diff --git a/resources/daa-network-attest.fig b/resources/daa-network-attest.fig
new file mode 100644
index 0000000..239b5f5
--- /dev/null
+++ b/resources/daa-network-attest.fig
@@ -0,0 +1,23 @@
+#FIG 3.2  Produced by xfig version 3.2.8
+Landscape
+Center
+Inches
+Letter
+100.00
+Single
+-2
+1200 2
+2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
+	 1875 825 1875 1950
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+	 6975 825 6975 1950
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1050 375 2700 375 2700 825 1050 825 1050 375
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6150 375 7800 375 7800 825 6150 825 6150 375
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	2 0 1.00 120.00 180.00
+	 1875 1500 6975 1500
+4 1 0 50 -1 4 14 0.0000 0 240 3330 4500 1425 VERIFYMSG <attestmsg, sig>\001
+4 1 0 50 -1 4 14 0.0000 0 180 1485 1875 675 DAA member\001
+4 1 0 50 -1 4 14 0.0000 0 180 1290 6975 675 DAA verifier\001
diff --git a/resources/daa-network-attest.pdf b/resources/daa-network-attest.pdf
new file mode 100644
index 0000000..4c3184f
Binary files /dev/null and b/resources/daa-network-attest.pdf differ
diff --git a/resources/daa-network-join.fig b/resources/daa-network-join.fig
new file mode 100644
index 0000000..0ffbb76
--- /dev/null
+++ b/resources/daa-network-join.fig
@@ -0,0 +1,39 @@
+#FIG 3.2  Produced by xfig version 3.2.8
+Landscape
+Center
+Inches
+Letter
+100.00
+Single
+-2
+1200 2
+6 1875 1200 6975 1575
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	2 0 1.00 120.00 180.00
+	 1875 1500 6975 1500
+4 1 0 50 -1 4 14 0.0000 0 180 825 4500 1425 1. JOIN\001
+-6
+6 1875 1800 6975 2175
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	2 0 1.00 120.00 180.00
+	 6975 2100 1875 2100
+4 1 0 50 -1 4 14 0.0000 0 180 2670 4500 2025 2. JOINSTART <nonce>\001
+-6
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	2 0 1.00 120.00 180.00
+	 1875 2700 6975 2700
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	2 0 1.00 120.00 180.00
+	 6975 3300 1875 3300
+2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
+	 1875 825 1875 3825
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+	 6975 825 6975 3825
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1050 375 2700 375 2700 825 1050 825 1050 375
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6150 375 7800 375 7800 825 6150 825 6150 375
+4 1 0 50 -1 4 14 0.0000 0 240 3855 4500 3225 4. JOINPROCEED <cred, cred.sig>\001
+4 1 0 50 -1 4 14 0.0000 0 180 1485 1875 675 DAA member\001
+4 1 0 50 -1 4 14 0.0000 0 180 1215 6975 675 DAA issuer\001
+4 1 0 50 -1 4 14 0.0000 0 240 2880 4500 2625 3. APPEND <member.pk>\001
diff --git a/resources/daa-network-join.pdf b/resources/daa-network-join.pdf
new file mode 100644
index 0000000..212d85c
Binary files /dev/null and b/resources/daa-network-join.pdf differ
diff --git a/resources/daa-network-publish.fig b/resources/daa-network-publish.fig
new file mode 100644
index 0000000..1538b9a
--- /dev/null
+++ b/resources/daa-network-publish.fig
@@ -0,0 +1,27 @@
+#FIG 3.2  Produced by xfig version 3.2.8
+Landscape
+Center
+Inches
+Letter
+100.00
+Single
+-2
+1200 2
+2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
+	 1875 825 1875 2550
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+	 6975 825 6975 2550
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	2 0 1.00 120.00 180.00
+	 1875 1500 6975 1500
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
+	2 0 1.00 120.00 180.00
+	 6975 2100 1875 2100
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1050 375 2700 375 2700 825 1050 825 1050 375
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6150 375 7800 375 7800 825 6150 825 6150 375
+4 1 0 50 -1 4 14 0.0000 0 240 2640 4500 2025 2. PUBLISH <issuer.pk>\001
+4 1 0 50 -1 4 14 0.0000 0 180 1665 4500 1425 1. GETPUBLIC\001
+4 1 0 50 -1 4 14 0.0000 0 240 1125 1875 675 DAA party\001
+4 1 0 50 -1 4 14 0.0000 0 180 1215 6975 675 DAA issuer\001
diff --git a/resources/daa-network-publish.pdf b/resources/daa-network-publish.pdf
new file mode 100644
index 0000000..acb8f41
Binary files /dev/null and b/resources/daa-network-publish.pdf differ
diff --git a/thesis/03_concept.tex b/thesis/03_concept.tex
index 7edc6f8..2d68c7a 100644
--- a/thesis/03_concept.tex
+++ b/thesis/03_concept.tex
@@ -208,10 +208,10 @@ When the BS is then authenticating an individual, the process illustrated in \au
 \end{figure}
 The four sources of trust are defined as groups which deliver parts of the prototype, but cannot be verified on a cryptographic level.
 Hence, suppliers must be manually added to these groups by using a well defined check for trustworthiness.
-Any TPM manufacturer has to implement the well defined standard from TCG.
+For example, any TPM manufacturer has to implement the well defined standard from TCG.
 There exists, however, no such exact definition for hardware and firmware parts of the platform.
-Consequently, these parts should undergo a functional analysis before they are trusted.
-Trust means that, when the platform is defined trustworthy, the corresponding PCR values should be published.
+Consequently, these parts should undergo a functional analysis before they receive a trust certificate.
+Trust means that, when the platform is defined trustworthy, the corresponding PCR values should be published to be verifiable when Digidow transactions occur.
 
 The same procedure should be done for the kernel and the used OS environment and of course, the used software.
 There, only the kernel with its parameters have a corresponding PCR value.
@@ -227,5 +227,4 @@ Furthermore, it can check the state of the platform by comparing the PCR values
 Finally, it can check the integrity of the running software by checking the hashes in the IMA log against known values.
 PCR 10 represents the end of the hash chain fed by the IMA log entries.
 
-If all values are good, the BS can be trusted and the Digidow transaction can be continued at the PIA.
-
+If all values are good, the BS can be trusted and the Digidow transaction can be continued at the PIA.
\ No newline at end of file
diff --git a/thesis/04_implementation.tex b/thesis/04_implementation.tex
index f211cda..8c97f4a 100644
--- a/thesis/04_implementation.tex
+++ b/thesis/04_implementation.tex
@@ -279,13 +279,6 @@ These chaecksums were generated with:
   \end{tabular}
 \end{table}
 
-
-
-%TODO Edit pointer
-tpm2-tools 4.x are usable to interact with the TPM from the command line.
-Available on all major releases after summer 2019.
-Fallback is using the TPM2 ESAPI or SAPI, which is available on almost all Linux distributions.
-
 Similar to trusted boot, Ubuntu requires two installed packages to support the features discussed in this section:
 \begin{itemize}
   \item \texttt{auditd} to analyze system calls of processes, helpful when using IMA, and
@@ -381,12 +374,59 @@ For example, to build the member with TPM support, use:
 [t]
 The following targets are available:[t][t]
 \begin{itemize}
-  \item \texttt{ecdaa\_issuer}: Creates the binary for the issuer.[t]
-  \item \texttt{ecdaa\_member}: Builds the member executable without TPM support.[t]
-  This should only be used for testing purposes.[t][t]
-  \item \texttt{ecdaa\_member\_tpm}: The member binary with TPM support.[t]
+  \item \texttt{ecdaa\_issuer}: Creates the binary for the issuer.
+  \item \texttt{ecdaa\_member}: Builds the member executable without TPM support.
+  This should only be used for testing purposes.
+  \item \texttt{ecdaa\_member\_tpm}: The member binary with TPM support.
   \item \texttt{ecdaa\_verifier}: Creates the verifier binary.
-  \item \texttt{ecdaa\_all}: Builds every binary listed above at once.[t][t][t][t]
+  \item \texttt{ecdaa\_all}: Builds every binary listed above at once.
 \end{itemize}
 
 When all above steps are finished successfully, the demonstration setup is finished.
+
+\begin{itemize}
+  \item picture taking program
+\end{itemize}
+\subsection{DAA Network Protocol}
+The network protocol provided by \texttt{ecdaa-network-wrapper} adds to the cryptographic implementation of Xaptum's ecdaa project a network communication layer.
+It is designed to match the workflow of a Digidow transaction, affecting the decision which party is defined as listener and which as sender.
+
+\begin{itemize}
+  \item \emph{Start issuer listener}: During startup of the issuer server, the program loads the public/private key pair if present.
+  Otherwise, a new key pair will be created.
+  The issuer listener is always active to manage group membership and queries for the issuer's publiic key.
+  \item \emph{Broadcast issuer's public key}: The DAA group public key created by the issuer is necessary for group enrollment and for verification of any messages signed by a DAA group member.
+  Consequently, verifier and (potential) member must get this key first.
+  \autoref{fig:daa-network-publish} shows the two steps that are visible on the network.
+  Since this communication contains only public data, no additional privacy measurenments are required.
+  \begin{figure}
+    \centering
+    \includegraphics[width=0.6\textwidth]{../resources/daa-network-publish}
+    \caption{Protocol to get the issuer's public key}
+    \label{fig:daa-network-publish}
+  \end{figure}
+  \item \emph{Enroll member to issuer's group}: This step extends the DAA group and transfers the trust of the DAA group to the new member.
+  This protocol requires the issuer's public key to be present at the member.
+  If this is not the case, the member asks for it automatically.
+  The procedure is a four-way handshake, as shown in \autoref{fig:daa-network-join}.
+  We describe in \autoref{ssec:daa-protocol-on-lrsw-assumption} that the key exchange is cryptographically secure, meaning that no adversary can extract any private keys when getting access to these messages.
+  \begin{figure}
+    \centering
+    \includegraphics[width=0.6\textwidth]{../resources/daa-network-join}
+    \caption{Protocol to add a new member to the issuer's group}
+    \label{fig:daa-network-join}
+  \end{figure}
+  \item \emph{Send signed messages}: The diagram in \autoref{fig:daa-network-attest} shows that the verifier listens and the member initiates the communication.
+  This implementation reflects the Digidow transaction workflow in mind where the sensor (=member) sends a signed message to the PIA (=verifier).
+  Hence, sending attestation messages with biometric information of the user will happen once per transaction in the Digidow network.
+  \begin{figure}
+    \centering
+    \includegraphics[width=0.6\textwidth]{../resources/daa-network-attest}
+    \caption{Protocol to send an attestation message to the verifier}
+    \label{fig:daa-network-attest}
+  \end{figure}
+\end{itemize}
+
+
+
+
diff --git a/thesis/MAIN.pdf b/thesis/MAIN.pdf
index 717736e..89f4089 100644
Binary files a/thesis/MAIN.pdf and b/thesis/MAIN.pdf differ