You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
112 lines
5.2 KiB
112 lines
5.2 KiB
\documentclass[11pt]{article}
|
|
|
|
\usepackage[utf8]{inputenc}
|
|
\usepackage[english]{babel}
|
|
\usepackage[paper=a4paper, left=25mm, right=25mm, top=25mm, bottom=22mm]{geometry}
|
|
\usepackage[T1]{fontenc}
|
|
\usepackage{lmodern}
|
|
\usepackage{listings}
|
|
\usepackage{fancyhdr}
|
|
\usepackage{verbatim}
|
|
\usepackage{graphicx}
|
|
\usepackage{amsmath}
|
|
\usepackage{dsfont}
|
|
\usepackage{eurosym}
|
|
|
|
\DeclareUnicodeCharacter{20AC}{\euro}
|
|
|
|
\clubpenalty = 10000
|
|
\widowpenalty = 10000
|
|
\displaywidowpenalty = 10000
|
|
|
|
\pagestyle{fancy}
|
|
\setlength{\parskip}{1ex}
|
|
\fancyhf{}
|
|
\fancyfoot[L]{\scriptsize{Proposal Master Thesis,
|
|
Michael Preisach BSc}}
|
|
\fancyfoot[R]{\scriptsize{Page \thepage}}
|
|
\renewcommand{\headrulewidth}{0pt}
|
|
\renewcommand{\footrulewidth}{0.5pt}
|
|
\setcounter{secnumdepth}{2}
|
|
\setcounter{section}{0}
|
|
\lstset{
|
|
language=VHDL,
|
|
columns=fixed,
|
|
tabsize=7,
|
|
basicstyle=\footnotesize \ttfamily,
|
|
keywordstyle=\slshape \bfseries,
|
|
showstringspaces=false,
|
|
}
|
|
\setlength{\parindent}{0cm}
|
|
\title{Digidow's Biometric Sensor\\\normalsize{Proposal for Master Thesis}}
|
|
\author{Michael Preisach BSc}
|
|
\date{December 2018}
|
|
|
|
\fancypagestyle{plain}
|
|
{
|
|
\fancyfoot[L]{\scriptsize{Proposal Master Thesis,
|
|
Michael Preisach BSc}}
|
|
\fancyfoot[R]{\scriptsize{Page \thepage}}
|
|
\renewcommand{\headrulewidth}{0pt}
|
|
\renewcommand{\footrulewidth}{0.5pt}
|
|
}
|
|
\begin{document}
|
|
\maketitle
|
|
\section{Motivation}
|
|
Digital Shadow (Digidow) is a research project of Prof. Mayrhofer, head of the Institute for Networks and Security (INS).
|
|
The project is aims to be a secure and privacy-friendly solution to identify or authenticate a person to a requester.
|
|
Figure \ref{fig:digidow} shows a graphical overview of the proposed identification process in this project.
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=\textwidth]{../resources/globalview}
|
|
\caption{Overview of the Digidow Project}
|
|
\label{fig:digidow}
|
|
\end{figure}
|
|
|
|
The illustrated distributed system works as follows:
|
|
In the first step, the service discovery (1), each devices need to find each other over a distributed network.
|
|
When a person requires to be verified by that system, he or she initially should provide a globally unique ID (2).
|
|
This could be Name, date and location of birth, address and so on.
|
|
Given this information, the \emph{Verifier} asks the \emph{Biometric Sensor} (BS) to gain biometric data of this person (3).
|
|
In fact, one can gain any form of data which uniquely identifies a single person.
|
|
Once, this data is retrieved, the BS has to find the user's \emph{Personal Agent} (PA), by using the provided unique ID.
|
|
The steps (4) and (6) are required to create trust between the PA and the BS.
|
|
Only in a trusted environment, the biometric data payload is submitted.
|
|
Since the PA holds all required data to identify its corresponding user, it is able to decide whether the claim is correct or not (7).
|
|
Based on that decision, the Verifier can then trigger an adequate reaction(8).
|
|
This system is designed to implement the \emph{Need-To-Know} principle and thus privacy for the user.
|
|
|
|
\section{Scope of the Thesis}
|
|
This master thesis will cover a major part of Digidow's BS.
|
|
When a request of the \emph{Verifier} appears, the system captures data from the biometric interface, wraps and submits it to the \emph{personal agent}, where further processing is done.
|
|
Two essential questions arise while doing so.
|
|
First, the system has to identify the corresponding personal agent.
|
|
This thesis will assume, that a personal agent is available for the corresponding user.
|
|
Second and more important for this thesis is the question, how the BS and the PA trusts each other.
|
|
A \emph{Trusted Platform Module} (TPM) is able to address this problem by generating trust by cryptography.
|
|
Another question is how the system interacts with attached sensors that get the sensible data.
|
|
|
|
\subsection{Practical Part}
|
|
One goal of this thesis is to set up a system which is \emph{trustworthy}.
|
|
This means that the system's TPM can verify the whole software stack (firmware, boot loader, kernel, driver, executed software, firmware of attached devices, \ldots).
|
|
|
|
The next step is to find a way to trust the yet unknown PA instance.
|
|
Again the system's TPM may help with a function called \emph{Direct Anonymous Attestation} (DAA).
|
|
Both, BS and PA have to trust each other to submit the biometric data payload to the PA for further processing.
|
|
During this phase, privacy features should be implemented to prevent misuse with sensitive data from the user.
|
|
|
|
After having this system implemented, a demonstration platform should illustrate how this system works.
|
|
The not yet provided, but required interfaces will be simulated in a way that allow to demonstrate the function of the implemented part of this thesis.
|
|
|
|
\subsection{Discussion}
|
|
The implementation and demonstration allows a discussion about benefits and drawbacks of the implementation and a comparison to other possible implementations.
|
|
This thesis should cover and discuss the following questions:
|
|
\begin{itemize}
|
|
\item How is trust implemented in the Biometric Sensor?
|
|
\item How is trust generated between Personal Agent and BS?
|
|
\item What can be done to protect the sensible within the system?
|
|
\item What are the limitations by using a TPM?
|
|
\end{itemize}
|
|
|
|
\end{document}
|