diff --git a/tabletop-discussion.md b/docs/tabletop-discussion.md similarity index 56% rename from tabletop-discussion.md rename to docs/tabletop-discussion.md index 0a13834..6dc5fee 100644 --- a/tabletop-discussion.md +++ b/docs/tabletop-discussion.md @@ -2,13 +2,13 @@ ## Documentation and Tutorials -1. [Enrollment](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/enrollment_diagram.md) -2. [Login](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/login_diagram.md) -3. [Cipher and Renew](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/encipher_decipher_renew_nkode.md) -4. [nKode API Tutorial 1](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Simplified.ipynb) -5. [nKode API Tutorial 2](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Detailed.ipynb) -6. [Dispersion Tutorial](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Dispersion.ipynb) -7. [Split Shuffle](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Split_Shuffle.ipynb) +1. [Enrollment](enrollment_diagram.md) +2. [Login](login_diagram.md) +3. [Cipher and Renew](encipher_decipher_renew_nkode.md) +4. [nKode API Tutorial 1](../notebooks/Enrollment_Login_Renewal_Simplified.ipynb) +5. [nKode API Tutorial 2](../notebooks/Enrollment_Login_Renewal_Detailed.ipynb) +6. [Dispersion Tutorial](../notebooks/Dispersion.ipynb) +7. [Split Shuffle](../notebooks/Split_Shuffle.ipynb) ## Discussion Topics ### nKode Length @@ -38,36 +38,33 @@ | *APT | *Don't wait for garbage collector, manage timeouts | | Phishing | Dispersion Resistant Keypad, nKode policy, passkey protected keypad icons | | *MiTM | TLS, *TOTP shuffle, *DARC | + *not implemented yet/needs another look #### asks for Dr. Kandah - Evil nKode screen watching/key replay - - Can we rig the shuffle in our favor? How long do we need to cache? - - shoulder surfing - - Keylogger resistance - - split shuffle is unbiased + - Given a particular policy and keypad size: + - what is the probability of a key replay? + - what trade-offs are made between key replay and cracking an nkode? + - Is the split shuffle unbiased? + - Can we rig the shuffle in our favor with keypad caching or other techniques? - Dispersion Attack/Phishing attack - - CAC/passkey protection for server stored icons - is the dispersion algorithm unbiased? + - Develop a modified dispersion algorithm to phish a dispersion resistant keypad - validate the cipher - validate the server-side values - validate the relationship between the mask and the hash - validate the renewal - - are these processes secure? -- Minium amount of encryption needed - - Least encryption:brute force crack with plain text database breach - - Most encryption: everything is encrypted - - Is there an secure inbetween? what stays plain text what gets encrypted with HSM? - - How long does it take to brute-force with plain and what's gained? -- how often do nkode icons need to be changed to maintain security if at all? - - if it does need to be changed can we roll the icons? can we start with 4 icons and add icons over time? + - are these processes/algorithms secure? +- What is the minimum amount of encryption needed to secure user's nkodes against a full/partial database exfiltration + - How long will it take to brute force a hash with a full plain text breach of the database and what's gained? +- How often do nkode icons need to be changed to maintain security if at all? + - if it does need to be changed can we start with 4 icons and add icons over time then roll the icons (drop the first icons and append a new one) after reaching a max size? - Low-bandwidth: how low can we go? - TCP vs UDP - Security of RX/TX without tls/encrypted channel -- Hypothetical: Break the cipher keys onto different machines in different locations? -- TOTP shuffle on client and server - +- Hypothetical: What security gains are made if we split the cipher keys into multiple parts and put them on different machines in many locations? Other stuff: - unbiased icons/psychology \ No newline at end of file diff --git a/notebooks/Enrollment_Login_Renewal_Simplified.ipynb b/notebooks/Enrollment_Login_Renewal_Simplified.ipynb index e980273..0394de6 100644 --- a/notebooks/Enrollment_Login_Renewal_Simplified.ipynb +++ b/notebooks/Enrollment_Login_Renewal_Simplified.ipynb @@ -19,12 +19,12 @@ "metadata": { "collapsed": false, "ExecuteTime": { - "end_time": "2025-03-27T19:17:34.809483Z", - "start_time": "2025-03-27T19:17:34.735988Z" + "end_time": "2025-03-28T15:06:18.878127Z", + "start_time": "2025-03-28T15:06:18.874618Z" } }, "outputs": [], - "execution_count": 1 + "execution_count": 30 }, { "metadata": {}, @@ -44,8 +44,8 @@ "policy = NKodePolicy(\n", " max_nkode_len=10,\n", " min_nkode_len=4,\n", - " distinct_positions=0,\n", - " distinct_properties=4,\n", + " distinct_positions=0, # complexity\n", + " distinct_properties=4, # disparity\n", ")\n", "keypad_size = KeypadSize(\n", " numb_of_keys = 5,\n", @@ -57,12 +57,12 @@ "metadata": { "collapsed": false, "ExecuteTime": { - "end_time": "2025-03-27T19:17:34.878585Z", - "start_time": "2025-03-27T19:17:34.817604Z" + "end_time": "2025-03-28T15:06:18.896461Z", + "start_time": "2025-03-28T15:06:18.891125Z" } }, "outputs": [], - "execution_count": 2 + "execution_count": 31 }, { "metadata": {}, @@ -81,8 +81,8 @@ { "metadata": { "ExecuteTime": { - "end_time": "2025-03-27T19:17:34.918050Z", - "start_time": "2025-03-27T19:17:34.914192Z" + "end_time": "2025-03-28T15:06:18.914254Z", + "start_time": "2025-03-28T15:06:18.911798Z" } }, "cell_type": "code", @@ -91,7 +91,7 @@ "signup_session_id, set_keypad = api.generate_signup_keypad(customer_id, username)" ], "outputs": [], - "execution_count": 3 + "execution_count": 32 }, { "metadata": {}, @@ -104,8 +104,8 @@ { "metadata": { "ExecuteTime": { - "end_time": "2025-03-27T19:17:34.928470Z", - "start_time": "2025-03-27T19:17:34.926257Z" + "end_time": "2025-03-28T15:06:18.931791Z", + "start_time": "2025-03-28T15:06:18.929028Z" } }, "cell_type": "code", @@ -115,7 +115,7 @@ "selected_keys_set = select_keys_with_passcode_values(passcode_property_indices, set_keypad, keypad_size.numb_of_keys)" ], "outputs": [], - "execution_count": 4 + "execution_count": 33 }, { "metadata": {}, @@ -128,31 +128,19 @@ { "metadata": { "ExecuteTime": { - "end_time": "2025-03-27T19:17:35.223175Z", - "start_time": "2025-03-27T19:17:34.978825Z" + "end_time": "2025-03-28T15:06:19.247638Z", + "start_time": "2025-03-28T15:06:18.938601Z" } }, "cell_type": "code", "source": [ - "confirm_keypad = api.set_nkode(username, customer_id, selected_keys_set, signup_session_id)\n", + "confirm_keypad = api.set_nkode(customer_id, selected_keys_set, signup_session_id)\n", "selected_keys_confirm = select_keys_with_passcode_values(passcode_property_indices, confirm_keypad, keypad_size.numb_of_keys)\n", - "success = api.confirm_nkode(username, customer_id, selected_keys_confirm, signup_session_id)\n", + "success = api.confirm_nkode(customer_id, selected_keys_confirm, signup_session_id)\n", "assert success" ], - "outputs": [ - { - "ename": "TypeError", - "evalue": "NKodeAPI.set_nkode() takes 4 positional arguments but 5 were given", - "output_type": "error", - "traceback": [ - "\u001B[0;31m---------------------------------------------------------------------------\u001B[0m", - "\u001B[0;31mTypeError\u001B[0m Traceback (most recent call last)", - "Cell \u001B[0;32mIn[5], line 1\u001B[0m\n\u001B[0;32m----> 1\u001B[0m confirm_keypad \u001B[38;5;241m=\u001B[39m \u001B[43mapi\u001B[49m\u001B[38;5;241;43m.\u001B[39;49m\u001B[43mset_nkode\u001B[49m\u001B[43m(\u001B[49m\u001B[43musername\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43mcustomer_id\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43mselected_keys_set\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43msignup_session_id\u001B[49m\u001B[43m)\u001B[49m\n\u001B[1;32m 2\u001B[0m selected_keys_confirm \u001B[38;5;241m=\u001B[39m select_keys_with_passcode_values(passcode_property_indices, confirm_keypad, keypad_size\u001B[38;5;241m.\u001B[39mnumb_of_keys)\n\u001B[1;32m 3\u001B[0m success \u001B[38;5;241m=\u001B[39m api\u001B[38;5;241m.\u001B[39mconfirm_nkode(username, customer_id, selected_keys_confirm, signup_session_id)\n", - "\u001B[0;31mTypeError\u001B[0m: NKodeAPI.set_nkode() takes 4 positional arguments but 5 were given" - ] - } - ], - "execution_count": 5 + "outputs": [], + "execution_count": 34 }, { "metadata": {}, @@ -166,8 +154,8 @@ { "metadata": { "ExecuteTime": { - "end_time": "2025-03-27T19:17:35.258024Z", - "start_time": "2025-03-24T20:25:00.973454Z" + "end_time": "2025-03-28T15:06:19.559753Z", + "start_time": "2025-03-28T15:06:19.254675Z" } }, "cell_type": "code", @@ -178,7 +166,7 @@ "assert success" ], "outputs": [], - "execution_count": 13 + "execution_count": 35 }, { "metadata": {}, @@ -194,8 +182,8 @@ { "metadata": { "ExecuteTime": { - "end_time": "2025-03-27T19:17:35.259102Z", - "start_time": "2025-03-24T20:25:01.209950Z" + "end_time": "2025-03-28T15:06:20.181548Z", + "start_time": "2025-03-28T15:06:19.568067Z" } }, "cell_type": "code", @@ -207,7 +195,24 @@ "assert success" ], "outputs": [], - "execution_count": 14 + "execution_count": 36 + }, + { + "metadata": { + "ExecuteTime": { + "end_time": "2025-03-28T15:06:20.500050Z", + "start_time": "2025-03-28T15:06:20.194912Z" + } + }, + "cell_type": "code", + "source": [ + "login_keypad = api.get_login_keypad(username, customer_id)\n", + "selected_keys_login = select_keys_with_passcode_values(passcode_property_indices, login_keypad, keypad_size.props_per_key)\n", + "success = api.login(customer_id, username, selected_keys_login)\n", + "assert success" + ], + "outputs": [], + "execution_count": 37 } ], "metadata": {