added UML diagrams for networkprotocol

4 years ago · ca38d9d6a1
9 changed files with 145 additions and 17 deletions
--- a/resources/daa-network-attest.fig
+++ b/resources/daa-network-attest.fig
@ -0,0 +1,23 @@
 #FIG 3.2  Produced by xfig version 3.2.8
 Landscape
 Center
 Inches
 Letter
 100.00
 Single
 -2
 1200 2
 2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
 	 1875 825 1875 1950
 2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
 	 6975 825 6975 1950
 2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
 	 1050 375 2700 375 2700 825 1050 825 1050 375
 2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
 	 6150 375 7800 375 7800 825 6150 825 6150 375
 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
 	2 0 1.00 120.00 180.00
 	 1875 1500 6975 1500
 4 1 0 50 -1 4 14 0.0000 0 240 3330 4500 1425 VERIFYMSG <attestmsg, sig>\001
 4 1 0 50 -1 4 14 0.0000 0 180 1485 1875 675 DAA member\001
 4 1 0 50 -1 4 14 0.0000 0 180 1290 6975 675 DAA verifier\001
--- a/resources/daa-network-attest.pdf
+++ b/resources/daa-network-attest.pdf
--- a/resources/daa-network-join.fig
+++ b/resources/daa-network-join.fig
@ -0,0 +1,39 @@
 #FIG 3.2  Produced by xfig version 3.2.8
 Landscape
 Center
 Inches
 Letter
 100.00
 Single
 -2
 1200 2
 6 1875 1200 6975 1575
 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
 	2 0 1.00 120.00 180.00
 	 1875 1500 6975 1500
 4 1 0 50 -1 4 14 0.0000 0 180 825 4500 1425 1. JOIN\001
 -6
 6 1875 1800 6975 2175
 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
 	2 0 1.00 120.00 180.00
 	 6975 2100 1875 2100
 4 1 0 50 -1 4 14 0.0000 0 180 2670 4500 2025 2. JOINSTART <nonce>\001
 -6
 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
 	2 0 1.00 120.00 180.00
 	 1875 2700 6975 2700
 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
 	2 0 1.00 120.00 180.00
 	 6975 3300 1875 3300
 2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
 	 1875 825 1875 3825
 2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
 	 6975 825 6975 3825
 2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
 	 1050 375 2700 375 2700 825 1050 825 1050 375
 2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
 	 6150 375 7800 375 7800 825 6150 825 6150 375
 4 1 0 50 -1 4 14 0.0000 0 240 3855 4500 3225 4. JOINPROCEED <cred, cred.sig>\001
 4 1 0 50 -1 4 14 0.0000 0 180 1485 1875 675 DAA member\001
 4 1 0 50 -1 4 14 0.0000 0 180 1215 6975 675 DAA issuer\001
 4 1 0 50 -1 4 14 0.0000 0 240 2880 4500 2625 3. APPEND <member.pk>\001
--- a/resources/daa-network-join.pdf
+++ b/resources/daa-network-join.pdf
--- a/resources/daa-network-publish.fig
+++ b/resources/daa-network-publish.fig
@ -0,0 +1,27 @@
 #FIG 3.2  Produced by xfig version 3.2.8
 Landscape
 Center
 Inches
 Letter
 100.00
 Single
 -2
 1200 2
 2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
 	 1875 825 1875 2550
 2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
 	 6975 825 6975 2550
 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
 	2 0 1.00 120.00 180.00
 	 1875 1500 6975 1500
 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
 	2 0 1.00 120.00 180.00
 	 6975 2100 1875 2100
 2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
 	 1050 375 2700 375 2700 825 1050 825 1050 375
 2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
 	 6150 375 7800 375 7800 825 6150 825 6150 375
 4 1 0 50 -1 4 14 0.0000 0 240 2640 4500 2025 2. PUBLISH <issuer.pk>\001
 4 1 0 50 -1 4 14 0.0000 0 180 1665 4500 1425 1. GETPUBLIC\001
 4 1 0 50 -1 4 14 0.0000 0 240 1125 1875 675 DAA party\001
 4 1 0 50 -1 4 14 0.0000 0 180 1215 6975 675 DAA issuer\001
--- a/resources/daa-network-publish.pdf
+++ b/resources/daa-network-publish.pdf
--- a/thesis/03_concept.tex
+++ b/thesis/03_concept.tex
@ -208,10 +208,10 @@ When the BS is then authenticating an individual, the process illustrated in \au
 \end{figure}
 The four sources of trust are defined as groups which deliver parts of the prototype, but cannot be verified on a cryptographic level.
 Hence, suppliers must be manually added to these groups by using a well defined check for trustworthiness.
-Any TPM manufacturer has to implement the well defined standard from TCG.
+For example, any TPM manufacturer has to implement the well defined standard from TCG.
 There exists, however, no such exact definition for hardware and firmware parts of the platform.
-Consequently, these parts should undergo a functional analysis before they are trusted.
+Consequently, these parts should undergo a functional analysis before they receive a trust certificate.
-Trust means that, when the platform is defined trustworthy, the corresponding PCR values should be published.
+Trust means that, when the platform is defined trustworthy, the corresponding PCR values should be published to be verifiable when Digidow transactions occur.
 The same procedure should be done for the kernel and the used OS environment and of course, the used software.
 There, only the kernel with its parameters have a corresponding PCR value.
@ -228,4 +228,3 @@ Finally, it can check the integrity of the running software by checking the hash
 PCR 10 represents the end of the hash chain fed by the IMA log entries.
 If all values are good, the BS can be trusted and the Digidow transaction can be continued at the PIA.
--- a/thesis/04_implementation.tex
+++ b/thesis/04_implementation.tex
@ -279,13 +279,6 @@ These chaecksums were generated with:
  \end{tabular}
 \end{table}
 %TODO Edit pointer
 tpm2-tools 4.x are usable to interact with the TPM from the command line.
 Available on all major releases after summer 2019.
 Fallback is using the TPM2 ESAPI or SAPI, which is available on almost all Linux distributions.
 Similar to trusted boot, Ubuntu requires two installed packages to support the features discussed in this section:
 \begin{itemize}
  \item \texttt{auditd} to analyze system calls of processes, helpful when using IMA, and
@ -381,12 +374,59 @@ For example, to build the member with TPM support, use:
 [t]
 The following targets are available:[t][t]
 \begin{itemize}
-  \item \texttt{ecdaa\_issuer}: Creates the binary for the issuer.[t]
+  \item \texttt{ecdaa\_issuer}: Creates the binary for the issuer.
-  \item \texttt{ecdaa\_member}: Builds the member executable without TPM support.[t]
+  \item \texttt{ecdaa\_member}: Builds the member executable without TPM support.
-  This should only be used for testing purposes.[t][t]
+  This should only be used for testing purposes.
-  \item \texttt{ecdaa\_member\_tpm}: The member binary with TPM support.[t]
+  \item \texttt{ecdaa\_member\_tpm}: The member binary with TPM support.
  \item \texttt{ecdaa\_verifier}: Creates the verifier binary.
-  \item \texttt{ecdaa\_all}: Builds every binary listed above at once.[t][t][t][t]
+  \item \texttt{ecdaa\_all}: Builds every binary listed above at once.
 \end{itemize}
 When all above steps are finished successfully, the demonstration setup is finished.
 \begin{itemize}
  \item picture taking program
 \end{itemize}
 \subsection{DAA Network Protocol}
 The network protocol provided by \texttt{ecdaa-network-wrapper} adds to the cryptographic implementation of Xaptum's ecdaa project a network communication layer.
 It is designed to match the workflow of a Digidow transaction, affecting the decision which party is defined as listener and which as sender.
 \begin{itemize}
  \item \emph{Start issuer listener}: During startup of the issuer server, the program loads the public/private key pair if present.
  Otherwise, a new key pair will be created.
  The issuer listener is always active to manage group membership and queries for the issuer's publiic key.
  \item \emph{Broadcast issuer's public key}: The DAA group public key created by the issuer is necessary for group enrollment and for verification of any messages signed by a DAA group member.
  Consequently, verifier and (potential) member must get this key first.
  \autoref{fig:daa-network-publish} shows the two steps that are visible on the network.
  Since this communication contains only public data, no additional privacy measurenments are required.
  \begin{figure}
    \centering
    \includegraphics[width=0.6\textwidth]{../resources/daa-network-publish}
    \caption{Protocol to get the issuer's public key}
    \label{fig:daa-network-publish}
  \end{figure}
  \item \emph{Enroll member to issuer's group}: This step extends the DAA group and transfers the trust of the DAA group to the new member.
  This protocol requires the issuer's public key to be present at the member.
  If this is not the case, the member asks for it automatically.
  The procedure is a four-way handshake, as shown in \autoref{fig:daa-network-join}.
  We describe in \autoref{ssec:daa-protocol-on-lrsw-assumption} that the key exchange is cryptographically secure, meaning that no adversary can extract any private keys when getting access to these messages.
  \begin{figure}
    \centering
    \includegraphics[width=0.6\textwidth]{../resources/daa-network-join}
    \caption{Protocol to add a new member to the issuer's group}
    \label{fig:daa-network-join}
  \end{figure}
  \item \emph{Send signed messages}: The diagram in \autoref{fig:daa-network-attest} shows that the verifier listens and the member initiates the communication.
  This implementation reflects the Digidow transaction workflow in mind where the sensor (=member) sends a signed message to the PIA (=verifier).
  Hence, sending attestation messages with biometric information of the user will happen once per transaction in the Digidow network.
  \begin{figure}
    \centering
    \includegraphics[width=0.6\textwidth]{../resources/daa-network-attest}
    \caption{Protocol to send an attestation message to the verifier}
    \label{fig:daa-network-attest}
  \end{figure}
 \end{itemize}
--- a/thesis/MAIN.pdf
+++ b/thesis/MAIN.pdf