This master thesis will cover a major part of Digidow's BS.
This master thesis will cover a major part of Digidow's BS.
When a request of the \emph{Verifier} appears, the system captures data from the biometric interface, wraps and submits it to the \emph{personal agent}, where further processing is done.
Figure \ref{fig:physview} shows an example scenario where three physical devices are involved to explain the tasks of the BS.
Two essential questions arise while doing so.
First, the system has to identify the corresponding personal agent.
The Verifier sends a request to the BS containing an UID of the user to be verified, signed with the organization's private key.
This thesis will assume, that a personal agent is available for the corresponding user.
The BS then gains the needed biometric data and finds the corresponding PA with the provided UID.
Second and more important for this thesis is the question, how the BS and the PA trusts each other.
Although Verifier and BS are usually reachable within the local network, the PA is available only via a worldwide network which implements privacy-features.
A \emph{Trusted Platform Module} (TPM) is able to address this problem by generating trust by cryptography.
After establishing a connection, both BS and PA require a \emph{Trusted Platform Module} (TPM) to create a trusted environment on the own system.
Another question is how the system interacts with attached sensors that get the sensible data.
The TPM ensures that the system is in a provable, well defined state that can be shown to external readers.
\emph{Direct Anonymous Attestation} (DAA) allows then to proof the validity of another device anonymously.
Thus, BS and PA use DAA to verify the other instance and to generate trust between both devices.
When having a trusted environment over the network, the gained biometric data as well as the public key information of the Verifier can be submitted to the PA.
\subsection{Practical Part}
\subsection{Practical Part}
One goal of this thesis is to set up a system which is \emph{trustworthy}.
This thesis aims to implement the features defined in the previous subsection.
This means that the system's TPM can verify the whole software stack (firmware, boot loader, kernel, driver, executed software, firmware of attached devices, \ldots).
Therefore it is assumed that the network discovery delivers a function where the BS gets the corresponding PA using the provided UID.
The next step is to find a way to trust the yet unknown PA instance.
The \emph{Trusted Environment} for the BS as shown in Figure \ref{fig:physview} describes the process that verifies the whole software stack (firmware, boot loader, kernel, driver, executed software, firmware of attached devices, \ldots) by the TPM.
Again the system's TPM may help with a function called \emph{Direct Anonymous Attestation} (DAA).
Furthermore it should be possible to verify the attached biometric sensors.
Both, BS and PA have to trust each other to submit the biometric data payload to the PA for further processing.
This depends however on whether the firmware and driver software could be extracted verified and installed on the device.
During this phase, privacy features should be implemented to prevent misuse with sensitive data from the user.
After having this system implemented, a demonstration platform should illustrate how this system works.
After having this system implemented, a demonstration platform should illustrate how this system works.
The not yet provided, but required interfaces will be simulated in a way that allow to demonstrate the function of the implemented part of this thesis.
The not yet provided, but required interfaces will be simulated in a way that allow to demonstrate the function of the implemented part of this thesis.
@ -105,12 +114,13 @@ The not yet provided, but required interfaces will be simulated in a way that al
The implementation and demonstration allows a discussion about benefits and drawbacks of the implementation and a comparison to other possible implementations.
The implementation and demonstration allows a discussion about benefits and drawbacks of the implementation and a comparison to other possible implementations.
This thesis should cover and discuss the following questions:
This thesis should cover and discuss the following questions:
\begin{itemize}
\begin{itemize}
\item How can a BS find the corresponding PA?
%\item How can a BS find the corresponding PA?
\item How is trust implemented in the BS?
\item How is trust implemented in the BS?
\item How is trust generated between PA and BS in both directions?
\item How is trust generated between PA and BS in both directions?
\item What can be done to protect the sensible/biometric data within the system? Which risks are relevant for protection?
\item What can be done to protect the sensible/biometric data within the system? Which risks are relevant for protection?
\item What is necessary to protect sensible data for submission over the network.
