From fe7ae68ecd245eed92e5690bee3688928d674d14 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 12 Aug 2023 17:52:00 +0200 Subject: [PATCH] Add design document. Move all to docs. --- README.md | 4 +++- ctaphid.md => docs/ctaphid.md | 0 docs/design.md | 15 +++++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) rename ctaphid.md => docs/ctaphid.md (100%) create mode 100644 docs/design.md diff --git a/README.md b/README.md index 6e1d37c3..e9f660e7 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ e.g. due to being taken by other services, or requiring Administrator privileges). A CTAPHID vendor command number was selected to use (`0x70`), thus allowing for a compatible extension of any FIDO compliant device. -See [CTAPHID](ctaphid.md) for the further documentation regarding the NLnet funded CTAPHID extension. +See [CTAPHID](docs/ctaphid.md) for the further documentation regarding the NLnet funded CTAPHID extension. ### Further work @@ -119,6 +119,8 @@ Tasks and features still discussed to be done: ### Development +See [design](docs/design.md) document to see decisions taken to make the solution cohesive. + Use `dangerous_disable_encryption` Rust flag to disable data encryption for the debug purposes. E.g.: ```text diff --git a/ctaphid.md b/docs/ctaphid.md similarity index 100% rename from ctaphid.md rename to docs/ctaphid.md diff --git a/docs/design.md b/docs/design.md new file mode 100644 index 00000000..2c430ae8 --- /dev/null +++ b/docs/design.md @@ -0,0 +1,15 @@ +# Design + +The following design choices have been implemented to strike a balance between the secure utilization and +user-friendliness of the Secrets App project. These decisions originated from the YKOATH protocol and were compared with +alternative offline solutions. Throughout this process, the aim was to ensure a basic level of safeguarding against +malware threats by incorporating physical user presence confirmation for critical operations. + +[YKOATH]: https://developers.yubico.com/OATH/YKOATH_Protocol.html + +| | 1\. Daily use | 2\. Registration / modification | 3\. Factory Reset confirmation | 4\. PINs / passphrases | 5\. PIN change guard | 6\. Attack vector protection | 7\. Token validation period | Comments | +|------------------------|-------------------------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|------------------------|------------------------------|------------------------------|-------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Secrets App v0.10+ | Touch button if set, and/or
PIN if set on the Credential | Touch button always, before processing (to prevent PIN attempt counter use up). | Touch button | Single PIN only | Current PIN and Touch button | Local / Malware | Each request, where PIN is needed (per request) | Do not require PIN for user data, but offer such possibility. Keep all encrypted. PIN-encrypted Credentials are not listed until PIN is provided. Touch button should always protect PIN use to prevent local malware DOS attack. | +| Secrets App Next (TBD) | (no changes) | (no changes) | \- Touch button
\- Within 10 seconds of power cycle only
\- Significant UX event – LED animation red/blue blinking | (no changes) | (no changes) | (no changes) | (no changes) | (no changes) | + +