gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-cashless2ecash] branch master updated: save commit

From: gnunet
Subject: [taler-cashless2ecash] branch master updated: save commit
Date: Thu, 30 May 2024 13:24:43 +0200 
This is an automated email from the git hooks/post-receive script.

joel-haeberli pushed a commit to branch master
in repository cashless2ecash.

The following commit(s) were added to refs/heads/master by this push:
     new 8103cce  save commit
8103cce is described below

commit 8103cce7a0467906d8a3e2f07667d3eb5e609578
Author: Joel-Haeberli <haebu@rubigen.ch>
AuthorDate: Thu May 30 13:24:36 2024 +0200

    save commit
---
 c2ec/wallee-client.go                              |   2 +-
 cli/go.mod                                         |   2 +-
 .../{e-security.tex => d-security.tex}             |  14 +++++++++-----
 docs/content/implementation/d-wallet.tex           |   1 -
 .../implementation/{f-cli.tex => e-cli.tex}        |   2 +-
 .../{f-testing.tex => e-testing.tex}               |   0
 .../{g-deployment.tex => f-deployment.tex}         |   0
 docs/project.bib                                   |  10 ++++++++++
 docs/thesis.pdf                                    | Bin 1775870 -> 1777509 
bytes
 docs/thesis.tex                                    |   9 ++++-----
 10 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/c2ec/wallee-client.go b/c2ec/wallee-client.go
index 1310ea7..a22bfc8 100644
--- a/c2ec/wallee-client.go
+++ b/c2ec/wallee-client.go
@@ -197,7 +197,7 @@ func (w *WalleeClient) Refund(transactionId string) error {
                Transaction: WalleeRefundTransaction{
                        Id: int64(decodedWalleeTransaction.Id),
                },
-               Type: "",
+               Type: "MERCHANT_INITIATED_ONLINE", // this type will refund the 
transaction using the responsible processor (e.g. VISA, MasterCard, TWINT, etc.)
        }
 
        _, status, err := HttpPost[WalleeRefund, any](url, hdrs, refund, 
NewJsonCodec[WalleeRefund](), nil)
diff --git a/cli/go.mod b/cli/go.mod
index 7ba65f5..4ffbc91 100644
--- a/cli/go.mod
+++ b/cli/go.mod
@@ -5,6 +5,7 @@ go 1.22.1
 require (
        github.com/jackc/pgx/v5 v5.5.5
        golang.org/x/crypto v0.22.0
+       gopkg.in/ini.v1 v1.67.0
 )
 
 require (
@@ -14,5 +15,4 @@ require (
        golang.org/x/sync v0.1.0 // indirect
        golang.org/x/sys v0.19.0 // indirect
        golang.org/x/text v0.14.0 // indirect
-       gopkg.in/ini.v1 v1.67.0 // indirect
 )
diff --git a/docs/content/implementation/e-security.tex 
b/docs/content/implementation/d-security.tex
similarity index 70%
rename from docs/content/implementation/e-security.tex
rename to docs/content/implementation/d-security.tex
index dc088dc..d636e4d 100644
--- a/docs/content/implementation/e-security.tex
+++ b/docs/content/implementation/d-security.tex
@@ -8,16 +8,20 @@ To review and validate the threat model, two cases were 
reviewed. The first mirr
 
 A WOPID can be abused triggering a confirmation or an abort request at the 
Terminals API or an abort request at the Bank-Integration API. 
 
-The first two cases are mitigated through the authentication of the terminals. 
When the EAV can somehow access the communication between a terminal and C2EC, 
the WOPID cannot be abused without also breaking the terminals credentials. 
What if the attacker decides to use the unauthenticated Bank-Integration API 
the wallet is normally using? The specification does not require some proof 
that the requester is the wallet. This could lead to tampering of the 
withdrawals in the time window of t [...]
+The confirmation or abort from the side of the terminal are mitigated through 
the authentication of the terminals. When the eavesdropping adversary (EAV) 
\cite{katz2020introduction} can somehow access the communication between a 
terminal and C2EC, the WOPID cannot be abused without also breaking the 
terminals credentials. What if the attacker decides to use the unauthenticated 
Bank-Integration API the wallet would normally use? The specification does not 
require some proof that the reque [...]
 
-\subsubsection{}
+\subsubsection{Trying to withdraw money without paying}
 
 This case is possible, when an attacker can trick the C2EC to have confirmed 
withdrawals in its withdrawal table, without having a real confirmation of the 
payment service provider. This means the attacker can steal money from the 
exchange. For this an attacker would need to have the possibility to somehow 
trick the confirmation process of C2EC to issue confirmation requestes against 
a backend controlled by the attacker. This backend would then confirm the 
withdrawal. This will lead to t [...]
 
+\subsubsection{Developer issues}
+
+Another problem could be developers introducing confirmation bugs. The 
confirmation process of a transaction must be considered as the holy grail from 
the perspective of the developers. If they do not take biggest care 
implementing the confirmation process, this could lead to loss of money on the 
side of the Exchange operator. The program should strictly disallow 
withdrawals, if it is not 100 percent guaranteed by the payment system provider 
that the state a transaction is in means that  [...]
+
 \subsection{Withdrawal Operation Identifier (WOPID)}
 \label{sec-security-wopid}
 
-The \textit{WOPID} is the achiles heel of the withdrawal operation and 
therefore needs great care when generated. When the \textit{WOPID} becomes 
somehow foreseeable, it opens the door for attackers allowing them to hijack 
the withdrawal from a remote location. Therefore the \textit{WOPID} needs to 
leverage high entropy sources to be generated. This is achieved by using the 
crypto random library of Go. The library is part of the standard library and 
gains entropy through the entropy sour [...]
+The \textit{WOPID} needs great care when generated. When the \textit{WOPID} 
becomes somehow foreseeable, it opens the door for attackers allowing them to 
hijack the withdrawal from a remote location or bully the operators by simply 
aborting any withdrawal. Therefore the \textit{WOPID} needs to leverage high 
entropy sources to be generated. This is achieved by using the crypto random 
library of Go. The library is part of the standard library and gains entropy 
through the entropy sources o [...]
 
 \subsection{Database Security}
 
@@ -25,7 +29,7 @@ The database is very important as it decides wether to allow 
a withdrawal or not
 
 \subsubsection{Storing credentials}
 
-Even if a database leak occurs, it shall be very hard for the attacker to 
access the API using the credentials stored in the database. This is why 
credentials are stored using the PBKDF \textit{argon2} 
\cite{password-competition-argon2}. \textit{Argon2} is the winner of the 
password hashing competition initiated by the cryptographer Jean-Philippe 
Aumasson \cite{password-competition-argon2}. It is a widely adopted best 
practice approach for hashing passwords. Storing the hash of the crede [...]
+Even if a database leak occurs, it shall be very hard for the attacker to 
access the API using the credentials stored in the database. This is why 
credentials are stored using the PBKDF \textit{argon2} 
\cite{password-competition-argon2}. \textit{Argon2} is the winner of the 
password hashing competition initiated by the cryptographer Jean-Philippe 
Aumasson \cite{password-competition-argon2}. It is a widely adopted best 
practice approach for hashing passwords. Storing the hash of the crede [...]
 
 \subsubsection{Access data through correct user}
 \label{sec-security-db-users}
@@ -66,7 +70,7 @@ The Wallee API specifies four Wallee specific headers which 
are used to authenti
     \item Path: The path of the requested URL including the query string (if 
any)
 \end{itemize}
 
-The resulting string must then be UTF-8 encoded according to RFC-3629 
\cite{rfc3629}.
+The resulting string must then be UTF-8 encoded according to RFC-3629 
\cite{rfc3629}. There are implementations of the mechanism in Java and other 
languages available. For Go it was implemented during the thesis.
 
 \subsubsection{Wallee User Access rights}
 
diff --git a/docs/content/implementation/d-wallet.tex 
b/docs/content/implementation/d-wallet.tex
deleted file mode 100644
index 1c6e6d6..0000000
--- a/docs/content/implementation/d-wallet.tex
+++ /dev/null
@@ -1 +0,0 @@
-\section{Wallet}
\ No newline at end of file
diff --git a/docs/content/implementation/f-cli.tex 
b/docs/content/implementation/e-cli.tex
similarity index 96%
rename from docs/content/implementation/f-cli.tex
rename to docs/content/implementation/e-cli.tex
index 46eabd1..eed2c6b 100644
--- a/docs/content/implementation/f-cli.tex
+++ b/docs/content/implementation/e-cli.tex
@@ -15,7 +15,7 @@ Adding a Wallee terminal can be achieved by using the 
\textit{rt} (register-term
 
 \subsection{Deactivating the terminal}
 
-To deactivate the terminal, the command \textit{dt} must be issued. It will 
ask for the \textit{terminal-user-id} of the terminal and then deactivate the 
specified terminal. The deactivation will be immediately and therefore helps to 
increase the security by allowing immediate action, when a terminal is come to 
be knwon hijacked, stolen or other fraud is detected specific to the terminal.
+To deactivate the terminal, the command \textit{dt} must be issued. It will 
ask for the \textit{terminal-user-id} of the terminal and then deactivate the 
specified terminal. The deactivation will be immediately and therefore helps to 
increase the security by allowing immediate action, when a terminal is come to 
be knwon hijacked, stolen or other fraud is detected specific to the terminal. 
To detect suspicious activity in production appropriate montioring tools could 
be installed to autom [...]
 
 \subsection{Setting up the Simulation}
 
diff --git a/docs/content/implementation/f-testing.tex 
b/docs/content/implementation/e-testing.tex
similarity index 100%
rename from docs/content/implementation/f-testing.tex
rename to docs/content/implementation/e-testing.tex
diff --git a/docs/content/implementation/g-deployment.tex 
b/docs/content/implementation/f-deployment.tex
similarity index 100%
rename from docs/content/implementation/g-deployment.tex
rename to docs/content/implementation/f-deployment.tex
diff --git a/docs/project.bib b/docs/project.bib
index b89d8a5..8536225 100644
--- a/docs/project.bib
+++ b/docs/project.bib
@@ -43,6 +43,16 @@
 
 }
 
+@book{katz2020introduction,
+  title={Introduction to Modern Cryptography},
+  author={Katz, J. and Lindell, Y.},
+  isbn={9781351133012},
+  series={Chapman \& Hall/CRC Cryptography and Network Security Series},
+  url={https://books.google.ch/books?id=RsoOEAAAQBAJ},
+  year={2020},
+  publisher={CRC Press}
+}
+
 @misc{pci-dss,
     author       = {PCI Security Standards Council},
     title        = {PCI Data Security Standard},
diff --git a/docs/thesis.pdf b/docs/thesis.pdf
index 069efc8..e6222e2 100644
Binary files a/docs/thesis.pdf and b/docs/thesis.pdf differ
diff --git a/docs/thesis.tex b/docs/thesis.tex
index 8864b9e..9c955eb 100644
--- a/docs/thesis.tex
+++ b/docs/thesis.tex
@@ -210,11 +210,10 @@
 \input{content/implementation/a-c2ec}
 \input{content/implementation/b-terminal}
 \input{content/implementation/c-database}
-\input{content/implementation/d-wallet}
-\input{content/implementation/e-security}
-\input{content/implementation/f-cli}
-\input{content/implementation/f-testing}
-\input{content/implementation/g-deployment}
+\input{content/implementation/d-security}
+\input{content/implementation/e-cli}
+\input{content/implementation/e-testing}
+\input{content/implementation/f-deployment}
 
 \chapter{Results}
 \input{content/results/discussion}

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]