\documentclass[11pt]{article}

\usepackage[utf8]{inputenc}
\usepackage[english]{babel}
\usepackage[paper=a4paper, left=25mm, right=25mm, top=25mm, bottom=22mm]{geometry}
\usepackage[T1]{fontenc}
\usepackage{lmodern}
\usepackage{listings}
\usepackage{fancyhdr}
\usepackage{verbatim}
\usepackage{graphicx}
\usepackage{amsmath}
\usepackage{dsfont}
\usepackage{eurosym}

\DeclareUnicodeCharacter{20AC}{\euro}

\clubpenalty = 10000 
\widowpenalty = 10000 
\displaywidowpenalty = 10000

\pagestyle{fancy}
\setlength{\parskip}{1ex}
\fancyhf{}
\fancyfoot[L]{\scriptsize{Proposal Master Thesis, 
Michael Preisach BSc}}
\fancyfoot[R]{\scriptsize{Page \thepage}}
\renewcommand{\headrulewidth}{0pt}
\renewcommand{\footrulewidth}{0.5pt}
\setcounter{secnumdepth}{2}
\setcounter{section}{0}
\lstset{
	language=VHDL,
	columns=fixed,
	tabsize=7,
	basicstyle=\footnotesize \ttfamily,
	keywordstyle=\slshape \bfseries,
	showstringspaces=false,
}
\setlength{\parindent}{0cm}
\title{Digidow's Biometric Sensor\\\normalsize{Proposal for Master Thesis}}
\author{Michael Preisach BSc}
\date{December 2018}

\fancypagestyle{plain}
{
	\fancyfoot[L]{\scriptsize{Proposal Master Thesis, 
			Michael Preisach BSc}}
	\fancyfoot[R]{\scriptsize{Page \thepage}}
	\renewcommand{\headrulewidth}{0pt}
	\renewcommand{\footrulewidth}{0.5pt}
}
\begin{document}
\maketitle
\section{Motivation}
Digital Shadow (Digidow) is a research project of Prof. Mayrhofer, head of the Institute for Networks and Security (INS).
The project is aims to be a secure and privacy-friendly solution to identify or authenticate a person to a requester.
Figure \ref{fig:digidow} shows a graphical overview of the proposed identification process in this project.

\begin{figure}[h]
	\centering
	\includegraphics[width=0.9\textwidth]{../resources/globalview}
	\caption{Overview of the Digidow Project}
	\label{fig:digidow}
\end{figure}

The illustrated distributed system works as follows:
In the first step, the service discovery (1), each devices need to find each other over a distributed network.
When a person requires to be verified by that system, he or she initially should provide a globally \emph{Unique Identifier} (UID) (2).
This could be Name, date and location of birth, address and so on.
Given this information, the \emph{Verifier} asks the \emph{Biometric Sensor} (BS) to gain biometric data of this person (3).
In fact, one can gain any form of data which uniquely identifies a single person.
Once, this data is retrieved, the BS has to find the user's \emph{Personal Agent} (PA), by using the provided unique ID.
Only the PA is able to identify the user, because it is the only instance holding personal and biometric data of the corresponding person.
The steps (4) and (6) are required to create trust between the PA and the BS.
Only in a trusted environment, the biometric data payload is submitted.
With this data the PA is able to decide whether the claim is correct or not.
This result has to be signed by the PA and sent to the Verifier which itself proves whether this authentication message is valid (7).
Based on that decision and the content of the message, the Verifier can then trigger an adequate reaction (8).
This system is designed to implement the \emph{Need-To-Know} principle and thus privacy for the user.

\section{Scope of the Thesis}
\begin{figure}[h]
	\centering
	\includegraphics[width=0.9\textwidth]{../resources/networkview}
	\caption{Physical view of the three instances}
	\label{fig:physview}
\end{figure}
This master thesis will cover a major part of Digidow's BS.
Figure \ref{fig:physview} shows an example scenario where three physical devices are involved to explain the tasks of the BS.

The Verifier sends a request to the BS containing an UID of the user to be verified, signed with the organization's private key.
The BS then gains the needed biometric data and finds the corresponding PA with the provided UID.
Although Verifier and BS are usually reachable within the local network, the PA is available only via a worldwide network which implements privacy-features.
After establishing a connection, both BS and PA require a \emph{Trusted Platform Module} (TPM) to create a trusted environment on the own system. 
The TPM ensures that the system is in a provable, well defined state that can be shown to external readers.
\emph{Direct Anonymous Attestation} (DAA) allows then to proof the validity of another device anonymously.
Thus, BS and PA use DAA to verify the other instance and to generate trust between both devices.
When having a trusted environment over the network, the gained biometric data as well as the public key information of the Verifier can be submitted to the PA.


\subsection{Practical Part}
This thesis aims to implement the features defined in the previous subsection.
Therefore it is assumed that the network discovery delivers a function where the BS gets the corresponding PA using the provided UID.

The \emph{Trusted Environment} for the BS as shown in Figure \ref{fig:physview} describes the process that verifies the whole software stack (firmware, boot loader, kernel, driver, executed software, firmware of attached devices, \ldots) by the TPM.
Furthermore it should be possible to verify the attached biometric sensors.
This depends however on whether the firmware and driver software could be extracted verified and installed on the device.

After having this system implemented, a demonstration platform should illustrate how this system works.
The not yet provided, but required interfaces will be simulated in a way that allow to demonstrate the function of the implemented part of this thesis.

\subsection{Discussion}
The implementation and demonstration allows a discussion about benefits and drawbacks of the implementation and a comparison to other possible implementations. 
This thesis should cover and discuss the following questions:
\begin{itemize}
%	\item How can a BS find the corresponding PA?
	\item How is trust implemented in the BS?
	\item How is trust generated between PA and BS in both directions?
	\item What can be done to protect the sensible/biometric data within the system? Which risks are relevant for protection?
	\item What is necessary to protect sensible data for submission over the network.
	\item What are the limitations by using a TPM?
	\item Which systems need a TPM and why?
\end{itemize}

\end{document}