dlecan
commented
5 years ago Nice work!
polling the blockchain is able to grab the balance of A
You don't explain what it is for.
Also a possible way is to add some date to mitigate this kind of attack
Lifetime of the Nonce1 should be checked, and the shortest as possible. B may keep it in memory only for the lifetime of the process for example.
And you may have a retry process on "badNonce" errors.
Nonce2 might be completed with an issuing date, which allows B to calculate an expiration date of the 3rd request from A to B.
So B may keep in memory only Nonce2 not already expired.
And again, you may have a retry process on "badNonce" errors.
My 2 cents,
github-actions[bot]
AIP: TBD Title: Authentication scheme over ARK Authors: fx Thoorens Status: Draft Discussions-To: https://github.com/arkecosystem/AIPS/issues Address: TBD Type: Process Created: 2019-06-23 Last Update: 2019-06-23 Requires: AIP26
Preamble
This is a standardisation of authenticating using keys used by ARK networks token holders
Abstract
In order to expand the use of ARK it is necessary to be able to manage ID of when relationship have been constructed between people using ARK. This specification is dedicated to provide technical support for the following (but not limited to) processes:
This can be used in combination with message signing protocol..
Copyright
MIT License.
Specification
The main idea is to have a P2P protocol exchanging data for authentication. A few details are used to prevents from sidechannel attacks where some attacker may try to impersonate gathering enough info about previous use of this scheme. The
loginprotocol is as follow:Nonce1and sends an authentication token to sign in the formark://auth?provider=<B>&pk=<Publickey>&network=<Network>&nonce1=<Nonce1>ark://auth?pk=<Publickey>&network=<Network>&nonce1=<Nonce1>&nonce2=<Nonce2>asark://auth?provider=<B>&pk=<Publickey>&network=<Network>&nonce1=<Nonce1>&nonce2=<Nonce2>Addressof A and polling the blockchain is able to grab the balance of A.A special
emergency force logoutis also specified. This force logout is a security measure in case of A knowing that he has been compromised his private key. This security measure helps to force logout on all possible systems within a single signed message. B when received this message should immediately shutdown all access and mark the account has being hacked and take action accordingly. A special id tool can be implemented in order to create this emergency force logout and broadcast it to auth services. In this case, being able to connect a new publickkey to the new account is a difficult. 2-FA is recommended as a mean to prove the ownership of the account at B.Nonceand createsMessage=ark://auth?pk=<Publickey>&nonce=<Nonce>MessageasSignatureand broadcast <Message, Signature>For hardware implementation (signing with ledger), it is recommended to generate the (pseudo) random nonce and the message is hashed on hardware. The hardware should show Provider, Network to the user.
Rationale
Several Ark community members have already implemented Id-like scheme notably to vote with stakes (ACF). This design is meant to keep private the vote while being able to verify the votes. It is however weaker than voting using the vendorfield of a transaction since the vote can be verified by the voters.
The use of
Nonce2andProviderare 2 important data to mitigate with sidechannel attacks:Also a possible way is to add some date to mitigate this kind of attack. Open to discussions
Backwards Compatibility
Built to be compatible with AIP26
Reference Implementation
No reference implementation