Luca Security Concept

Overview

Luca Security Concept

This is the document source of luca's security concept. Please go here for the HTML version: https://luca-app.de/securityconcept

Getting in Touch

We're interested in your feedback! Please start discussions or participate in the "Discussions" section of this repository.

Despite the document's language being English, please feel free to open discussions in either German or English. Whatever you're more comfortable with.

Building the Document

This document is written as a jupyter-book. Install the python requirements via pip:

pip install -r requirements.txt

To render the diagrams you need plantuml. Install it via your package manager or download the .jar file directly:

wget -O - "http://sourceforge.net/projects/plantuml/files/plantuml-nodot.1.2021.1.jar/download" > plantuml.jar

Finally, run the buildhtml.sh from this directoy:

./buildhtml.sh

Rendering a PDF

You can render a PDF document using LaTeX. First, install LaTeX on your system. Currently you will need to run ./buildhtml.sh once, to set up jupyter-book's _config.yml and then run:

PLANTUMLPATH='<your path to plantuml.jar>' PLANTUMLFORMAT='png' jupyter-book build content --builder pdflatex

Style Guidelines

Please adhere to the following rules when editing this document:

  • in text blocks, write one sentence per line in the markdown file for Git-friendliness
  • section headlines should have a Target Header marker following the form (chapter:section)= (e.g. (process:location_registration)=)
  • prefer List Tables over markdown tables
  • use underscores _ instead of spaces in file names
  • don't skip header levels (i.e. no ### outside # and ##)
  • use exactly one first level header (#) per page
  • Python code must be black formatted
Comments
  • API rate limiting is bypassable

    API rate limiting is bypassable

    As outlined by this tweet here, the API rate limiting seems to be bypassable by switching the casing of API endpoints.

    I wasn't able to find a proper way to report security issues, so I assumed creating this issue here is a proper place to do so. I believe this should be fixed quickly, especially as some endpoints can be abused if no proper rate-limiting policy is enforced (f.e. auth endpoints & brute-forcing logins).

    Kind regards, Tobias Grether

    opened by TobiasGrether 6
  • Make reverse engineering legal (as you would like to get responsible disclosures)

    Make reverse engineering legal (as you would like to get responsible disclosures)

    As your TOS currently states

    (c) Teile der Dienste dekompilieren, im Wege des Reverse Engineerings rekonstruieren, zerlegen oder auf eine andere Weise versuchen, Quellcodes, Objektcodes oder zugrundeliegende(s) strukturelle Ideen, Know-how oder Algorithmen oder andere Funktionsmechanismen der Dienste zu erlangen, es sei denn, dies ist im Einzelfall aufgrund zwingender gesetzlicher Vorschriften zulässig; (d) alle oder einen Teil der Dienste modifizieren, anpassen, übersetzen oder abgeleitete Werke erstellen, die auf den Diensten basieren (außer in dem durch luca gestatteten Umfang oder sofern dies im Rahmen der Dienste genehmigt wurde);

    it is basically illegal to do any kind of serious security research except reading your br0ken security documentation.

    So if I do any responsible disclosure stuff for your system the next thing I probably would have to expect from you is a letter from your lawyer.

    As I hope this is not what you venture-funded 🤡 actually want, just remove this part from your TOS.

    opened by LilithWittmann 6
  • Scanner ids should not be public

    Scanner ids should not be public

    Scanners currently share the same id as the location. They expose the current and total checkins (Maybe more?). Scanners should have their own secret id only visible to the operator.

    opened by rvnstn 3
  • Missing licence information in 2.1ae68762.chunk.js.LICENSE.txt

    Missing licence information in 2.1ae68762.chunk.js.LICENSE.txt

    Please include all licence informations in https://app.luca-app.de/webapp/static/js/2.1ae68762.chunk.js.LICENSE.txt At least a licence info for the used Ascii85/Base85 implementation is missing.

    Regards Tobias

    opened by rvnstn 2
  • Webapp uses wrong format for dates

    Webapp uses wrong format for dates

    The webapp uses 'dd.mm.yyyy' as formatstring for dates with momentjs. This results in loading the current daily key every minute. To fix this the string should be 'DD.MM.YYYY'. See https://momentjs.com/docs/#/displaying/

    opened by rvnstn 2
  • Update loop

    Update loop

    Moin,

    Beim ersten Öffnen der App wurde ich in einer Update-Schleife gefangen.

    Nach Eingabe aller Kontaktdaten und Bestätigung dieser per Button wurde ich auf die Hauptseite geleitet. Von dort bin ich auf "App Details" gegangen und habe die Kameraberechtigung gesetzt. Dann bin ich zurück zur Hauptseite. Welchen der beiden Buttons ich dazu genutzt habe, weiß ich leider nicht mehr. Einen weiteren Klick im 3P-Menü habe ich noch gemacht, aber abgebrochen, weil sich eine Website öffnen wollte. Zurück auf der Hauptseite habe ich aus unklaren Gründen einfach mal den Android-Zurück-Button geklickt. Dann war ich wieder in der Kontaktdatenerfassung. Nach Klick auf "Update" bin ich aber darin geblieben. Nochmaliges Klicken hat mich immer wieder zu dieser Seite gebracht. Beenden der App und Neustart hat geholfen. Erwartetes Verhalten war, nach Klick auf "Update" auf die Hauptseite zu gelangen.

    Gruß und Danke für die App, Lars

    opened by lbrink 2
  • Please clarify “... is then transferred to the venue owner“

    Please clarify “... is then transferred to the venue owner“

    Thanks for providing the Security Concept behind Luca. In the introductory paragraphs you’re stating:

    This Check-In is encrypted in a way that only the public health authorities can read it. The encrypted Check-In is then transferred to the venue owner via a QR code, where the Check-In is encrypted once again by the venue owner so that nobody can access the user’s personal information at this stage.

    Since there is no Luca “server“ infrastructure operated or owned by the venue owner, what exactly does “transferred to the venue owner” mean?

    opened by ralfr 2
  • Additional Quickoverview && a few real Code Snippets

    Additional Quickoverview && a few real Code Snippets

    Moin,

    erstmal Klasse Arbeit, viele Grafiken (die das lesen einfacher machen) und viel Pseudocode...

    Aus dem Aspekt der Dokumentation (a, dass diese vorliegt; b, dass diese lesbar ist!) n1. Hier im Repo ist sie etwas verbuggt (ok es ist eines dieser PyBooks), wie es scheint, aber das macht nichts, man kann ja die schicke Doku auf der Webseite lesen (https://luca-app.de/securityconcept/intro/landing.html)

    Ich sehe ein Problem mit dem Pseudocode, denn er erlaubt nur zu sehen wie es implementiert sein könnte. Er zeigt leider nicht, wie es unter der Haube, verdrahtet ist. Darum sehe ich darin eine größere Wahrscheinlichkeit, dass wir als "Leser" Implementierungsfehler übersehen könnten, die weitaus größere, gefährlichere Schwachstellen beinhalten könnten. Deswegen denke ich, dass ein paar Snippets aus dem echten Code angebracht sein könnten. Mal abgesehen vom Fakt, dass heute jedes Skid Reverse Engineering betreiben kann, wenn es die richtigen Tools findet.

    Eine gewisse Reduzierung auf den Sec Code und den Ablauf in einer zusätzlichen Übersicht, könnte nicht nur Wartungskosten für die Doku reduzieren, sondern auch die (Ein-)Lesezeit. Gleichzeitig würde es aber das Verständnis entsprechend hochhalten, sodass Schwachstellen / Leaks gefunden werden können.

    Kollegiale Grüße! :+1: :-)

    Anmk.: Spät "Abends" in Fremdsprachen schreiben zählt mitunter nicht zu meinen Stärken :-)


    English "Translation": Hello,

    First of all, excellent work, a lot of Graphics (they maintain a good readability) and a lot of Pseudocode...

    In the aspects of a Documentation (a it does exist; b it's readable) n1. The documentation is a bit buggy in this Repo (it's a pybook), but that doesn't disturb anyone as long we can read it on the website (see link above in GER Text)

    I see a few problems with the Pseudocode... The code just shows how it could be implemented. It doesn't show the wiring under the hood. Therefore I see a big possibility that we overlook dangerous implementation flaws. So I think a few code snippets out of the implementation could be needed.
    Besides the fact that every Skid can do Reverse Engineering these days with the right Tools in the hand

    A Reduction of the documentation in a additional overview for only the most important facts could be needed too in my opinion. Since it reduces the time for reading and the maintenance costs of the Docs and keeps the understanding high enough to spot vulnerabilities and leaks.

    Yours Sincerely :+1: :-),

    opened by ksaadDE 2
  • Improvement: Link to GitLab

    Improvement: Link to GitLab

    Since it seems like that you'll only maintain the security concept here on GitHub, please link to your GitLab so that everybody who's looking for the source code can find it.

    opened by Ein-Tim 1
  • Idea: Time-based Check-out configurable by location

    Idea: Time-based Check-out configurable by location

    Hello,

    wouldn't it make sense to be able to configure a kind of location time-based checkout?

    Time-based Check-out after 24 hours https://luca-app.de/securityconcept/processes/guest_checkout.html

    From my point of view a time-based checkout per location would be helpful. For example visiting a gas station takes less than an hour, visiting a restaurant mostly less than 4 hours. Also something like opening hours could make sense. E.g. if opening ours are from 9 a.m to 6 p.m. all guest could be checked out at 7 p.m. automatically.

    Thanks.

    opened by eriegger 1
  • Location Automatic Checkout vs. Manual Checkout

    Location Automatic Checkout vs. Manual Checkout

    Hello, just started to work with locations and Luca app. I created a location, enabled Automatic Checkout, checked in via printed QR-code and tried to checkcout manually (AUSCHECKEN (<--)). Now I get an Info (Error) message my position is required to checkout. (Info: Wir brauchen deine Position, um zu überprüfen, ob du dich bei befindest. Wähle in deinen Luca Standort Einstellungen "immer".)

    Is this intended behavior to disallow manual checkout if location has automatic checkout enabled?

    Thanks.

    opened by eriegger 1
  • Possible forgery of Check-In QR-Codes

    Possible forgery of Check-In QR-Codes

    Overview

    Relying only the information contained in this repository it seems to be the case that it is possible for a malicious user to generate a forged check-in QR code in such a way that the forgery is not detectable by the venue or the Luca backend. If I am correct this would allow a malicious user to successfully check into a venue without disclosing any information necessary for contact tracing.

    Introduction

    https://github.com/lucaapp/security-concept/blob/main/content/processes/guest_app_checkin.md describes the data which is encoded in the QR code generated by the Luca app which is intended to be scanned by the venue:

    • version (QR code protocol version)
    • device_type
    • key_id (ID of the daily keypair used for this Check-In)
    • timestamp
    • trace_id
    • enc_data
    • ephemeral_keys.public
    • verification_tag
    • checksum

    where

    timestamp        = UNIX timestamp rounded down to the last full minute (little endian encoding)
    trace_id         = HMAC-SHA256(user_id || timestamp, tracing_secret)  # truncated to 16 bytes
    ephemeral_keys   = a new secp256r1 key pair (for DLIES with the daily public key)
    dh_key           = ECDH(ephemeral_keys.private, daily_keypair.public)
    enc_key          = SHA256(dh_key || 0x01)  # truncated to 16 bytes
    iv               = ephemeral_keys.public   # truncated to 16 bytes
    enc_data         = AES-128-CTR(userId || data_secret, enc_key, iv)
    verification_tag = HMAC-SHA256(timestamp || enc_data, data_authentication_key)
    

    and the tracing_secret, the data_secret and the data_authentication key are neither known by the venue, nor by the attacker nor by the Luca backend. Additionally it is assumed that daily_keypair.public, key_id, version and device_type are public information.

    Description of the attack

    In order to perform the attack a maliciuous user has to generate a QR code containing the information mentioned above which is accepted by the scanning venue and the Luca backend. So let's have a look at all elements of the QR code:

    version

    Public information

    device_type

    Public information

    key_id

    Public information

    timestamp

    Public information

    trace_id

    For an honest user the trace_id is calculated as follows:

    HMAC-SHA256(user_id || timestamp, tracing_secret)  # truncated to 16 bytes
    

    The attacker does not know the tracing_secret but neither do the venue nor the Luca backend. This in turn means that any 16 byte random information has to be accepted by the venue and the Luca backend, because they can not verify it.

    enc_data

    For an honest user this value is calculated as

    ephemeral_keys   = a new secp256r1 key pair (for DLIES with the daily public key)
    dh_key           = ECDH(ephemeral_keys.private, daily_keypair.public)
    enc_key          = SHA256(dh_key || 0x01)  # truncated to 16 bytes
    iv               = ephemeral_keys.public   # truncated to 16 bytes
    enc_data         = AES-128-CTR(userId || data_secret, enc_key, iv)
    

    It has to be noted that none of the involved parties knows the data_secret but the other information can be generated by the attacker. If the attacker performs the calculations above using a random value (of correct length) for the data_secret and the user_id the results have to be accepted by the backend and the venue because neither of them holds the private daily_key and therefore can not perform the decryption operation which would be necessary in order to detect the forgery.

    ephemeral_keys.public

    Can be generated by the attacker.

    verification_tag

    For an honest user this value is caclulated as follows:

    verification_tag = HMAC-SHA256(timestamp || enc_data, data_authentication_key)
    

    For this calculation the data_authentication_key is needed. This key is not known to the attacker, the venue and the Luca backend. This again means that any random 8 (the HMAC is truncated to 8 bytes according to this documentation) byte value has to be accepted by the venue as well as the backend because they have no means to verify it.

    checksum

    Checksum is the SHA-256 hash truncated to 4 bytes of the previously described data and can be easily generated by an attacker.

    Conclusion

    If I have not missed a central piece of information an attacker can easily create a QR code which can be used to check in to a venue but is unusable for contact tracing and does not disclose the identity of the attacker.

    opened by rmsk2 4
  • Notifying Guests about Data Access

    Notifying Guests about Data Access

    Heya,

    the docs outline an assurance for guests being notified about data access by the health department after their contact data has been decrypted.

    With the wide rollouts of Luca and your recent open source release of the app (thanks btw) I've tried to confirm if I got how that works but I'm a bit confused:

    • The code that uses the endpoint related to traces that should be notified (DataAccessManager::fetchRecentlyAccessedTraceData) seems to be invoked exclusively in tests.
    • The staging endpoint returns traces in the expected format while the production endpoint errors out with a 401 and expects some form of authentication I cannot find in the open source release or apk.

    Given the above: Do I inherently misunderstand something in the concept / is this simply not yet implemented / how can users be certain that they are notified when their data is decrypted and accessed by a health department?

    edit 1: clarified on Twitter the endpoint is actually periodically checked in the app code.

    opened by FrankGrimm 0
  • Wunsch: PDF direkt bereit stellen

    Wunsch: PDF direkt bereit stellen

    Hallo, gestern wollte ich mir einen Überblick über das Sicherheitskonzept verschaffen. Mein Tipp ist: Stellt (per automatischem Bauprozess oder so) auch eine PDF Version mit Nummer zur Verfügung.

    Das hat zwei Vorteile:

    • Lesen von Papier ist in der Regel immer noch schneller als vom Bildschirm, gerade wenn es um das Verständnis der Struktur geht und ich es ganz lesen würde.
    • Die fixe Versionsnummer ist leicht angebbar, habe Version 0.9.1 oder Hash xyz vom 2021-03-dd gelesen. (Als nur den Repo-Hash jetzt anzugeben.)

    Dieser Wunsch ist natürlich optional, da ich mir ja die Bauwerkzeuge selbst holen und die Anleitung befolgen und ein PDF bauen kann. Zumindest bei mir würde es die erste Zugangshürde leicht senken.

    (Technisch noch besser wäre ein offenes Standardformat, wie ODT, aber Ihr habt ja den Bauprozess für PDF schon.)

    opened by bernhardreiter 2
  • Leaked Data & the trust issue

    Leaked Data & the trust issue

    The client leaks the following information via the API to the luca servers:

    • the phone number (request URL: https://app.luca-app.de/api/v3/sms/request)
    • the location history (Request URL e.g. https://app.luca-app.de/api/v3/scanners/54f0a623-4753-4265-9e62-9ae1e76c2228)

    That means that there is all information provided to the server that would be needed to build movement profiles around a phone number.

    The luca app maintainers mentioned multiple times that the app is built based on trust to them, so this is not an issue from their perspective.

    But as I see no reason why I should trust a few incompetent venture-funded 🤡 with influencer friends, I don't see why the entire security concept should work out.

    From an architectural perspective, it would be totally possible (e.g. by utilizing the signal protocol and decentralized storage of the personal/tracking data) to work without a trusted central platform to tackle the same issues. But as the luca team didn't come up with these ideas themselves, I don't think it makes sense to discuss them here 🤷‍♀️.

    opened by LilithWittmann 10
  • Manipulation of the luca webapp leads to unverified phone numbers

    Manipulation of the luca webapp leads to unverified phone numbers

    As the code of the webapp is freely editable, it is possible to uncomment the verification step or to change the phone number in between. This leads to a wrong phone number (not reachable or somebody else) being submitted in the encrypted data object.

    A false identity has 2 consequences (as with the analog way) a) I am not informed if I am a risk person and cannot be tested. b) someone else is informed, resolves the misunderstanding, and effort was generated for nothing.

    As it is not possible to secured the JS code executed in the browser from manipulation, let's evaluate some mitigation or resolutions.

    opened by philipp-berger 2
Releases(2021/03/10-1)
Owner
luca
Sicherer und verschlüsselter Kontaktdatenaustausch. Schnelle und lückenlose Nachverfolgung. Fragen: [email protected] Impressum: https://luca-app.de/impressum/
luca
An introduction of Markov decision process (MDP) and two algorithms that solve MDPs (value iteration, policy iteration) along with their Python implementations.

Markov Decision Process A Markov decision process (MDP), by definition, is a sequential decision problem for a fully observable, stochastic environmen

Yu Shen 31 Dec 30, 2022
This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)

Welcome to django-rest-auth Repository is unmaintained at the moment (on pause). More info can be found on this issue page: https://github.com/Tivix/d

Tivix 2.4k Jan 03, 2023
Multi-user accounts for Django projects

django-organizations Summary Groups and multi-user account management Author Ben Lopatin (http://benlopatin.com) Status Separate individual user ident

Ben Lopatin 1.1k Jan 02, 2023
This python package provides a simple password reset strategy for django rest framework

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)

FastAPI JWT Auth Documentation: https://indominusbyte.github.io/fastapi-jwt-auth Source Code: https://github.com/IndominusByte/fastapi-jwt-auth Featur

Nyoman Pradipta Dewantara 468 Jan 01, 2023
Library - Recent and favorite documents

Thingy Thingy is used to quickly access recent and favorite documents. It's an XApp so it can work in any distribution and many desktop environments (

Linux Mint 23 Sep 11, 2022
Beihang University Network Authentication Login

北航自动网络认证使用说明 主文件 gw_buaa.py # @file gw_buaa.py # @author Dong # @date 2022-01-25 # @email windcicada 0 Jul 22, 2022

Script that provides your TESLA access_token and refresh_token

TESLA tokens This script helps you get your TESLA access_token and refresh_token in order to connect to third party applications (Teslamate, TeslaFi,

Bun-Ny TAN 3 Apr 28, 2022
User-related REST API based on the awesome Django REST Framework

Django REST Registration User registration REST API, based on Django REST Framework. Documentation Full documentation for the project is available at

Andrzej Pragacz 399 Jan 03, 2023
Flask JWT Router is a Python library that adds authorised routes to a Flask app.

Read the docs: Flask-JWT-Router Flask JWT Router Flask JWT Router is a Python library that adds authorised routes to a Flask app. Both basic & Google'

Joe Gasewicz 52 Jan 03, 2023
Imia is an authentication library for Starlette and FastAPI (python 3.8+).

Imia Imia (belarussian for "a name") is an authentication library for Starlette and FastAPI (python 3.8+). Production status The library is considered

Alex Oleshkevich 91 Nov 24, 2022
Quick and simple security for Flask applications

Note This project is non maintained anymore. Consider the Flask-Security-Too project as an alternative. Flask-Security It quickly adds security featur

Matt Wright 1.6k Dec 19, 2022
Pingo provides a uniform API to program devices like the Raspberry Pi, BeagleBone Black, pcDuino etc.

Pingo provides a uniform API to program devices like the Raspberry Pi, BeagleBone Black, pcDuino etc. just like the Python DBAPI provides an uniform API for database programming in Python.

Garoa Hacker Clube 12 May 22, 2022
examify-io is an online examination system that offers automatic grading , exam statistics , proctoring and programming tests , multiple user roles

examify-io is an online examination system that offers automatic grading , exam statistics , proctoring and programming tests , multiple user roles ( Examiner , Supervisor , Student )

Ameer Nasser 4 Oct 28, 2021
Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.

Django Admin Two-Factor Authentication Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator. Why Django

Iman Karimi 9 Dec 07, 2022
This is a Python library for accessing resources protected by OAuth 2.0.

This is a client library for accessing resources protected by OAuth 2.0. Note: oauth2client is now deprecated. No more features will be added to the l

Google APIs 787 Dec 13, 2022
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth Notice This project is currently unmaintained. Check #484 for more details and suggested alternatives. JSON Web Token Authenti

José Padilla 3.2k Dec 31, 2022
Automatic login utility of free Wi-Fi captive portals

wicafe Automatic login utility of free Wi-Fi captive portals Disclaimer: read and grant the Terms of Service of Wi-Fi services before using it! This u

Takumi Sueda 8 May 31, 2022
This program automatically logs you into a Zoom session at your alloted time

This program automatically logs you into a Zoom session at your alloted time. Optionally you can choose to have end the session at your allotted time.

9 Sep 19, 2022
Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

Flask-HTTPAuth Simple extension that provides Basic and Digest HTTP authentication for Flask routes. Installation The easiest way to install this is t

Miguel Grinberg 1.1k Jan 05, 2023