PhD project ideas

Dashamir Hoxha dashohoxha at gmail.com
Tue Jun 12 00:05:47 CEST 2018 

On Mon, Jun 11, 2018 at 8:20 AM, Andre Heinecke <aheinecke at intevation.de>
wrote:

> Hi,
>
> On Saturday, June 9, 2018 2:51:23 PM CEST Dashamir Hoxha wrote:
> > I don't know what is WKD, and Keybase as far as I know is centralized, it
> > is not distributed.
>
> WKD is the Web Key Directory [1][2] so that you can do with recent
> versions of
> GnuPG a:
>
> "gpg --locate-key aheinecke at intevation.de"
>
> Which then gets the key from intevation.de without a keyserver and
> without a
> walkable directory.
>

This seems interesting. I will look at WKD closer.
Any P2P solution for sharing keys would be better than keyservers, in my
opinion.


>
> As for other projects maybe some ideas:
> - A look at the trustmodels of OpenPGP with maybe ideas how to improve
> them or
> their usage.
> - Usability studies of OpenPGP MUA's and comments / improvements about
> this.
> (Why Johnny still still can't encrypt) Here with the focus on concrete
> suggestions what to imrpove.
> - Private key sync between multiple devices.
> - Private key backup that is understandable to users who generally only
> know
> recoverable passwords as secret.
>

These ideas seem interesting too. I have been thinking myself about how to
make
GnuPG more easy and more accessible to people, so that it becomes a part
of normal everyday life. For example nowadays even very old people and very
young children have learned to use smartphones as a part of their everyday
life.
Who would have thought this a few years ago (myself I have started to use
a smartphone almost a year ago).
Can we make GnuPG part of the everyday life?

A few months ago I applied for PhD to a university with a research project
about this,
but I was not accepted. Maybe I applied to the wrong university. I will
append a copy
of the project idea at the end of this message.

Recently I have learned that people interested on Privacy Enhanced
Technologies
have a special mailing list where they post announcements about conferences,
PhD positions, jobs etc. that are related to this topic. I don't know if
there is any similar
mailing list about the PGP/GPG topics.

Regards,
Dashamir

--------------- project idea about making gnupg more popular
---------------------

I have been interested on digital signatures, as an essential tool for
enabling and supporting the
digital identity and establishing a secure relationship between the people
on the real world and digital
documents. This is crucial for creating trust and security on the digital
world and for building a digital
society.

Without digital signatures we cannot be sure that digital documents are
original and we cannot be sure
about their real author (they can be corrupted and manipulated). Without
these guaranties, digital
documents can never be considered official. So, despite using computers,
digital systems and digital
documents, we always have to rely on the hard copies of the documents and
keep them around for official
purposes, since we can’t fully trust the digital documents. This means that
we will never be able to build
totally digital systems for institutions and organizations, free from
papers and hard-copy documents.

I have also written an article that discusses and summarizes these issues,
makes a comparison between
the two authentication models, X.509 and OpenPGP, and makes a few proposals
for solving existing
issues: The Digital Signature and the X.509/OpenPGP Authentication Models
https://www.researchgate.net/publication/317176950_The_Digital_Signature_and_the_X509OpenPGP_Authentication_Models

The technology and tools for making digital signatures have been available
since a long time. The legal
framework for recognizing digitally signed documents as valid for official
purposes does exist since many
years. However we still don't see a widespread usage of digital signatures
on everyday life. For example
very few people use digital signatures to secure their email
communications. It is even less used while
exchanging digital documents between businesses, organizations, or with
government institutions.

There are clearly some problems that prevent the adaptation of the digital
signature technology on the
everyday life. Some of these problems may be:
- The existing tools for making digital signatures are not enough
user-friendly to be used by common
people.
- The existing infrastructure that supports digital identities and their
verification/validation is not
adequate to support the everyday life use-cases.
- There is a lack of literacy about the digital signature and the available
tools, and people don't really
know why or how to use them.

I have been interested for a long time about these issues and how to solve
them. In the past years I have
even developed a tool, called EasyGPG, which tries to solve the first issue
mentioned above (making tools
easy to use). It is a set of shell scripts that wrap GnuPG and try to make
it more accessible and easy to
use: https://github.com/EasyGnuPG/egpg

If I get the chance to do my doctoral studies on your university, my
objective would be
to study and try to find adequate solutions for these problems.

More specifically, I will study in more details any existing tools that
help to ensure security and trust on the
digital world, including asymmetric cryptography, digital signature tools
and infrastructures, blockchain
technologies, etc.

Then I will try to design a system that applies these tools and
technologies to solve a real world
problem. For example, it can be a digitized notary office, which allows the
notary to legalize a digital
document by signing it with his digital signature. It can also help his
clients to sign a digital contract with
their digital signatures, which then can be stamped and legalized by the
notary through his digital
signature. The notary himself can also help his clients to create their
digital certificates (with which they
can sign their digital documents), and he can check, verify, and sign these
digital certificates. Since the
notary is a public, well known, and trusted person, the digital
certificates verified and signed by him
can also be trusted by other parties (institutions, partners, other
notaries, etc.)

I will also try to build a working prototype or a first version of this
software. And of course I will try to make
it as easy as possible, both for the notaries and for the clients, so that
they find its usage intuitive and
natural. In the long term, this may be the beginning of a start-up company,
because the software will need
to be maintained and improved, the notary offices may need training and
support, the infrastructure may
need maintenance, etc.

It seems to me that this is an innovative project, which helps to transfer
advanced technologies to the real
world domain, where they can be accessible and available to everybody on
their normal everyday life. If it
succeeds, it may have a fundamental impact on the society and build a
bridge to a fully digitized society.

----------- end of project idea ----------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180612/0503e252/attachment-0001.html>

More information about the Gnupg-devel mailing list