dkelly/nkode-landing-page
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated copy

Browse Source
This commit is contained in:
Donovan
2024-10-26 16:27:22 -05:00
parent b2847ed853
commit 8f86a1dd39
6 changed files with 134 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
404.html Normal file
View File

@@ -0,0 +1,17 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta name="apple-mobile-web-app-title" content="nKode Authentication Evolved">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>nKode</title>
<link rel="icon" type="image/png" href="assets/n.png"/>
<link rel="apple-touch-icon" href="assets/n.png">
</head>
<body>
404 Not Found
</body>
</html>

17
50x.html Normal file
View File

@@ -0,0 +1,17 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta name="apple-mobile-web-app-title" content="nKode Authentication Evolved">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>nKode</title>
<link rel="icon" type="image/png" href="assets/n.png"/>
<link rel="apple-touch-icon" href="assets/n.png">
</head>
<body>
Internal Server Error
</body>
</html>

25
deploy.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
TMP_WEBAPP_DIR=/tmp/nkode_landing_page/
TMP_TAR_DIR=/tmp/nkode_landing_page.tar
mkdir -p "$TMP_WEBAPP_DIR"
cp -r ./index.html "$TMP_WEBAPP_DIR"
cp -r ./404.html "$TMP_WEBAPP_DIR"
cp -r ./50x.html "$TMP_WEBAPP_DIR"
cp -r ./assets "$TMP_WEBAPP_DIR"
export COPYFILE_DISABLE=1
tar -cvf "$TMP_TAR_DIR" -C "$TMP_WEBAPP_DIR" .
rm -rf $TMP_WEBAPP_DIR
scp server_landing_page_deploy.sh dkelly@nkode.tech:/home/dkelly
scp "$TMP_TAR_DIR" dkelly@nkode.tech:/home/dkelly
rm $TMP_TAR_DIR
# Run the deploy.sh script on the remote server using SSH
# ssh dkelly@nkode.tech 'sudo bash /home/dkelly/server_landing_page_deploy.sh'

51
index.html
View File

@@ -39,7 +39,7 @@
</div>
<div class="ml-auto">
<button class="bg-orange-500 text-white py-2 px-4 rounded-full hover:bg-orange-600 transition duration-200 text-sm sm:text-lg">
<a href="https://www.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
<a href="https://app.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
</button>
</div>
</div>
@@ -70,7 +70,7 @@
</div>
<button class="bg-orange-500 text-white py-2 px-4 rounded-full hover:bg-orange-600 transition duration-200 text-sm sm:text-large">
<a href="https://www.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
<a href="https://app.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
</button>
</div>
</div>
@@ -79,11 +79,16 @@
</header>
<main>
<div class="mx-auto lg:max-w-3xl sm:max-w-xl max-w-sm mb-8">
<h2 class="text-4xl tracking-tight text-black py-24">
<div class="text-4xl tracking-tight text-black py-24">
<span class="text-orange-600 font-semibold">n</span>Kode is <span class="font-semibold">easier</span> to remember and more <span class="font-semibold">secure</span> than a password
</h2>
<div class="text-center mt-8">
<button class="bg-orange-500 text-white py-2 px-4 rounded-full hover:bg-orange-600 transition duration-200 text-sm sm:text-lg">
<a href="https://app.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
</button>
</div>
</div>
<section id="create-an-nkode" class="scroll-mt-24">
<h3 class="text-4xl">Create an nKode</h3>
<h3 class="text-4xl">How To Create an nKode</h3>
<p class="text-2xl mt-4">1. Enter your email</p>
<img class="w-3/4 mx-auto mt-8" src="assets/signup.png">
<h4 class="text-2xl">2. Set your nKode</h4>
@@ -108,17 +113,17 @@
</section>
<section id="how-nkode-works" class="scroll-mt-24">
<h3 class="text-4xl mt-8">How nKode Works</h3>
<h4 class="text-2xl mt-4">Interface Settings</h4>
<h4 class="text-2xl mt-4">Keypad Settings</h4>
<p>
Your nKode interface is configurable.
Under advanced settings, you can change the number of keys and the number of attributes per key.
(from this point forward, this document will use the term attribute instead of icon)
Your nKode keypad is configurable.
Under advanced settings, you can change the number of keys and the number of attributes (icon) per key.
From this point forward, we will use the term attribute instead of icon.
</p>
<img class="w-3/4 mx-auto mt-8" src="assets/advanced_settings.png">
<h4 class="text-2xl mt-4">Account Creation</h4>
<p>
The server is able to deduce your nKode from two entries.
Notice how, in the set and confirm images below, no attribute in the set nKode interface share a key with any other attribute in the confirm.
Notice how, in the set and confirm keypads below, no attribute in the set keypad share a key with any other attribute in the confirm keypad.
This is called an attribute dispersion.
</p>
<div class="flex flex-row">
@@ -127,26 +132,26 @@
</div>
<h4 class="text-2xl mt-4">Attribute Dispersion</h4>
<p>
The login interface looks different than the set and confirm interfaces.
The login keypad looks different from the set and confirm keypads.
It has three more attributes per key.
A dispersion is possible if the number of attributes per key is less than or equal to the total number of keys.
Since the login interface has more attributes per key than keys, we call this a dispersion-resistant interface.
If a malicious actor steals your interface, they can use your interface to phish for your nKode.
If the login interface was dispersable, an attack might go like this:
Since the login keypad has more attributes per key than keys, we call this a dispersion-resistant keypad.
If a malicious actor steals your keypad, they can use your keypad to phish for your nKode.
If the login keypad was dispersable, an attack might go like this:
</p>
<ol class="list-decimal list-inside mt-2 space-y-2">
<li>You click a malicious link from your email or text saying you need to authorize USPS to send you a package (or whatever the latest scam is today).</li>
<li>You're redirected to a site with your nKode interface requesting authorization with your nKode.</li>
<li>You're redirected to a site with your nKode keypad requesting authorization with your nKode.</li>
<li>You enter your nKode, but you're informed you entered the wrong nKode.</li>
<li>The attacker disperses your interface and requests you enter your nKode again.</li>
<li>The attacker disperses your keypad and requests you enter your nKode again.</li>
<li>You enter it again, and your nKode is stolen.</li>
</ol>
<p>
The greater the difference between the number of attributes per key and the number of keys, the greater the dispersion resistance, which comes with trade-offs.
If there are too few keys, it becomes easier to randomly enter keys and accidentally get into your account without actually knowing your nKode.
If you increase the number of keys without increasing the number of attributes per key, your interface becomes more dispersable.
If you have too many attributes and keys, the interface is too busy, which makes it challenging to find your attributes.
If you increase the number of keys without increasing the number of attributes per key, your keypad becomes more dispersable.
If you have too many attributes and keys, the keypad is too busy, which makes it challenging to find your attributes.
</p>
<h4 class="text-2xl mt-4">Server-Side Attributes</h4>
<p>
@@ -177,7 +182,7 @@
<div class="text-center mt-8">
<button class="bg-orange-500 text-white py-2 px-4 rounded-full hover:bg-orange-600 transition duration-200 text-sm sm:text-lg">
<a href="https://www.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
<a href="https://app.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
</button>
</div>
@@ -189,7 +194,7 @@
<p>
At the time of this writing, nKode is only a demo web application.
Ideally, all nKode authentication is done through a mobile application.
A mobile application can make nKode more secure by requiring passkeys and biometric authentication to get the nKode interface.
A mobile application can make nKode more secure by requiring passkeys and biometric authentication to get the nKode keypad.
This makes it very difficult to steal or use your nKode.
</p>
<h5 class="text-xl mt-4">1. MFA Prompt Bombing</h5>
@@ -205,10 +210,10 @@
Since a user has to look for their nKode, it prevents them from quickly typing in a passcode without thinking, giving them a chance to reconsider their decision. </p>
<h5 class="text-xl mt-4">2. Service Desk Social Engineering: Scattered Spider</h5>
<p>
An nKode interface is made from any visual attribute.
An nKode keypad is made from any visual attribute.
To make this more concrete, take a look at <a class="text-orange-600 underline" href="https://www.flaticon.com/search?word=abstract">Flaticon</a>.
If every employee at the service desk has a randomly generated interface from abstract visual attributes like those found on Flaticon, an employee would have difficulty explaining their nKode.
Moreover, this interface can be further protected with a 2FA keycard so only the employee can render their interface.
If every employee at the service desk has a randomly generated keypad from abstract visual attributes like those found on Flaticon, an employee would have difficulty explaining their nKode.
Moreover, this keypad can be further protected with a 2FA keycard so only the employee can render their keypad.
For an attacker to get a target's nKode, they'd have to be with the target, and the targeted employee would have to point to the attributes on their screen since they're difficult to describe in words.
The attacker must also steal the employee's 2FA keycard to render the login screen.
</p>

20
nginx.config → landing_page_nginx.config
View File

@@ -1,23 +1,23 @@
# Redirect all traffic from www.app.nkode.tech to app.nkode.tech
# Redirect all traffic from www.nkode.tech to nkode.tech
server {
listen 80;
server_name www.app.nkode.tech;
server_name www.nkode.tech;
return 301 https://app.nkode.tech$request_uri;
return 301 https://nkode.tech$request_uri;
}
# Redirect HTTP to HTTPS for app.nkode.tech
# Redirect HTTP to HTTPS for nkode.tech
server {
listen 80;
server_name app.nkode.tech;
server_name nkode.tech;
return 301 https://$host$request_uri;
}
# Main server block for app.nkode.tech with SSL and content configuration
# Main server block for nkode.tech with SSL and content configuration
server {
listen 443 ssl http2;
server_name app.nkode.tech;
server_name nkode.tech;
ssl_certificate /etc/letsencrypt/live/nkode.tech/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nkode.tech/privkey.pem;
@@ -39,7 +39,7 @@ server {
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
root /var/www/webapp;
root /var/www/nkode_landing_page;
index index.html;
# Routing for Flutter SPA
@@ -56,12 +56,12 @@ server {
# Error pages
error_page 404 /404.html;
location = /404.html {
root /var/www/webapp;
root /var/www/nkode_landing_page;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/webapp;
root /var/www/nkode_landing_page;
}
# Optional: Enable Gzip Compression

37
server_landing_page_deploy.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
APP_DIR=nkode_landing_page
TAR_FILE=nkode_landing_page.tar
# Check if the tar file exists
if [ ! -f $TAR_FILE ]; then
echo "Error: $TAR_FILE not found."
exit 1
fi
# Create the target directory if it doesn't exist
mkdir -p $APP_DIR
# Extract the contents of the tar file into the target directory
tar -xvf $TAR_FILE -C $APP_DIR
# Check if extraction was successful
if [ "$(ls -A $APP_DIR)" ]; then
echo "Extraction successful."
else
echo "Error: No files extracted into $APP_DIR."
exit 1
fi
# Remove the existing directory if it exists in /var/www
if [ -d /var/www/$APP_DIR ]; then
rm -r /var/www/$APP_DIR
fi
# Move the newly extracted directory to /var/www
mv $APP_DIR /var/www
# Restart Nginx to apply changes
systemctl restart nginx
echo "Deployment successful."