Closed fix closed 2 years ago
Nice work!
polling the blockchain is able to grab the balance of A
You don't explain what it is for.
Also a possible way is to add some date to mitigate this kind of attack
Lifetime of the Nonce1
should be checked, and the shortest as possible. B may keep it in memory only for the lifetime of the process for example.
And you may have a retry process on "badNonce" errors.
Nonce2
might be completed with an issuing date, which allows B to calculate an expiration date of the 3rd request from A to B.
So B may keep in memory only Nonce2
not already expired.
And again, you may have a retry process on "badNonce" errors.
My 2 cents,
Stale issue message
AIP: TBD Title: Authentication scheme over ARK Authors: fx Thoorens Status: Draft Discussions-To: https://github.com/arkecosystem/AIPS/issues Address: TBD Type: Process Created: 2019-06-23 Last Update: 2019-06-23 Requires: AIP26
Preamble
This is a standardisation of authenticating using keys used by ARK networks token holders
Abstract
In order to expand the use of ARK it is necessary to be able to manage ID of when relationship have been constructed between people using ARK. This specification is dedicated to provide technical support for the following (but not limited to) processes:
This can be used in combination with message signing protocol..
Copyright
MIT License.
Specification
The main idea is to have a P2P protocol exchanging data for authentication. A few details are used to prevents from sidechannel attacks where some attacker may try to impersonate gathering enough info about previous use of this scheme. The
login
protocol is as follow:Nonce1
and sends an authentication token to sign in the formark://auth?provider=<B>&pk=<Publickey>&network=<Network>&nonce1=<Nonce1>
ark://auth?pk=<Publickey>&network=<Network>&nonce1=<Nonce1>&nonce2=<Nonce2>
asark://auth?provider=<B>&pk=<Publickey>&network=<Network>&nonce1=<Nonce1>&nonce2=<Nonce2>
Address
of A and polling the blockchain is able to grab the balance of A.A special
emergency force logout
is also specified. This force logout is a security measure in case of A knowing that he has been compromised his private key. This security measure helps to force logout on all possible systems within a single signed message. B when received this message should immediately shutdown all access and mark the account has being hacked and take action accordingly. A special id tool can be implemented in order to create this emergency force logout and broadcast it to auth services. In this case, being able to connect a new publickkey to the new account is a difficult. 2-FA is recommended as a mean to prove the ownership of the account at B.Nonce
and createsMessage
=ark://auth?pk=<Publickey>&nonce=<Nonce>
Message
asSignature
and broadcast <Message, Signature>For hardware implementation (signing with ledger), it is recommended to generate the (pseudo) random nonce and the message is hashed on hardware. The hardware should show Provider, Network to the user.
Rationale
Several Ark community members have already implemented Id-like scheme notably to vote with stakes (ACF). This design is meant to keep private the vote while being able to verify the votes. It is however weaker than voting using the vendorfield of a transaction since the vote can be verified by the voters.
The use of
Nonce2
andProvider
are 2 important data to mitigate with sidechannel attacks:Also a possible way is to add some date to mitigate this kind of attack. Open to discussions
Backwards Compatibility
Built to be compatible with AIP26
Reference Implementation
No reference implementation