From 26b59a90d22c34257a9a9921554bcc1e2e8ed83d Mon Sep 17 00:00:00 2001
From: Bernie Hoeneisen <bernie.hoeneisen@pep.foundation>
Date: Mon, 24 Jun 2019 22:52:24 +0200
Subject: [PATCH] added references

---
 .../draft-symeonidis-medup-requirements.mkd   | 31 +++++++++----------
 .../references/diaz-measuring-anonymity.mkd   | 19 ++++++++++++
 .../pfitzmann-terminology-privacy.mkd         | 13 ++++++++
 shared/references/tor-timing-attacks.mkd      |  8 +++++
 shared/references/unger-sok.mkd               |  2 +-
 5 files changed, 56 insertions(+), 17 deletions(-)
 create mode 100644 shared/references/diaz-measuring-anonymity.mkd
 create mode 100644 shared/references/pfitzmann-terminology-privacy.mkd
 create mode 100644 shared/references/tor-timing-attacks.mkd

diff --git a/medup-requirements/draft-symeonidis-medup-requirements.mkd b/medup-requirements/draft-symeonidis-medup-requirements.mkd
index 4036b7b2..e71ff1f3 100644
--- a/medup-requirements/draft-symeonidis-medup-requirements.mkd
+++ b/medup-requirements/draft-symeonidis-medup-requirements.mkd
@@ -155,7 +155,9 @@ https://autocrypt.org/background.html
 
 # Basic Functional Requirements
 
-This section outlines the functional requirements. We follow the requirements extracted from the literature on private emails and instant messaging~\cite{Unger,Ermoshina,Clark}
+This section outlines the functional requirements. We follow the
+requirements extracted from the literature on private emails and
+instant messaging {{Unger}}.
 
 * Message: send and receive message(s)
 * Multi-device support: synchronisation across multiple devices
@@ -241,11 +243,10 @@ can be from local controlling one point of the communication channel
 such as an entity or a communication link of the network. It can also
 be a global adversary controlling several entities and communication
 links of the channel, gaining the capability of correlating traffic
-such as in timing attacks even for end-to-end communication
-systems<!-- ~\cite{torwebsite:timing-attacks} -->. Therefore,
-confidentiality of messages exchanged in the system should be
-guaranteed with the use of encryption schemes such as symmetric,
-asymmetric, or homomorphic encryption.
+such as in timing attacks even for end-to-end communication systems
+{{Tor}}. Therefore, confidentiality of messages exchanged in the
+system should be guaranteed with the use of encryption schemes such as
+symmetric, asymmetric, or homomorphic encryption.
 
 
 ### Tampering With Data and Data Authentication
@@ -294,12 +295,11 @@ such as the message operators, the network node or third parties. To
 mitigate identifiability threats, the anonymity of users must be
 guaranteed. It is defined as the "Anonymity of a subject from an
 attacker’s perspective means that the attacker cannot sufficiently
-identify the subject within a set of subjects, the anonymity set"<!-- 
-~\cite{pfitzmann2010terminology} -->. Essentially, to enable
-anonymity, there is always need to be a set of possible subjects such
-that for an adversary the communicating user can be equally likely of
-any other user in the set<!-- ~\cite{DBLP:conf/pet/DiazSCP02}
--->. Thus, an adversary cannot deduce who is the originator of a
+identify the subject within a set of subjects, the anonymity set"
+{{Pfitzmann}}. Essentially, to enable anonymity, there is always need
+to be a set of possible subjects such that for an adversary the
+communicating user can be equally likely of any other user in the set
+{{Diaz}}. Thus, an adversary cannot deduce who is the originator of a
 message. Anonymity can be achieved with the use of pseudonyms and
 cryptographic schemes such as anonymous remailers (i.e., mixnets),
 anonymous communications channels (e.g., Tor), and secret sharing.
@@ -328,10 +328,9 @@ parties. In contrast to anonymity and unlinkability, where the
 relationship from an IOI to a user is preserved, undetectability is
 defined as "Undetectability of an item of interest (IOI) from an
 attacker’s perspective means that the attacker cannot sufficiently
-distinguish whether it exists or not."<!--
-~\cite{pfitzmann2010terminology} -->. Undetectability of IOIs can be
-guaranteed with the use of cryptographic schemes such as Mix-nets and
-obfuscation mechanisms such as dummy traffic.
+distinguish whether it exists or not." {{Pfitzmann}}. Undetectability
+of IOIs can be guaranteed with the use of cryptographic schemes such
+as Mix-nets and obfuscation mechanisms such as dummy traffic.
 
 
 ## Information disclosure -- confidentiality
diff --git a/shared/references/diaz-measuring-anonymity.mkd b/shared/references/diaz-measuring-anonymity.mkd
new file mode 100644
index 00000000..bc079239
--- /dev/null
+++ b/shared/references/diaz-measuring-anonymity.mkd
@@ -0,0 +1,19 @@
+  Diaz:
+#    target: 
+    title: Towards Measuring Anonymity
+    author:
+      -
+        name: Claudia Diaz
+        ins: C. Diaz
+      -
+        name: Stefaan Seys
+        ins: St. Seys
+      -
+        name: Joris Claessens 
+        ins: J. Claessens 
+      -
+        name: Bart Preneel
+        ins: B. Preneel
+    date: 2002
+    seriesinfo:
+      PET: Privacy Enhancing Technologies, Second International Workshop, San Francisco, CA, USA, April 14-15, 2002, Revised Papers, pp. 54-68
\ No newline at end of file
diff --git a/shared/references/pfitzmann-terminology-privacy.mkd b/shared/references/pfitzmann-terminology-privacy.mkd
new file mode 100644
index 00000000..f4e48aef
--- /dev/null
+++ b/shared/references/pfitzmann-terminology-privacy.mkd
@@ -0,0 +1,13 @@
+  Pfitzmann:
+    target: https://nyuscholars.nyu.edu/en/publications/sok-secure-messaging
+    title:  "A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management"
+    author:
+      -
+        name: Andreas Pfitzmann
+        ins: A. Pfitzmann
+      -
+        name: Marit Hansen
+        ins: M. Hansen
+    date: 2010
+    # seriesinfo:
+
diff --git a/shared/references/tor-timing-attacks.mkd b/shared/references/tor-timing-attacks.mkd
new file mode 100644
index 00000000..255e81dc
--- /dev/null
+++ b/shared/references/tor-timing-attacks.mkd
@@ -0,0 +1,8 @@
+  Tor:
+    target: https://blog.torproject.org/one-cell-enough-break-tors-anonymity/
+    title:  "One cell is enough to break Tor's anonymity"
+    author:
+        name: Tor Project
+#        ins: 
+    date: Accessed 2019-06
+    # seriesinfo:
diff --git a/shared/references/unger-sok.mkd b/shared/references/unger-sok.mkd
index 3ebed394..a55a9fb3 100644
--- a/shared/references/unger-sok.mkd
+++ b/shared/references/unger-sok.mkd
@@ -1,4 +1,4 @@
-  Unger.SoK:
+  Unger:
     target: https://nyuscholars.nyu.edu/en/publications/sok-secure-messaging
     title:  "SoK: Secure Messaging"
     author: