Is this security scheme using passwords, short-lived access JWTs, and long-lived refresh tokens a good way to secure a REST API?

I’m trying to secure a REST API that I’m using as a backend for a single-page application. The API provides access to read/create/modify/delete protected resources, based on a set of permissions managed by an administrator. What I’m thinking is the following:

  • All connections must be over HTTPS; plain HTTP requests will be redirected to HTTPS.
  • Users have a username and password, which they create.
  • A client submits a username/password to a /login route; if it’s a valid password for that user, the server will return a short-lived access token and a long-lived refresh token.
    • The access token will be a signed JWT that identifies the user and has an expiration time.
    • The refresh token will be a GUID corresponding to a row in a database table; this row will store the user ID
  • When accessing protected routes (everything but /login), an access token will be required. The server will verify the signature, and if valid, will check the expiration time. If the token is not expired, the user ID will be made available to server-side code for authorization logic.
  • If the access token is expired, the client will automatically submit the refresh token to a /refresh endpoint for requesting a new access token. The server will check the database; if a corresponding row still exists, a new access token will be returned to the client.

Does this scheme sound secure?

How secure is this scheme?


Introduction of the cryptosystem

Let’s say we have a system with a central server SRV that is considered secure (communication with this server is secured too with TLS).

Then let’s say we have many clients CLIENT which are supposed to be secure too (their firmware is encrypted with a per-client unique, non readable key)

Finally, we have some tag TAG that can store some data unencrypted and only one secret item with a key of our choice. The TAG contains a unique identifier but this can be spoofed.

The communication between CLIENT and TAG is unsecure (can be eavesdropped). Yet, the TAG contains a authentication scheme that can be used to certify CLIENT knows the same secret key that’s stored in the TAG and prevent reading the secret item if the authentication failed.

Authentication does not reveal the secret key.

So for a simple diagram, it looks like this:

           SRV          //   \      CLIENT1  CLIENT2  --- TAG1                       \__ TAG2   // double line means secure communication, simple line means insecure communication 

I want to perform the following features:

  1. A TAG could be enrolled on any CLIENT
  2. The CLIENT learn the TAG and store some identifying information in its own memory and also on the SRV. It can store information in the TAG too.
  3. The CLIENT should recognize an already enrolled TAG securely without connecting to the SRV
  4. Another CLIENT should recognize a TAG that its has not enrolled by connecting to the SRV
  5. The CLIENT should allow to forget an enrolled TAG (with or without connection the SRV) and when this happens, such TAG should not be accepted anymore on another CLIENT

Please notice that I can’t use the TAG‘s unique identifier because it’s not unique (one can spoof such identifier either by reading the TAG or by emulating a TAG), so storing the TAG UID in the CLIENT and/or SRV is not safe.

Also, using a common shared secret between CLIENT and SRV to store on the TAG secret’s area is not safe either since any tag emulator will capture such secret when it’s programmed on the TAG‘s secret key (this is done in clear).

Proposed solution

I’m thinking of using Shamir’s secret sharing SSS here with the number of share set to 2 and the number of part set to 3.

Typically, the enrolling process is:

  1. Read the TAG UID as TagUID
  2. Read some data in the unsecure area as KeyTag
  3. If KeyTag is not empty, exit enrolling
  4. Pick a random Key
  5. Use SSS with Key to make 3 parts: KeyTag, KeyClient, KeySrv
  6. Write KeyClient in CLIENT memory for the TagUID
  7. Write KeyTag in the unsecure area of the TAG
  8. Send (TagUID => KeySrv) to SRV for remote storage
  9. Write Key to the Tag secure vault (so next authentications will require such key)
  10. Store some ID/signature/HMAC/Whatever in the TAG‘s secret area

The TAG recognition process is like this:

  1. Read the TagUID from the TAG
  2. Read KeyTag from the TAG unsecure area
  3. If there is a KeyClient for such TagUID in CLIENT memory,

    2.1 Compute Key from SSS(KeyClient, KeyTag)

  4. Else

    3.1 Query SRV for KeySrv for such TagUID 3.2 Compute Key from SSS(KeySrv, KeyTag)

  5. Authenticate with Key
  6. Read ID/signature/HMAC from the secure area, and check it’s valid.

The TAG forget process is:

  1. Read TagUID
  2. If connected, remove such TagUID from SRV
  3. Erase KeyTag from the TAG
  4. Authenticate with the TAG (following the previous process)
  5. Erase secure area from the TAG
  6. Erase authentication from the TAG
  7. Remove KeyClient for this TagUID in CLIENT memory

This scheme seems secure from the many scenario I’ve thought about, yet I need some expert checking here for what I might have overlooked.

Here are the cases I’ve thought about:

  1. When used with a tag emulator, one could intercept the random Key for a given TAG but that should not compromise the security of the other tags or other clients. That is, such emulator when used on other CLIENT will be detected as a valid TAG, yet it can’t read any other TAG nor inpersonate them.
  2. If the CLIENT is disconnected from the SRV while forgetting a TAG, it’ll still wipe the TAG thus there will be no more a KeyTag on it and as such it can’t be decoded anymore. Here the SRV could contain stale TagUID, KeySrv combination, but that should not hurt.
  3. An emulator providing wrong KeyTag does not gain anything since computed Key will not pass authentication and it’s not possible to read a TAG‘s Key once programmed. Thus, the ID/signature/HMAC reading will not pass.
  4. A attacker opening a CLIENT would not get any information since there is no common secure key in the CLIENT for all tags. At best, she could get the vault of KeyClient for each TAG but in order to gain advantage, it would also need the KeyTag for each TAG.
  5. Any eavesdropping on the CLIENT/SRV communication should not reveal anything, since it’s protected by TLS.

Did I miss anything ?

Register application as a default one for a standard URI scheme

I’m adding support for handling telnet:// links to my application, what is the best way in regards to the user experience for doing so?

The application runs on Windows, macOS, and Linux, and doesn’t have “wizard” installers on any of them. On Windows, double-clicking the application uses the standard Squirrel installer (think Atom, Github Desktop, etc) – which just shows a gif while installing and then launches the application. As hassle-free as you can be, and it’s a similar experience on macOS and Linux.

This leaves a dilemma, what to do with the URI registration?

  • if it’s to only be done via preferences, then of course the question is do we enable it by default or no
  • if it’s not enabled by default, users for the large part have no reason to enable it, so most won’t have it on and thus the telnet:// handling will be pointless
  • if it is enabled by default, and that happens to override another application that’s already registered, then we’ll be a bad citizen
  • if we ask the user on the first launch what to do: well, the first launch is an overwhelming experience as it is, getting asked about telnet:// handling will just add to that

Happy to hear thoughts and feedback on this, thanks!

How does MariaDB’s ed25519 auth scheme work?

Newer versions of MariaDB (a MySQL database server fork) have a new password based auth scheme called “ed25519”. The docs are very sparse regarding how it works and what it does.

https://mariadb.com/kb/en/library/authentication-plugin-ed25519/

What is the value stored in the database? How is it generated from the password? What is the value sent by the client to the server on login? How is it generated from the password? Is the scheme secure to use without TLS? How resistant is it against password dumps? What is the correct full name of this auth scheme? Is it used by anything else besides MariaDB? Are there other implementations?

What is wrong with my electronic voting scheme? [on hold]

I am a theoretical physicist (a PhD candidate) and try to learn about cryptography as a hobby. One of the interesting aspects I had found is that many respectable scientists say that electronic voting is not safe, and so I started to follow the arguments which they use. For example, submitting the trust to authority to do their job honestly or sacrificing anonymity. Or impossibility to deal with anonymous bribers on the internet. However, a formal proof for that did not exist, so was interested if I could design a better e-voting system which would be anonymous, transparent and had a mechanism to fight bribery and coercion.

The setup

  • The citizen receives an ID card with PIN code
  • The card holds a private key and a random string burned in during the production of the card. Additionally the card has a log file for the signatures which had been made. (needed to prevent identity theft).
  • The public key is made public without relation to identity during the delivery of the card to the person. For preventing tampering of the ledger, the person would sign a previous newest public key from the public key list. In the process, the citizen checks if the device contains the correct private key and the algorithm. To prevent unauthorized keys to be registered within the ledger, the person’s ID data like a name, place of residence (like a town without specific address), first digits from a phone number is submitted to another database, which would be made public. That would allow citizens to check the legitimacy and enable an option to choose a paper ballot. Also another preventative option is that the key is signed by a public key already in the ledger.

Voting

The citizen has a device with display and numpad, which interfaces the ID card. No internet connection is allowed to prohibit malware. The voting for a user happens after the following steps:

  • User unlocks the card with his PIN code
  • User inputs the information about the vote to be cast.
  • The ID card calculates the hash sum from the information.
  • The message contains a hash sum and a random number (generated during the software burning process).
  • A private key signs the message. The signature contains the full message and its encryption.
  • The person sends the message anonymously (for example using Tor) to one of many vote collecting sites or a physical ballot box. (necessary to prevent DDOS attacks).
  • The voter checks anonymously that the vote had been delivered and recognized as valid in a centralized public ledger.

Counting

The public ledger contains signatures. On the other ledger, we have public keys which must have been used for a valid vote. So the steps are as follows:

  • For each signature, a valid public key is found from the ledger by looping through all of them.
  • The valid signatures are published to a centralized public ledger with a corresponding public key.
  • Then – count. A protocol for changing the vote can be implemented.

Antibribery and anti-coercion mechanism

The power of anonymity on the internet is the greatest weakness for many electronic voting schemes as it is so easy to buy votes without dealing with consequences. Here I propose a defence based on activists will to look for the bribery places and to sell their votes so in the process depleting bribers capital. Afterwards, when the transaction is made, activists submit their real ballots. That could be done in secrecy to prevent bribers from gaining the knowledge of the list of activists for the next elections.

To distinguish free votes from coerced votes another login for ID card can be made where the random string added to the message would be known to the department which keeps order. The voter could have been given a choice to select the police department, which he trusts that would not leak the information to the bribers. The steps to set up such system thus are:

  • The voter creates a new login to the ID card and chooses a PIN2 code for that.
  • A new login also requires to input the random string which the card adds for the message before signing. That the voter generates on the local computer to have a cryptographic strength.
  • He then generates another random number and makes a signature on this random number.

The voter goes to the police department, which he trusts and gives the signature to them for safekeeping.

  • The police department puts the signature in a secure database.
  • Then they generate a hash sum of the signature which they put in a public ledger.
  • The voter gets a certificate in a paper form in case the police department fails to recognize the right to change the vote after the elections.

Now to perform a fake vote, the voter does all the steps from the voting section, but only with the PIN2 code. The police department would scan the ledger continuously for the random strings and would do it’s duty when the vote would have been found. It is also pretty clear that no one would dare exploit social relations to collect card and PIN code as there is no way to distinguish real one from the fake one.

what color scheme to choose for background color of diffrent section in one page website?

I have a one page website, that’s one page have different sections like about and contact us sections so I was learning about color wheel schemes but it is still unclear for if I should use complementary or analogue scheme for successive sections of the website. would you please guide me with some explanation? although I noticed that many pages uses only white and gray background for different successive pages, why?

Inclusive notification scheme incorporated into design systems

It seems like the standard RED, YELLOW, GREEN and BLUE colours are used in notification schemes/styles in the most popular development frameworks like Material.io and Bootstrap.

Of course, colours shouldn’t be used by itself as a UI design element, but the standardization of the RED and GREEN combination in a colour palette reduces the effectiveness of other design elements to distinguish between different statuses in the notification scheme/style.

Are there examples of design systems or development frameworks where the notification scheme/style takes into consideration of the common issues:

  • Red and green colour blindness (and other forms of colour blindness)
  • A low contrast (i.e. bright or feint) yellow
  • simple and clear iconography to complement the notification colour scheme