, the Kernel command line and all commands forwarded to Kernel modules.
+PCR 9 is used to measure all files read by Grub\footnote{\url{https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html} (visited on 19.11.2020)}.
+
+There is however a more efficient way of booting for embedded systems since there is often only one bootable Kernel in place and the device has to boot autonomously.
+Pawit Pornkitprasam \cite{pornkitprasan19-diskencryption}\cite{pornkitprasan19-tpmtools} and Karl O from Tevora \cite{tevora-secureboot} introduced the concept of a \emph{Unified Kernel} for Ubuntu and Arch respectively.
+
+We create a large EFI file which contains the initramfs, Kernel command line and the Kernel itself.
+This EFI file replaces that from Grub in the EFI boot partition.
+\autoref{code:tbcommandlinetxt} shows the used command line which will be saved on \texttt{/boot/kernel-command-line.txt}
+The parameters activate also IMA which is discussed later in this chapter.
+\begin{table}
+	\centering
+	\begin{footnotesize}
+		\begin{tabular}{lll}
+			\toprule
+			\emph{Address}	&\emph{Source path}	&\emph{Comment}\\
+			\midrule
+			\texttt{0x0000000}	&\texttt{/usr/lib/systemd/boot/efi/linuxx64.efi.stub}	&Linux EFI Stub\\
+			\texttt{0x0020000}	&\texttt{/usr/lib/os-release}		&Linux OS release information\\
+			\texttt{0x0030000}	&\texttt{/boot/kernel-command-line.txt}	&Kernel command line parameters\\
+			\texttt{0x0040000}	&\texttt{/boot/vmlinuz}	&latest Kernel image\\
+			\texttt{0x3000000}	&\texttt{/boot/initrd}	&latest initial ramdisk\\
+			\bottomrule
+		\end{tabular}
+	\end{footnotesize}
+	\caption{Memory layout of the Unified Kernel EFI file} 
+	\label{tab:efilayout}
+\end{table}
+The shell script shown in \autoref{code:tbupdatekernelsh} uses the command \texttt{objcopy} to create a single EFI file which contains the Kernel with corresponding release information and parameters and the initial ramdisk.
+The memory layout is shown in \ref{tab:efilayout}
+With this Unified Kernel in place, no additional PCRs are used and everything is measured by the BIOS.
+It furthermore omits the bootloader which is not necessary since the BS is ideally an embedded system with a single boot option in the end.
+
+
+So, when the BIOS hands over the system to the bootloader, all PCR values are already set.
+The Trusted Boot chain can now be used to authenticate the Kernel against the system.
+Therefore a second key is added to the LUKS header, which is a random number of 32 byte length.
+This key is saved in the TPM and sealed with the values of PCR 0--7.
+If the BIOS measurements calculate the same values as those of the sealing, the TPM is able to reveal the key for the FDE and the boot process can continue.
+The \emph{trusted} environment is now extended to the Kernel and the modules loaded at boot.
+
+%TODO Edit pointer
 \begin{itemize}
 	\item Trusted Boot with GRUB 2.04: TPM support available; PCR mapping
 	\item Secure Boot with Unified Kernel; another PCR mapping
 	\item Benefits and Drawbacks of both variants
+	\item describe automated unlocking 
 \end{itemize}
 
-
-
 Limitations due to bad implementation on BIOS-Level, no Certificate Verification Infrastructure available for TPMs? Needs to be proven for correctness.
 
 \section{Integrity Measurement Architecture}
 Available on Ubuntu, RedHat and optionally Gentoo.
 The Kernel has the correct compile options set.
 
-\subsection{Handling external hardware}
+\subsection{Handling external hardware}4
 How can camera and fingerprint sensor be trusted?
 What is the limitation of this solution?
 

thesis/04_outlook.tex

@@ -1,4 +1,5 @@
 \chapter{Conclusion and Outlook}
+\label{cha:conclusion}
 \section{Testing}
 These are the test results
 
@@ -6,27 +7,9 @@ These are the test results
 Still hard to set up a system like that.
 Documentation is available, but hardly any implementations for DAA and IMA.
 
+\section{Future Work}
+
 \section{Outlook}
 Hardening of the system beyond IMA useful.
 Minimization also useful, because the logging gets shorter.
 
-
-\autoref{tab:example} is an example of a table, in which the numbers are aligned at the comma, every second line is colored and the commands \texttt{\textbackslash toprule},  \texttt{\textbackslash midrule} and \texttt{\textbackslash bottomrule} are used \cite{arthur15}.
-
-\begin{table}[ht]
-	\centering
-	\caption{Example} \label{tab:example}
-	\rowcolors{2}{lightgray}{white}
-	\begin{tabular}{SSS}
-	\toprule
-\multicolumn{1}{c}{Länge $l$ in m} & \multicolumn{1}{c}{Breite $b$ in m} & \multicolumn{1}{c}{Höhe $h$ in m} \\
-	\midrule
-12.454 & 1.24   & 335.3 \\
-543.22 & 32.123 & 33.21 \\
-353.0  & 33.0   & 33.0  \\
-23.3   & 333.2  & 32.4  \\
-	\bottomrule
-	\end{tabular}
-\end{table}
-
-

thesis/05_appendix.tex

@@ -1,90 +1,32 @@
-\chapter{Installation instructions}
+\chapter[Appendix]{Sealing LUKS encryption key with PCRs in a TPM}
-\section{Installing IMA on Arch}
+\label{adx:luks}
-\url{https://wiki.archlinux.org/index.php/Kernel/Arch_Build_System} in combination with \url{https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture}:
+\lstinputlisting[language=bash, caption={\texttt{create-luks-tpm.sh}: Script to create a new LUKS key}, label={code:tbcreatelukssh}]{../../trustedboot/create-luks-tpm.sh}
-
+
-\begin{lstlisting}
+\lstinputlisting[caption={\texttt{kernel-command-line.txt}: Command line for the Kernel}, label={code:tbcommandlinetxt}]{../../trustedboot/kernel-command-line.txt}
-	sudo pacman -S asp base-devel
+\lstinputlisting[language=bash, caption={\texttt{passphrase-from-tpm.sh}: Initramfs-script to ask the TPM for the LUKS key}, label={code:tbpassphrasesh}]{../../trustedboot/passphrase-from-tpm.sh}
-	cd ~
+\lstinputlisting[language=bash, caption={\texttt{update-luks-tpm.sh}: Script for updating the Sealing of the TPM Object with new PCR values}, label={code:tbupdatetpmsh}]{../../trustedboot/update-luks-tpm.sh}
-	mkdir build && cd build
+\lstinputlisting[language=bash, caption={\texttt{update-kernel.sh}: Script for updating the unified Kernel}, label={code:tbupdatekernelsh}]{../../trustedboot/update-kernel.sh}
-	asp update linux
+\lstinputlisting[language=bash, caption={\texttt{install.sh}: Script to install Trusted Boot on Ubuntu}, label={code:tbinstallsh}]{../../trustedboot/install.sh}
-	asp export linux	#Linux repo exported to this directory
+
-\end{lstlisting}
+\chapter{TCP/IP Wrapper for the Xaptum ECDAA Protocol}
-Change \emph{pkgbase} in \texttt{linux/PKGBUILD} to custom name, e.g. linux-ima.
+\section{Common source files for all DAA parties}
-Check \texttt{linux/config} for the following settings:
+\lstinputlisting[caption={\texttt{common.h}}, label={code:daacommonh}]{../../ecdaa-network-wrapper/common.h}
-\begin{lstlisting}
+\lstinputlisting[caption={\texttt{common.c}}, label={code:daacommonc}]{../../ecdaa-network-wrapper/common.c}
-	CONFIG_INTEGRITY=y
+\lstinputlisting[caption={\texttt{client.h}}, label={code:daaclienth}]{../../ecdaa-network-wrapper/client.h}
-	CONFIG_IMA=y
+\lstinputlisting[caption={\texttt{client.c}}, label={code:daaclientc}]{../../ecdaa-network-wrapper/client.c}
-	CONFIG_IMA_MEASURE_PCR_IDX=10
+\lstinputlisting[caption={\texttt{server.h}}, label={code:daaserverh}]{../../ecdaa-network-wrapper/server.h}
-	CONFIG_IMA_LSM_RULES=y
+\lstinputlisting[caption={\texttt{server.c}}, label={code:daaserverc}]{../../ecdaa-network-wrapper/server.c}
-	CONFIG_INTEGRITY_SIGNATURE=y
+\section{Source files for the DAA Issuer}
-	CONFIG_IMA_APPRAISE=y
+\lstinputlisting[caption={\texttt{issuer.h}}, label={code:daaissuerh}]{../../ecdaa-network-wrapper/issuer.h}
-	IMA_APPRAISE_BOOTPARAM=y
+\lstinputlisting[caption={\texttt{issuer.c}}, label={code:daaissuerc}]{../../ecdaa-network-wrapper/issuer.c}
-\end{lstlisting}
+\section{Source files for the DAA Member}
-For optimizing file access, add to every fstab-entry \emph{iversion}.
+\lstinputlisting[caption={\texttt{member.h}}, label={code:daamemberh}]{../../ecdaa-network-wrapper/member.h}
-It prevents creating a hash of the file at every access.
+\lstinputlisting[caption={\texttt{member.c}}, label={code:daamemberc}]{../../ecdaa-network-wrapper/member.c}
-Instead the hash will only be created when writing the file.
+\section{Source files for the DAA Member with TPM support}
-
+\lstinputlisting[caption={\texttt{member-tpm.h}}, label={code:daamembertpmh}]{../../ecdaa-network-wrapper/member-tpm.h}
-\texttt{updpkgsums} generates new checksums for the modified files.
+\lstinputlisting[caption={\texttt{member-tpm.c}}, label={code:daamembertpmc}]{../../ecdaa-network-wrapper/member-tpm.c}
-
+\lstinputlisting[caption={\texttt{daa-test-tpm.}}, label={code:daakeyutilh}]{../../ecdaa-network-wrapper/daa-test-tpm.h}
-\texttt{makepkg -s} then makes the new kernel
+\lstinputlisting[caption={\texttt{create\_tpm\_key-util.c}}, label={code:daakeyutilc}]{../../ecdaa-network-wrapper/create_tpm_key-util.c}
-
+\section{Source files for the DAA Verifier}
-\section{Installing Xaptum DAA}
+\lstinputlisting[caption={\texttt{verifier.h}}, label={code:daaverifierh}]{../../ecdaa-network-wrapper/verifier.h}
-We use the Ubuntu 20.04 server edition for testing the environment.
+\lstinputlisting[caption={\texttt{verifier.c}}, label={code:daaverifierc}]{../../ecdaa-network-wrapper/verifier.c}
-It supports Trusted Boot an IMA out of the box.
-Three systems need to be installed -- the BS host, the issuer of the BS group and a verifier.
-Only the BS host needs to have a TPM in it, which requires a non-virtualized installation.
-The other hosts can easily be virtualized if needed.
-
-Note: The DAA protocol can be tested without using the TPM.
-
-\subsection{Encrypted File System}
-Optional: It is usefult to enable disk encryption on the BS host.
-Therefore only the boot section remains unencrypted and the TPM is used to decrypt the disk.
-
-\subsection{Unified Boot Loader}
-
-
-\subsection{TPM-tools}
-The TPM2-tools provide the features of the TPM to the shell and furthermore install the system API
-\texttt{apt install tpm2-tools}
-
-\subsection{Prerequisities for Xaptum ECDAA}
-Besides the building packages you should build two other projects from Xaptum. The first ist their variant of AMCL
-\begin{lstlisting}
-	sudo apt install cmake build-essential python3 python3-dev python3-pip gcc doxygen doxygen-latex parallel checkinstall
-	git clone https://github.com/xaptum/amcl.git
-	cd amcl
-	make
-	mkdir -p target/build
-	cd target/build
-	cmake -D CMAKE_INSTALL_PREFIX=/opt/amcl ../..
-	export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./
-	make
-	make test
-	make doc
-	sudo checkinstall
-	export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./:/opt/amcl/lib
-\end{lstlisting}
-The Apache Milagro Crypto Library is now installed in \texttt{/opt}. 
-
-The next part is the \texttt{xaptum-tpm} project, which provides the interface between the ECDAA application and the TPM hardware.
-\begin{lstlisting}
-	git clone https://github.com/xaptum/xaptum-tpm.git
-	cd xaptum-tpm
-	mkdir build
-	cd build
-	cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=/opt
-	cmake --build . --target install
-\end{lstlisting}
-
-\subsection{Installing Xaptum ECDAA}
-Finally the main project can be installed:
-\begin{lstlisting}
-	git clone https://github.com/xaptum/ecdaa.git
-	cd ecdaa
-	mkdir build
-	cd build
-	cmake  . -DECDAA_TPM_SUPPORT=ON -DCMAKE_INSTALL_PREFIX=/opt -DTEST_USE_TCP_TPM=off
-	ctest -V
-	cmake --build . --target=install
-\end{lstlisting}

thesis/MAIN.tex

@@ -1,143 +1,167 @@
-% !TeX document-id = {7131b1f7-d05a-492d-b4e1-23bbecfee18f}
 % !TeX encoding = UTF-8
 % !TeX program = pdflatex
 % !BIB program = biber
 
-% Rev. 2.1 - 11/18 - av %
+% Template Revision:
-% Rev. 2.0 - 07/18 - av %
+% Rev. C1 -- 2021-03-18 -- Ali Varli
+% Rev. B1 -- 2019-11-05 -- Ali Varli
 
 %% HINWEISE:
 %% MAIN.tex ist die Hauptdatei. Hier sind sämtliche Pakete eingebunden und die allgemeine Struktur ist hier festgelegt. Im Allgemeinen müssen hier keine Änderungen vorgenommen werden.
 %% In der eingebundenen Datei config.tex müssen Änderungen vorgenommen werden, die in der Datei näher erläutert sind.
 %% Das Deckblatt wird mit der Datei cover/coversheet.tex eingebunden. Hier sollten keine Änderungen vorgenommen werden.
-%% Für Text im Vorspann, d.h. vor der Inhaltsangabe (Seitenzahlen als kleine römische Zahlen; z.B. für Vorwort, Abstract etc.), ist die Datei frontmatter.tex vorgesehen.
+%% Für Text im Vorspann (vor der Inhaltsangabe, z.B. für Vorwort, Abstract etc.) ist die Datei frontmatter.tex vorgesehen.
 %% Für den Hauptteil ist die Datei mainmatter.tex vorgesehen.
-%% Das Literaturverzeichnis ist die eingebundene Datei literature.bib. Es ist vorgesehen, dass das Literaturverzeichnis mit Biber kompiliert wird.
+%% Das Literaturverzeichnis ist die eingebundene Datei literature.bib.
-%% Falls Fehler entdeckt werden, würde ich mich über eine E-Mail an a_v@gmx.net freuen.
+%% Für Verbesserungsvorschläge bin ich gerne offen.
-%% Viel Erfolg :). Linz, im April 2018, Ali Varli.
+%% Viel Erfolg :). Linz, im Oktober 2019, Ali Varli, a_v@gmx.net.
-
+
-	\documentclass[
+%% PLEASE NOTE:
-		a4paper,
+%% MAIN.tex is the main file. All packages are pooled here and the general structure is defined here. In general, no changes need to be made here.
-		oneside,
+%% Changes must be made in the included file config.tex. Detailed information is in the file.
-		onecolumn,
+%% The cover page is included with the file cover/coversheet.tex. No changes should be made here.
-		openany,
+%% The file frontmatter.tex is provided for text in the lead text (before the summary, i.e. for the foreword, abstract, etc.).
-		parskip=half*,
+%% The file mainmatter.tex is intended for the main part.
-%		toc=flat,
+%% The bibliography is the included file literature.bib.
-		table,
+%% I am open to suggestions for improvement.
-		12pt,
+%% Good luck :-). Linz, October 2019, Ali Varli, a_v@gmx.net.
-%		draft
+
-	]{scrbook}
+\documentclass[%
-
+	a4paper,
-	\usepackage[utf8]{inputenc}
+	11pt,
-	
+	BCOR=10mm,
-	\input{config}
+	DIV=12,
-	
+	headinclude,
-	\usepackage[T1]{fontenc}
+	headheight=16mm,
-	\usepackage{lmodern}
+	oneside,
-	
+	onecolumn,
-	\ifeng	\usepackage[ngerman,english]{babel}
+	openany,
-	\else	\usepackage[english,ngerman]{babel}	
+	parskip=half,
-	\fi
+	% appendixprefix,
-		
+	% toc=flat,
-	\usepackage[fleqn]{amsmath}
+	% chapterentrydots=true,
-	\usepackage{siunitx}
+	table,
-
+	fleqn,
-	\usepackage[backend=biber,sortlocale=auto,style=numeric-comp]{biblatex}
+	% draft
-	\addbibresource{literature.bib}
+]{scrbook}
-    \renewcommand*{\mkbibnamelast}[1]{\textsc{#1}}
+
-    \usepackage{csquotes}
+\usepackage[utf8]{inputenc}
-    
+
-	\usepackage[a4paper,left=30mm,right=14mm,top=27mm,bottom=10mm,includeheadfoot]{geometry}
+\input{config}
-
+
-	\usepackage{lastpage}
+\usepackage[T1]{fontenc}
-	\usepackage{scrlayer-scrpage}
+\usepackage{roboto,mathpazo}
-	\pagestyle{scrheadings}
+\usepackage{microtype}
-	\clearscrheadfoot
+\ifeng
-	\ifeng	\ohead[{\includegraphics[width=3cm]{cover/jkuen.png}}]{\includegraphics[width=3cm]{cover/jkuen.png}}
+	\usepackage[ngerman,english]{babel}
-	\else	\ohead[{\includegraphics[width=3cm]{cover/jkude.png}}]{\includegraphics[width=3cm]{cover/jkude.png}}
+\else
-	\fi
+	\usepackage[english,ngerman]{babel}
-	\ifoot[\date]{\date}
+\fi
-	\cfoot[\name]{\name}
+\usepackage[absolute]{textpos}
-	\ofoot[\pagemark/\pageref{LastPage}]{\pagemark/\pageref{LastPage}}		
+\usepackage{amsmath,siunitx}
-	\setkomafont{pageheadfoot}{\sffamily \scriptsize}
+%% Zitierweise numerisch, Literaturverzeichnis alphabetisch sortiert:
-	\setkomafont{pagenumber}{\sffamily \scriptsize}
+%% Citation listed numerically, bibliography listed alphabetically:
-
+\usepackage[
-	\usepackage[onehalfspacing]{setspace}
+	backend=biber,
-	
+	sortlocale=auto,
-	\usepackage{pdfpages}
+	style=numeric-comp,
-
+	backref=true,
-	\usepackage[pdfborder={0 0 0}]{hyperref}
+	backrefstyle=none
-
+]{biblatex}
-	\usepackage{tabularx}
+%% Zitierweise numerisch, Literaturverzeichnis unsortiert:
-	\usepackage{ltxtable}
+%% Citation listed numerically, bibliography unsorted:
-	\usepackage{booktabs}
+% \usepackage[backend=biber,sorting=none,style=numeric-comp,backref=true,backrefstyle=none]{biblatex}
-	\usepackage{rotating}
+%% Zitierweise Autor-Jahr, Literaturverzeichnis alphabetisch sortiert:
-	\usepackage{colortbl}
+%% Citation listed by author-year, bibliography listed alphabetically:
-	\usepackage{multirow}
+% \usepackage[backend=biber,style=authoryear,bibstyle=authoryear,citestyle=authoryear,maxcitenames=2,backref=true,backrefstyle=none]{biblatex}
-	
+\addbibresource{literature.bib}
-	\usepackage{xcolor}
+\usepackage{csquotes}
-
+\usepackage{lastpage,scrlayer-scrpage}
-	\usepackage{graphicx}
+\pagestyle{scrheadings}
-	\usepackage{wrapfig}
+\clearpairofpagestyles
-
+
-	\usepackage[section]{placeins} %\FloatBarrier
+\ifeng
-
+	\ohead*{\includegraphics[width=3cm]{cover/jkuen.png}}
-	\usepackage{float} %[H]
+\else
-
+	\ohead*{\includegraphics[width=3cm]{cover/jkude.png}}
-	\usepackage{enumitem}
+\fi
-		
+
-	\usepackage{subfiles}
+\ifoot*{\date}
-	
+\cfoot*{\author}
-	%own packages
+\ofoot*{\pagemark/\pageref{LastPage}}
-	\usepackage{libertine}
+
-	\usepackage{libertinust1math}
+\setkomafont{pageheadfoot}{\sffamily\scriptsize}
-	\usepackage[scale=0.9]{sourcecodepro}
+\setkomafont{pagenumber}{\sffamily\scriptsize}
-	\usepackage{microtype}
+
-	
+\usepackage[onehalfspacing]{setspace}
-	\usepackage{listings}
+\usepackage{pdfpages}
-	
+\usepackage{booktabs,colortbl,xcolor}
-%	\setcounter{tocdepth}{3} %subsubsection
+\usepackage{graphicx,wrapfig}
-%	\setcounter{secnumdepth}{3}
+\usepackage[section]{placeins} %\FloatBarrier
-		
+\usepackage{float} %[H]
-	\tolerance=100
+\usepackage{enumitem}
-	\clubpenalty=10000
+\usepackage{subfiles}
-	\widowpenalty=10000
+\usepackage{scrhack}
-	\displaywidowpenalty=10000
+\usepackage[
-	
+	bookmarksnumbered=true,
-%	\addtocontents{toc}{\protect\enlargethispage{2\normalbaselineskip}}
+	pdfborder={0 0 0},
-%	\addtocontents{lof}{\protect\enlargethispage{2\normalbaselineskip}}
+	pdfa,
-%	\addtocontents{lot}{\protect\enlargethispage{2\normalbaselineskip}}
+	pdftitle={\pdfTitle},
-	
+	pdfauthor={\pdfAuthor},
-	\addtokomafont{caption}{\small}
+	pdfsubject={\pdfSubject},
-	\setkomafont{captionlabel}{\small\sffamily\bfseries}
+	pdfkeywords={\pdfKeywords}
-	
+]{hyperref}
-	\newcommand{\zB}{z.\,B.}
+
-	\newcommand{\ToDo}{\normalfont \normalsize \textcolor{red}{\textbf{ToDo!}}}	
+%own packages
-	
+% \usepackage{libertine}
-	\urlstyle{sf}
+% \usepackage{libertinust1math}
-	
+\usepackage[scale=0.9]{sourcecodepro}
-	\lstset{
+\usepackage{listings}
-		language=[LaTeX]TeX,				%language
+
-		basicstyle=\ttfamily,	%common font style
+% \setcounter{tocdepth}{3} %subsubsection
-		xleftmargin=10pt,
+% \setcounter{secnumdepth}{3}
-		numbers=left,						%line numbers
+
-		numberstyle=\scriptsize,
+\tolerance=300
-		numberfirstline=true,
+\clubpenalty=10000
-		stepnumber=1,
+\widowpenalty=10000
-		numbersep=5pt,
+\displaywidowpenalty=10000
-		tabsize=2,							%size of tabulator
+
-		columns=flexible,
+% \addtocontents{toc}{\protect\enlargethispage{2\normalbaselineskip}}
-		upquote=true,
+% \addtocontents{lof}{\protect\enlargethispage{2\normalbaselineskip}}
-		%breaklines=true,					%automatischer Zeilenumbruch
+% \addtocontents{lot}{\protect\enlargethispage{2\normalbaselineskip}}
-		literate=							%Umlauts in source files
+
-		{Ö}{{\"O}}1
+\addtokomafont{caption}{\small}
-		{Ä}{{\"A}}1
+\setkomafont{captionlabel}{\small\sffamily\bfseries}
-		{Ü}{{\"U}}1
+
-		{ß}{{\ss}}2
+\newcommand{\zB}{z.\,B.\@}
-		{ü}{{\"u}}1
+\newcommand{\eg}{e.\,g.\@}
-		{ä}{{\"a}}1
+\newcommand{\ToDo}{\normalfont\normalsize\textcolor{red}{\textbf{ToDo!}}}	
-		{ö}{{\"o}}1
+
-	}
+\urlstyle{sf}
+
+\lstset{
+	language=C,													%language
+	basicstyle=\ttfamily\footnotesize,	%common font style
+	xleftmargin=10pt,
+	numbers=left,												%line numbers
+	numberstyle=\scriptsize,
+	numberfirstline=true,
+	stepnumber=1,
+	numbersep=5pt,
+	tabsize=2,													%size of tabulator
+	columns=flexible,
+	upquote=true,
+	breaklines=true,										%automatischer Zeilenumbruch
+	lineskip=0.1ex,
+	literate=														%Umlauts in source files
+	{Ö}{{\"O}}1
+	{Ä}{{\"A}}1
+	{Ü}{{\"U}}1
+	{ß}{{\ss}}2
+	{ü}{{\"u}}1
+	{ä}{{\"a}}1
+	{ö}{{\"o}}1
+}
 \newcommand{\issuer}[1][]{$\mathcal{I}_{#1}$}
 \newcommand{\host}[1][]{$\mathcal{H}_{#1}$}
 \newcommand{\tpm}[1][]{$\mathcal{M}_{#1}$}
@@ -146,31 +170,31 @@
 \newcommand{\nym}{\texttt{nym}}
 \newcommand{\RL}{\texttt{RL}}
 \newcommand{\sassign}{\stackrel{\$}{\leftarrow}}
-%
+
-%%
+
-%%%%
-%%%%%%%%
 %%%%%%%%%%%%%%%%
 \begin{document}
 %%%%%%%%%%%%%%%%
 
 \begin{titlepage}
-\include{cover/coversheet}
+	\setcounter{page}{0}
+	\include{cover/coversheet}
 \end{titlepage}
 
 
-
 %%%%%%%%%%%%
 \frontmatter
 
 \input{frontmatter}
 
 \begin{singlespace}
-\tableofcontents
+	\tableofcontents
+	\listoffigures 
+	\listoftables
 \end{singlespace}
-	
 
-%%%%%%%%%%%	
+
+%%%%%%%%%%%
 \mainmatter
 
 \input{01_introduction}
@@ -182,14 +206,10 @@
 %%%%%%%%%%%
 \backmatter
 
-\begin{singlespace}
-\listoffigures 
-{\let\clearpage\relax\listoftables}
-\end{singlespace}
-
 \printbibliography
 
+%%%%%%%%%%%
 \appendix
 \input{05_appendix}
 
-\end{document}
+\end{document}

thesis/config.tex

@@ -1,48 +1,72 @@
+% !TeX encoding = UTF-8
+% !TeX root = MAIN.tex
+
 \newif\ifeng
-%% HINWEISE:
+%% HINWEISE: Hier müssen folgende Einstellungen vorgenommen werden:
-%% Hier müssen folgende Einstellungen vorgenommen werden:
+%% PLEASE NOTE: Select your settings here:
-%% Sprache:
+
-%% Falls die Dokumentensprache Deutsch ist, \engtrue mit einem %-Zeichen davor auskommentieren:
+%% Sprache: Falls die Dokumentensprache Deutsch ist, \engtrue mit einem %-Zeichen davor auskommentieren:
-	\engtrue
+%% Language: If the document language is German, comment \engtrue with a % sign in front:
-	
+\engtrue
+
 %% Hier den Namen des Autors eingeben:
-	\def\name{Michael Preisach, BSc}
+%% Enter the author’s name here:
-	
+\def\author{Michael Preisach}
-%% Hier Informationen für den rechten Block unter dem JKU-Logo eingeben, wobei die Elemente mit einem Buchstaben jeweils für die Überschrift und mit Doppelbuchstaben für den Inhalt sind. Falls Elemente nicht benötigt werden, bitte NICHT LÖSCHEN, sondern frei lassen, wie z.B. elementE bzw. elementEE.  
+
-	\def\elementA{Submitted by}
+%% Hier Informationen für den rechten Block unter dem JKU-Logo eingeben, wobei die Elemente mit einem Buchstaben jeweils für die Beschreibung und mit Doppelbuchstaben für den Inhalt sind.
-	\def\elementAA{\textbf{\name} \\ 1155264}
+%% Anzuführen bei Masterarbeit: Eingereicht von, Anfegertigt am, BeurteilerIn, Mitbetreuung.
+%% Anzuführen bei Dissertation: Eingereicht von, Anfegertigt am, ErstbeurteilerIn, ZweitbeurteilerIn, Mitbetreuung.
+%% Anzuführen bei strukturiertem Doktorat: Eingereicht von, Angefertigt am, ErstbetreuerIn, ZweitbetreuerIn, Mitbetreuung.
+%%
+%% Enter information here for the right block under the JKU logo, whereby the elements should have one letter for the heading and double letters for content.
+%% To be given for master thesis: Author, Submission, Thesis Supervisor, Assistant Thesis Supervisor.
+%% To be given for doctoral thesis: Author, Submission, First Supervisor, Second Supervisor, Assistant Thesis Supervisor.
+\def\elementA{Author}
+\def\elementAA{\textbf{\author} \\ 1155264}
 
-	\def\elementB{Submitted at}
+\def\elementB{Submission}
-	\def\elementBB{\textbf{Institute for Networks and Security}}
+\def\elementBB{\textbf{Institute for Networks and Security}}
 
-	\def\elementC{Supervisor and First Examiner}
+\def\elementC{First Supervisor}
-	\def\elementCC{Univ.-Prof.\@ DI Dr.\@ \textbf{René Mayrhofer}}
+\def\elementCC{Univ.-Prof.\@ DI Dr.\@ \textbf{René Mayrhofer}}
 
-	\def\elementD{Second Examiner}
+\def\elementD{Second Supervisor}
-	\def\elementDD{DI \textbf{Tobias Höller}}
+\def\elementDD{\textbf{DI Tobias Höller}}
 
-	\def\elementE{}
+\def\elementE{Assistant Thesis Supervisor / Mitbetreuung}
-	\def\elementEE{}
+\def\elementEE{\textbf{Name}}
+
+%% Hier Datum eingeben (Monat der Abgabe im Prüfungs- und Anerkennungsservice):
+%% Enter the date (Month and year of submission to Examination and Recognition Services):
+\def\date{Month Year}
+
+%% Hier Ort eingeben:
+%% Enter the location:
+\def\place{Linz}
 
-%% Hier Datum eingeben:
-	\def\date{\today}
-	
 %% Hier Titel eingeben; steht über dem K:
-	\def\title{Project Digidow: Biometric Sensor}
+%% Enter the title; it appears above the K:
+\def\title{Project Digidow: Biometric Sensor}
 
-%% Hier ggf. Untertitel und LVA eingeben; stehen unter dem K. Falls sie nicht benötigt werden, bitte NICHT LÖSCHEN sondern frei lassen:
+%% Hier den Typ der Arbeit eingeben (0: Keine Arbeit, 1: Bachelorarbeit, 2: Masterarbeit, 3: Dissertation, 4: Diplomarbeit):
-	\def\subtitle{}
+%% Enter the type of paper here (0: Not Thesis, 1: Bachelor’s Thesis, 2: Master’s Thesis, 3: Dissertation, 4: Diploma Degree Thesis):
-	\def\lva{}
+\def\type{0}
-	
-\newif\ifthesis
-%% Ab hier müssen nur Änderungen vorgenommen werden, falls es sich um eine Bachelor- oder Masterarbeit oder eine Dissertation handelt. Wenn es sich darum handelt, die Auskommentierung der folgenden Zeile aufheben:
-	\thesistrue
 
-%% Hier den Typ der Arbeit eingeben (0: Bachelorarbeit, 1: Masterarbeit, 2: Dissertation, 3: Diplomarbeit):
+%% Hier ggf. Untertitel eingeben; stehen unter dem K (nur bei 0):
-	\def\type{1}
+%% If necessary, enter a subtitle here; below the K (only for 0):
+\def\subtitle{Subtitle / Untertitel}
 
 %% Hier den angestrebten akademischen Grad eingeben:
-	\def\scdegree{Master of Science}
+%% Enter the desired academic degree here:
+\def\acadDegree{Master of Science}
 
 %% Hier die Studienrichtung eingeben:
-	\def\study{Computer Science}
+%% Enter the major here:
+\def\study{Computer Science}
+
+%% Hier ggf. Metadaten für das PDF eingeben. Falls sie nicht benötigt werden, bitte NICHT LÖSCHEN sondern frei lassen:
+%% If necessary, enter metadata for the PDF here. If it is not needed, please DO NOT DELETE them. Simply leave them blank:
+\def\pdfTitle{\title}
+\def\pdfAuthor{\author}
+\def\pdfSubject{}
+\def\pdfKeywords{}

thesis/cover/coversheet.tex

@@ -1,109 +1,199 @@
-{
 \singlespacing
-\parindent 0pt
+\sffamily
-\def\ifundefined#1{\expandafter\ifx\csname#1\endcsname\relax}
-\makeatletter
-\def\Huge{\@setfontsize\Huge{36pt}{32}}
-\makeatother
-\unitlength 1cm
-\fontfamily{phv} \selectfont
 \small
-%
+\setlength{\TPHorizModule}{1mm}
-%
+\setlength{\TPVertModule}{1mm}
-\begin{picture}(16.6,0)
+\mbox{}
- \ifeng
+
-  \put(11.2,0){\includegraphics[width=5.2cm]{cover/jku_en}}
+\begin{textblock}{97}(142,20)
- \else
+	\ifeng
-  \put(11.2,0){\includegraphics[width=5.2cm]{cover/jku_de}}
+		\includegraphics[width=52mm]{cover/jkuen}
- \fi
- \put(12.6,-1.7){%
-  \begin{minipage}[t]{3.9cm}
-   \begin{flushleft}
-	\ifdefined\elementA
-	 {\footnotesize\elementA \vskip.1mm}
-	 {\elementAA}
-	 \vskip5mm
 	\else
-	 \relax
+		\includegraphics[width=52mm]{cover/jkude}
 	\fi
-	\ifdefined\elementB
+\end{textblock}
-	 {\footnotesize\elementB \vskip.1mm}
+
-	 {\elementBB}
+\begin{textblock}{85}(155,60)
-	 \vskip5mm
+	\begin{minipage}[t]{40mm}
-	\else
+		\begin{flushleft}
-	 \relax
+			\ifdefined\elementA
-	\fi
+				{\footnotesize\elementA}
-	\ifdefined\elementC
+				\vskip.1mm
-	 {\footnotesize\elementC \vskip.1mm}
+				\ifdefined\elementAA
-	 {\elementCC}
+					\elementAA
-	 \vskip5mm
+				\fi
-	\else
+				\vskip5mm
-	 \relax
+			\else
-	\fi
+				\relax
-	\ifdefined\elementD
+			\fi
-	 {\footnotesize\elementD \vskip.1mm}
+			\ifdefined\elementB
-	 {\elementDD}
+				{\footnotesize\elementB}
-	 \vskip5mm
+				\vskip.1mm
-	\else
+				\ifdefined\elementBB
-	 \relax
+					\elementBB
-	\fi
+				\fi
-	\ifdefined\elementE
+				\vskip5mm
-	 {\footnotesize\elementE \vskip.1mm}
+			\else
-	 {\elementEE}
+				\relax
-	 \vskip5mm
+			\fi
-	\else
+			\ifdefined\elementC
-	 \relax
+				{\footnotesize\elementC}
-	\fi
+				\vskip.1mm
-	\date
+				\ifdefined\elementCC
-   \end{flushleft}
+					\elementCC
-  \end{minipage}
+				\fi
- }
+				\vskip5mm
-%	
+			\else
-%	
+				\relax
- \put(12.6,-21.5){%
+			\fi
-  \begin{minipage}[t]{3.9cm}
+			\ifdefined\elementD
-   {\fontfamily{ugq} \selectfont JOHANNES KEPLER\\
+				{\footnotesize\elementD}
-  \ifeng
+				\vskip.1mm
-   UNIVERSITY
+				\ifdefined\elementDD
-  \else
+					\elementDD
-   UNIVERSIT\"{A}T
+				\fi
-  \fi
+				\vskip5mm
-   LINZ}\\
+			\else
-   Altenbergerstra{\ss}e 69\\
+				\relax
-   4040 Linz, \"{O}sterreich\\
+			\fi
-   www.jku.at\\
+			\ifdefined\elementE
-   DVR 0093696
+				{\footnotesize\elementE}
-  \end{minipage}
+				\vskip.1mm
- }
+				\ifdefined\elementEE
-%
+					\elementEE
-%		
+				\fi
- \put(0,-10.2){\begin{minipage}[b]{12cm}{\begin{flushleft}
+				\vskip5mm
- \Huge \fontfamily{ugq} \selectfont \title
+			\else
- \end{flushleft}} \end{minipage}}
+				\relax
-%	
+			\fi
- \put(0,-15.2){\includegraphics[width=4.4cm]{cover/arr}}
+			\date
-%	
+		\end{flushleft}
- \put(0,-16.3){
+	\end{minipage}
- 	\begin{minipage}[t]{12cm}
+\end{textblock}
-		  \ifthesis \Large
+
-		   \ifeng
+\begin{textblock}{85}(155,260)
-		    \ifcase\type Bachelor \or Master \or Doctoral \or Diploma \fi Thesis \vskip1mm
+	\begin{minipage}[t]{40mm}
-		    {\normalsize to obtain the academic degree of} \vskip2mm
+		{
-		    \scdegree \vskip1mm
+			\fontseries{black}
-		    {\normalsize in the \ifcase\type Bachelor's \or Master's \or  Doctoral \or Diploma \fi Program} \vskip2mm
+			\selectfont
-		   \else
+			JOHANNES KEPLER\\
-		    \ifcase\type Bachelorarbeit \or Masterarbeit \or Dissertation \or Diplomarbeit \fi \vskip1mm
+			\ifeng UNIVERSITY
-		    {\normalsize zur Erlangung des akademischen Grades} \vskip2mm
+			\else UNIVERSITÄT
-		    \scdegree \vskip1mm
+			\fi
-		    {\normalsize im \ifcase\type Bachelorstudium \or Masterstudium \or  Doktoratsstudium \or Diplomstudium \fi} \vskip2mm
+			LINZ\\
-		   \fi
+		}
-		    \study
+		Altenbergerstraße 69\\
-		  \else
+		4040 Linz, 
-		   {\Large\lva}
+		\ifeng Austria
-		   \vskip2mm
+		\else Österreich
-		   {\Large\bfseries\subtitle} 
+		\fi \\
-		  \fi
+		www.jku.at\\
+		DVR 0093696
+	\end{minipage}
+\end{textblock}
+
+\begin{textblock}{165}[0,1](30,140)
+	\begin{minipage}[b]{120mm}
+		\fontseries{black}
+		\fontsize{32pt}{32}
+		\selectfont
+		\flushleft
+		\title
+	\end{minipage}
+\end{textblock}
+
+\begin{textblock}{120}(30,150)
+	\includegraphics[width=44mm]{cover/arr}
+\end{textblock}
+
+\begin{textblock}{165}(30,195)
+	\begin{minipage}[t]{120mm}
+		\Large
+		\ifeng
+			\ifcase\type
+				\ifdefined\subtitle
+					\LARGE
+					\subtitle
+				\else
+					\relax
+				\fi
+				\or Bachelor Thesis 
+				\or Master Thesis 
+				\or Doctoral Thesis 
+				\or Diploma Thesis 
+			\fi 
+			\vskip1mm
+			\ifcase\type 
+				\relax 
+			\else 
+				{
+					\normalsize to obtain the academic degree of
+				}
+				\vskip2mm 
+			\fi
+			\ifcase\type
+				\relax 
+			\else 
+				\acadDegree
+				\vskip1mm 
+			\fi 
+			{
+				\normalsize 
+				\ifcase\type
+					\relax 
+					\or in the Bachelor's Program 
+					\or in the Master's Program 
+					\or in the Doctoral Program 
+					\or in the Diploma Program 
+				\fi
+			} 
+			\vskip2mm
+			\ifcase\type 
+				\relax 
+			\else
+				\study 
+			\fi
+		\else
+			\ifcase\type
+				\ifdefined\subtitle
+					\LARGE\subtitle
+				\else
+					\relax
+				\fi
+				\or Bachelorarbeit 
+				\or Masterarbeit 
+				\or Dissertation 
+				\or Diplomarbeit 
+			\fi 
+			\vskip1mm
+			\ifcase\type 
+				\relax 
+			\else
+				{
+					\normalsize zur Erlangung des akademischen Grades
+				}
+				\vskip2mm 
+			\fi
+			\ifcase\type 
+				\relax 
+			\else
+				\acadDegree \vskip1mm 
+			\fi 
+			{
+				\normalsize 
+				\ifcase\type 
+					\relax 
+					\or im Bachelorstudium 
+					\or im Masterstudium 
+					\or im Doktoratsstudium 
+					\or im Diplomstudium 
+				\fi
+			} \vskip2mm
+			\ifcase\type 
+				\relax 
+			\else
+				\study 
+			\fi
+		\fi
 	\end{minipage}
-}
+\end{textblock}
-\end{picture}
-}

thesis/frontmatter.tex

@@ -1,22 +1,56 @@
-	\ifeng	\chapter*{Abstract}
+% !TeX encoding = UTF-8
-	\else	\chapter*{Zusammenfassung}
+% !TeX root = MAIN.tex
-	\fi
+
+\ifeng 
+	\chapter*{Statutory Declaration}
+		I hereby declare that the thesis submitted is my own unaided work, that I have not used other than the sources indicated, and that all direct and indirect sources are acknowledged as references.
+
+		This printed thesis is identical with the electronic version submitted.
+
+		\vskip1cm
+		\place, \date
+
+\else 
+	\chapter*{Eidesstattliche Erklärung}
+	Ich erkläre an Eides statt, dass ich die vorliegende \ifcase\type Arbeit \or Bachelorarbeit \or Masterarbeit \or Dissertation \or Diplomarbeit \fi selbstständig und ohne fremde Hilfe verfasst, andere als die angegebenen Quellen und Hilfsmittel nicht benutzt bzw. die wörtlich oder sinngemäß entnommenen Stellen als solche kenntlich gemacht habe.
+
+	Die vorliegende \ifcase\type Arbeit \or Bachelorarbeit \or Masterarbeit \or Dissertation \or Diplomarbeit \fi ist mit dem elektronisch übermittelten Textdokument identisch.
+
+	\vskip1cm
+	\place, \date
+\fi
+
+
+\ifeng
+	\chapter*{Abstract}
+\else
+	\chapter*{Kurzfassung}
+\fi
 		
 % Hier Abstact in der Sprache eingeben, in der die Arbeit geschrieben wurde.
 What is it all about? Why is that interesting? What is new in this thesis? Where is the solution directing to?
 
-	{\let\clearpage\relax
+{
-	\ifeng	\selectlanguage{ngerman} \chapter*{Zusammenfassung}
+	\let\clearpage\relax
-	\else	\selectlanguage{english} \chapter*{Abstract}
+	\ifeng
+		\selectlanguage{ngerman} 
+		\chapter*{Kurzfassung}
+	\else
+		\selectlanguage{english} 
+		\chapter*{Abstract}
 	\fi
-		
+	
-% Hier Abstact in der jeweils anderen Sprache eingeben.
+	% Hier Abstact in der jeweils anderen Sprache eingeben.
-Das am Institut für Netzwerke und Sicherheit entwickelte Projekt \textit{Digital Shadow} benötigt in vielen Bereichen ein prüfbares Vertrauen um eine Erkennung von Nutzern anhand ihrer biometrischen Daten zu erkennen und Berechtigungen zuzuteilen.
+	Das am Institut für Netzwerke und Sicherheit entwickelte Projekt \textit{Digital Shadow} benötigt in vielen Bereichen ein prüfbares Vertrauen um eine Erkennung von Nutzern anhand ihrer biometrischen Daten zu erkennen und Berechtigungen zuzuteilen.
-Das Vertrauen soll dem Nutzer die Möglichkeit geben, die Korrektheit des Systems schnell und einfach zu prüfen, bevor er/sie disesm System biometrische Daten zur Verfügung stellt
+	Das Vertrauen soll dem Nutzer die Möglichkeit geben, die Korrektheit des Systems schnell und einfach zu prüfen, bevor er/sie disesm System biometrische Daten zur Verfügung stellt
-Diese Masterarbeit beschäftigt sich nun mit den existierenden Werkzeugen, die ein solches Vertrauen schaffen können.
+	Diese Masterarbeit beschäftigt sich nun mit den existierenden Werkzeugen, die ein solches Vertrauen schaffen können.
-Das implementierte System kombiniert diese Werkzeuge, um damit sensible Daten von Nutzern aufzunehmen und im Netzwerk von Digital Shadow zu identifizieren.
+	Das implementierte System kombiniert diese Werkzeuge, um damit sensible Daten von Nutzern aufzunehmen und im Netzwerk von Digital Shadow zu identifizieren.
-Es soll dabei sicher gestellt sein, dass eine fälschliche Verwendung der sensiblen Nutzerdaten ausgeschlossen wird.
+	Es soll dabei sicher gestellt sein, dass eine fälschliche Verwendung der sensiblen Nutzerdaten ausgeschlossen wird.
-Anhand dieses Systems werden die Eigenschaften einer vertrauenswürdigen Umgebung für Software diskutiert und notwendige Rahmenbedingungen erläutert.
+	Anhand dieses Systems werden die Eigenschaften einer vertrauenswürdigen Umgebung für Software diskutiert und notwendige Rahmenbedingungen erläutert.
-	\ifeng	\selectlanguage{english}
+	
-	\else 	\selectlanguage{ngerman}
+	\ifeng
-	\fi}
+		\selectlanguage{english}
+	\else
+		\selectlanguage{ngerman}
+	\fi
+}

thesis/literature.bib

@@ -152,15 +152,6 @@
 	urldate = {2020-02-27}
 }
 
-@online{tevora18,
-	author = {Tevora},
-	year = {2018},
-	month = {06},
-	title = {Configuring Secure Boot + TPM 2},
-	url = {https://threat.tevora.com/secure-boot-tpm-2/},
-	urldate = {2020-02-27}
-}
-
 @online{tpmsoftware20,
 	author = {TPM2 Software Community},
 	year = {2020},

thesis/mainmatter.tex

@@ -1,4 +1,6 @@
+% !TeX encoding = UTF-8
+% !TeX root = MAIN.tex
 
+\chapter{Text}
 
-
+Text.
-