Luca Security Concept

Overview

Luca Security Concept

This is the document source of luca's security concept. Please go here for the HTML version: https://luca-app.de/securityconcept

Getting in Touch

We're interested in your feedback! Please start discussions or participate in the "Discussions" section of this repository.

Despite the document's language being English, please feel free to open discussions in either German or English. Whatever you're more comfortable with.

Building the Document

This document is written as a jupyter-book. Install the python requirements via pip:

pip install -r requirements.txt

To render the diagrams you need plantuml. Install it via your package manager or download the .jar file directly:

wget -O - "http://sourceforge.net/projects/plantuml/files/plantuml-nodot.1.2021.1.jar/download" > plantuml.jar

Finally, run the buildhtml.sh from this directoy:

./buildhtml.sh

Rendering a PDF

You can render a PDF document using LaTeX. First, install LaTeX on your system. Currently you will need to run ./buildhtml.sh once, to set up jupyter-book's _config.yml and then run:

PLANTUMLPATH='<your path to plantuml.jar>' PLANTUMLFORMAT='png' jupyter-book build content --builder pdflatex

Style Guidelines

Please adhere to the following rules when editing this document:

  • in text blocks, write one sentence per line in the markdown file for Git-friendliness
  • section headlines should have a Target Header marker following the form (chapter:section)= (e.g. (process:location_registration)=)
  • prefer List Tables over markdown tables
  • use underscores _ instead of spaces in file names
  • don't skip header levels (i.e. no ### outside # and ##)
  • use exactly one first level header (#) per page
  • Python code must be black formatted
Comments
  • API rate limiting is bypassable

    API rate limiting is bypassable

    As outlined by this tweet here, the API rate limiting seems to be bypassable by switching the casing of API endpoints.

    I wasn't able to find a proper way to report security issues, so I assumed creating this issue here is a proper place to do so. I believe this should be fixed quickly, especially as some endpoints can be abused if no proper rate-limiting policy is enforced (f.e. auth endpoints & brute-forcing logins).

    Kind regards, Tobias Grether

    opened by TobiasGrether 6
  • Make reverse engineering legal (as you would like to get responsible disclosures)

    Make reverse engineering legal (as you would like to get responsible disclosures)

    As your TOS currently states

    (c) Teile der Dienste dekompilieren, im Wege des Reverse Engineerings rekonstruieren, zerlegen oder auf eine andere Weise versuchen, Quellcodes, Objektcodes oder zugrundeliegende(s) strukturelle Ideen, Know-how oder Algorithmen oder andere Funktionsmechanismen der Dienste zu erlangen, es sei denn, dies ist im Einzelfall aufgrund zwingender gesetzlicher Vorschriften zulässig; (d) alle oder einen Teil der Dienste modifizieren, anpassen, übersetzen oder abgeleitete Werke erstellen, die auf den Diensten basieren (außer in dem durch luca gestatteten Umfang oder sofern dies im Rahmen der Dienste genehmigt wurde);

    it is basically illegal to do any kind of serious security research except reading your br0ken security documentation.

    So if I do any responsible disclosure stuff for your system the next thing I probably would have to expect from you is a letter from your lawyer.

    As I hope this is not what you venture-funded 🤡 actually want, just remove this part from your TOS.

    opened by LilithWittmann 6
  • Scanner ids should not be public

    Scanner ids should not be public

    Scanners currently share the same id as the location. They expose the current and total checkins (Maybe more?). Scanners should have their own secret id only visible to the operator.

    opened by rvnstn 3
  • Missing licence information in 2.1ae68762.chunk.js.LICENSE.txt

    Missing licence information in 2.1ae68762.chunk.js.LICENSE.txt

    Please include all licence informations in https://app.luca-app.de/webapp/static/js/2.1ae68762.chunk.js.LICENSE.txt At least a licence info for the used Ascii85/Base85 implementation is missing.

    Regards Tobias

    opened by rvnstn 2
  • Webapp uses wrong format for dates

    Webapp uses wrong format for dates

    The webapp uses 'dd.mm.yyyy' as formatstring for dates with momentjs. This results in loading the current daily key every minute. To fix this the string should be 'DD.MM.YYYY'. See https://momentjs.com/docs/#/displaying/

    opened by rvnstn 2
  • Update loop

    Update loop

    Moin,

    Beim ersten Öffnen der App wurde ich in einer Update-Schleife gefangen.

    Nach Eingabe aller Kontaktdaten und Bestätigung dieser per Button wurde ich auf die Hauptseite geleitet. Von dort bin ich auf "App Details" gegangen und habe die Kameraberechtigung gesetzt. Dann bin ich zurück zur Hauptseite. Welchen der beiden Buttons ich dazu genutzt habe, weiß ich leider nicht mehr. Einen weiteren Klick im 3P-Menü habe ich noch gemacht, aber abgebrochen, weil sich eine Website öffnen wollte. Zurück auf der Hauptseite habe ich aus unklaren Gründen einfach mal den Android-Zurück-Button geklickt. Dann war ich wieder in der Kontaktdatenerfassung. Nach Klick auf "Update" bin ich aber darin geblieben. Nochmaliges Klicken hat mich immer wieder zu dieser Seite gebracht. Beenden der App und Neustart hat geholfen. Erwartetes Verhalten war, nach Klick auf "Update" auf die Hauptseite zu gelangen.

    Gruß und Danke für die App, Lars

    opened by lbrink 2
  • Please clarify “... is then transferred to the venue owner“

    Please clarify “... is then transferred to the venue owner“

    Thanks for providing the Security Concept behind Luca. In the introductory paragraphs you’re stating:

    This Check-In is encrypted in a way that only the public health authorities can read it. The encrypted Check-In is then transferred to the venue owner via a QR code, where the Check-In is encrypted once again by the venue owner so that nobody can access the user’s personal information at this stage.

    Since there is no Luca “server“ infrastructure operated or owned by the venue owner, what exactly does “transferred to the venue owner” mean?

    opened by ralfr 2
  • Additional Quickoverview && a few real Code Snippets

    Additional Quickoverview && a few real Code Snippets

    Moin,

    erstmal Klasse Arbeit, viele Grafiken (die das lesen einfacher machen) und viel Pseudocode...

    Aus dem Aspekt der Dokumentation (a, dass diese vorliegt; b, dass diese lesbar ist!) n1. Hier im Repo ist sie etwas verbuggt (ok es ist eines dieser PyBooks), wie es scheint, aber das macht nichts, man kann ja die schicke Doku auf der Webseite lesen (https://luca-app.de/securityconcept/intro/landing.html)

    Ich sehe ein Problem mit dem Pseudocode, denn er erlaubt nur zu sehen wie es implementiert sein könnte. Er zeigt leider nicht, wie es unter der Haube, verdrahtet ist. Darum sehe ich darin eine größere Wahrscheinlichkeit, dass wir als "Leser" Implementierungsfehler übersehen könnten, die weitaus größere, gefährlichere Schwachstellen beinhalten könnten. Deswegen denke ich, dass ein paar Snippets aus dem echten Code angebracht sein könnten. Mal abgesehen vom Fakt, dass heute jedes Skid Reverse Engineering betreiben kann, wenn es die richtigen Tools findet.

    Eine gewisse Reduzierung auf den Sec Code und den Ablauf in einer zusätzlichen Übersicht, könnte nicht nur Wartungskosten für die Doku reduzieren, sondern auch die (Ein-)Lesezeit. Gleichzeitig würde es aber das Verständnis entsprechend hochhalten, sodass Schwachstellen / Leaks gefunden werden können.

    Kollegiale Grüße! :+1: :-)

    Anmk.: Spät "Abends" in Fremdsprachen schreiben zählt mitunter nicht zu meinen Stärken :-)


    English "Translation": Hello,

    First of all, excellent work, a lot of Graphics (they maintain a good readability) and a lot of Pseudocode...

    In the aspects of a Documentation (a it does exist; b it's readable) n1. The documentation is a bit buggy in this Repo (it's a pybook), but that doesn't disturb anyone as long we can read it on the website (see link above in GER Text)

    I see a few problems with the Pseudocode... The code just shows how it could be implemented. It doesn't show the wiring under the hood. Therefore I see a big possibility that we overlook dangerous implementation flaws. So I think a few code snippets out of the implementation could be needed.
    Besides the fact that every Skid can do Reverse Engineering these days with the right Tools in the hand

    A Reduction of the documentation in a additional overview for only the most important facts could be needed too in my opinion. Since it reduces the time for reading and the maintenance costs of the Docs and keeps the understanding high enough to spot vulnerabilities and leaks.

    Yours Sincerely :+1: :-),

    opened by ksaadDE 2
  • Improvement: Link to GitLab

    Improvement: Link to GitLab

    Since it seems like that you'll only maintain the security concept here on GitHub, please link to your GitLab so that everybody who's looking for the source code can find it.

    opened by Ein-Tim 1
  • Idea: Time-based Check-out configurable by location

    Idea: Time-based Check-out configurable by location

    Hello,

    wouldn't it make sense to be able to configure a kind of location time-based checkout?

    Time-based Check-out after 24 hours https://luca-app.de/securityconcept/processes/guest_checkout.html

    From my point of view a time-based checkout per location would be helpful. For example visiting a gas station takes less than an hour, visiting a restaurant mostly less than 4 hours. Also something like opening hours could make sense. E.g. if opening ours are from 9 a.m to 6 p.m. all guest could be checked out at 7 p.m. automatically.

    Thanks.

    opened by eriegger 1
  • Location Automatic Checkout vs. Manual Checkout

    Location Automatic Checkout vs. Manual Checkout

    Hello, just started to work with locations and Luca app. I created a location, enabled Automatic Checkout, checked in via printed QR-code and tried to checkcout manually (AUSCHECKEN (<--)). Now I get an Info (Error) message my position is required to checkout. (Info: Wir brauchen deine Position, um zu überprüfen, ob du dich bei befindest. Wähle in deinen Luca Standort Einstellungen "immer".)

    Is this intended behavior to disallow manual checkout if location has automatic checkout enabled?

    Thanks.

    opened by eriegger 1
  • Possible forgery of Check-In QR-Codes

    Possible forgery of Check-In QR-Codes

    Overview

    Relying only the information contained in this repository it seems to be the case that it is possible for a malicious user to generate a forged check-in QR code in such a way that the forgery is not detectable by the venue or the Luca backend. If I am correct this would allow a malicious user to successfully check into a venue without disclosing any information necessary for contact tracing.

    Introduction

    https://github.com/lucaapp/security-concept/blob/main/content/processes/guest_app_checkin.md describes the data which is encoded in the QR code generated by the Luca app which is intended to be scanned by the venue:

    • version (QR code protocol version)
    • device_type
    • key_id (ID of the daily keypair used for this Check-In)
    • timestamp
    • trace_id
    • enc_data
    • ephemeral_keys.public
    • verification_tag
    • checksum

    where

    timestamp        = UNIX timestamp rounded down to the last full minute (little endian encoding)
    trace_id         = HMAC-SHA256(user_id || timestamp, tracing_secret)  # truncated to 16 bytes
    ephemeral_keys   = a new secp256r1 key pair (for DLIES with the daily public key)
    dh_key           = ECDH(ephemeral_keys.private, daily_keypair.public)
    enc_key          = SHA256(dh_key || 0x01)  # truncated to 16 bytes
    iv               = ephemeral_keys.public   # truncated to 16 bytes
    enc_data         = AES-128-CTR(userId || data_secret, enc_key, iv)
    verification_tag = HMAC-SHA256(timestamp || enc_data, data_authentication_key)
    

    and the tracing_secret, the data_secret and the data_authentication key are neither known by the venue, nor by the attacker nor by the Luca backend. Additionally it is assumed that daily_keypair.public, key_id, version and device_type are public information.

    Description of the attack

    In order to perform the attack a maliciuous user has to generate a QR code containing the information mentioned above which is accepted by the scanning venue and the Luca backend. So let's have a look at all elements of the QR code:

    version

    Public information

    device_type

    Public information

    key_id

    Public information

    timestamp

    Public information

    trace_id

    For an honest user the trace_id is calculated as follows:

    HMAC-SHA256(user_id || timestamp, tracing_secret)  # truncated to 16 bytes
    

    The attacker does not know the tracing_secret but neither do the venue nor the Luca backend. This in turn means that any 16 byte random information has to be accepted by the venue and the Luca backend, because they can not verify it.

    enc_data

    For an honest user this value is calculated as

    ephemeral_keys   = a new secp256r1 key pair (for DLIES with the daily public key)
    dh_key           = ECDH(ephemeral_keys.private, daily_keypair.public)
    enc_key          = SHA256(dh_key || 0x01)  # truncated to 16 bytes
    iv               = ephemeral_keys.public   # truncated to 16 bytes
    enc_data         = AES-128-CTR(userId || data_secret, enc_key, iv)
    

    It has to be noted that none of the involved parties knows the data_secret but the other information can be generated by the attacker. If the attacker performs the calculations above using a random value (of correct length) for the data_secret and the user_id the results have to be accepted by the backend and the venue because neither of them holds the private daily_key and therefore can not perform the decryption operation which would be necessary in order to detect the forgery.

    ephemeral_keys.public

    Can be generated by the attacker.

    verification_tag

    For an honest user this value is caclulated as follows:

    verification_tag = HMAC-SHA256(timestamp || enc_data, data_authentication_key)
    

    For this calculation the data_authentication_key is needed. This key is not known to the attacker, the venue and the Luca backend. This again means that any random 8 (the HMAC is truncated to 8 bytes according to this documentation) byte value has to be accepted by the venue as well as the backend because they have no means to verify it.

    checksum

    Checksum is the SHA-256 hash truncated to 4 bytes of the previously described data and can be easily generated by an attacker.

    Conclusion

    If I have not missed a central piece of information an attacker can easily create a QR code which can be used to check in to a venue but is unusable for contact tracing and does not disclose the identity of the attacker.

    opened by rmsk2 4
  • Notifying Guests about Data Access

    Notifying Guests about Data Access

    Heya,

    the docs outline an assurance for guests being notified about data access by the health department after their contact data has been decrypted.

    With the wide rollouts of Luca and your recent open source release of the app (thanks btw) I've tried to confirm if I got how that works but I'm a bit confused:

    • The code that uses the endpoint related to traces that should be notified (DataAccessManager::fetchRecentlyAccessedTraceData) seems to be invoked exclusively in tests.
    • The staging endpoint returns traces in the expected format while the production endpoint errors out with a 401 and expects some form of authentication I cannot find in the open source release or apk.

    Given the above: Do I inherently misunderstand something in the concept / is this simply not yet implemented / how can users be certain that they are notified when their data is decrypted and accessed by a health department?

    edit 1: clarified on Twitter the endpoint is actually periodically checked in the app code.

    opened by FrankGrimm 0
  • Wunsch: PDF direkt bereit stellen

    Wunsch: PDF direkt bereit stellen

    Hallo, gestern wollte ich mir einen Überblick über das Sicherheitskonzept verschaffen. Mein Tipp ist: Stellt (per automatischem Bauprozess oder so) auch eine PDF Version mit Nummer zur Verfügung.

    Das hat zwei Vorteile:

    • Lesen von Papier ist in der Regel immer noch schneller als vom Bildschirm, gerade wenn es um das Verständnis der Struktur geht und ich es ganz lesen würde.
    • Die fixe Versionsnummer ist leicht angebbar, habe Version 0.9.1 oder Hash xyz vom 2021-03-dd gelesen. (Als nur den Repo-Hash jetzt anzugeben.)

    Dieser Wunsch ist natürlich optional, da ich mir ja die Bauwerkzeuge selbst holen und die Anleitung befolgen und ein PDF bauen kann. Zumindest bei mir würde es die erste Zugangshürde leicht senken.

    (Technisch noch besser wäre ein offenes Standardformat, wie ODT, aber Ihr habt ja den Bauprozess für PDF schon.)

    opened by bernhardreiter 2
  • Leaked Data & the trust issue

    Leaked Data & the trust issue

    The client leaks the following information via the API to the luca servers:

    • the phone number (request URL: https://app.luca-app.de/api/v3/sms/request)
    • the location history (Request URL e.g. https://app.luca-app.de/api/v3/scanners/54f0a623-4753-4265-9e62-9ae1e76c2228)

    That means that there is all information provided to the server that would be needed to build movement profiles around a phone number.

    The luca app maintainers mentioned multiple times that the app is built based on trust to them, so this is not an issue from their perspective.

    But as I see no reason why I should trust a few incompetent venture-funded 🤡 with influencer friends, I don't see why the entire security concept should work out.

    From an architectural perspective, it would be totally possible (e.g. by utilizing the signal protocol and decentralized storage of the personal/tracking data) to work without a trusted central platform to tackle the same issues. But as the luca team didn't come up with these ideas themselves, I don't think it makes sense to discuss them here 🤷‍♀️.

    opened by LilithWittmann 10
  • Manipulation of the luca webapp leads to unverified phone numbers

    Manipulation of the luca webapp leads to unverified phone numbers

    As the code of the webapp is freely editable, it is possible to uncomment the verification step or to change the phone number in between. This leads to a wrong phone number (not reachable or somebody else) being submitted in the encrypted data object.

    A false identity has 2 consequences (as with the analog way) a) I am not informed if I am a risk person and cannot be tested. b) someone else is informed, resolves the misunderstanding, and effort was generated for nothing.

    As it is not possible to secured the JS code executed in the browser from manipulation, let's evaluate some mitigation or resolutions.

    opened by philipp-berger 2
Releases(2021/03/10-1)
Owner
luca
Sicherer und verschlüsselter Kontaktdatenaustausch. Schnelle und lückenlose Nachverfolgung. Fragen: [email protected] Impressum: https://luca-app.de/impressum/
luca
Login-python - Login system made in Python, using native libraries

login-python Sistema de login feito 100% em Python, utilizando bibliotecas nativ

Nicholas Gabriel De Matos Leal 2 Jan 28, 2022
A Python inplementation for OAuth2

OAuth2-Python Discord Inplementation for OAuth2 login systems. This is a simple Python 'app' made to inplement in your programs that require (shitty)

Prifixy 0 Jan 06, 2022
AddressBookApp - Address Book App in Django

AddressBookApp Application Name Address Book App in Django, 2022 Technologies La

Joshua K 1 Aug 18, 2022
Strong, Simple, and Precise security for Flask APIs (using jwt)

flask-praetorian Strong, Simple, and Precise security for Flask APIs API security should be strong, simple, and precise like a Roman Legionary. This p

Tucker Beck 321 Dec 18, 2022
Auth-Starters - Different APIs using Django & Flask & FastAPI to see Authentication Service how its work

Auth-Starters Different APIs using Django & Flask & FastAPI to see Authentication Service how its work, and how to use it. This Repository based on my

Yasser Tahiri 7 Apr 22, 2022
OAuthlib support for Python-Requests!

Requests-OAuthlib This project provides first-class OAuth library support for Requests. The OAuth 1 workflow OAuth 1 can seem overly complicated and i

1.6k Dec 28, 2022
Simple implementation of authentication in projects using FastAPI

Fast Auth Facilita implementação de um sistema de autenticação básico e uso de uma sessão de banco de dados em projetos com tFastAPi. Instalação e con

3 Jan 08, 2022
Implementation of Supervised Contrastive Learning with AMP, EMA, SWA, and many other tricks

SupCon-Framework The repo is an implementation of Supervised Contrastive Learning. It's based on another implementation, but with several differencies

Ivan Panshin 132 Dec 14, 2022
This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes

SyscallExtractorAnalyzer This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes Goals Teach

Truvis Thornton 18 Jul 09, 2022
Social auth made simple

Python Social Auth Python Social Auth is an easy-to-setup social authentication/registration mechanism with support for several frameworks and auth pr

Matías Aguirre 2.8k Dec 24, 2022
Python's simple login system concept - Advanced level

Simple login system with Python - For beginners Creating a simple login system using python for beginners this repository aims to provide a simple ove

Low_Scarlet 1 Dec 13, 2021
MikroTik Authentication POCs

Proofs of concept which successfully authenticate with MikroTik Winbox and MAC Telnet servers running on RouterOS version 6.45.1+

Margin Research 56 Dec 08, 2022
Django Rest Framework App wih JWT Authentication and other DRF stuff

Django Queries App with JWT authentication, Class Based Views, Serializers, Swagger UI, CI/CD and other cool DRF stuff API Documentaion /swagger - Swa

Rafael Salimov 4 Jan 29, 2022
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth Notice This project is currently unmaintained. Check #484 for more details and suggested alternatives. JSON Web Token Authenti

José Padilla 3.2k Dec 31, 2022
Flask App With Login

Flask App With Login by FranciscoCharles Este projeto basico é o resultado do estudos de algumas funcionalidades do micro framework Flask do Python. O

Charles 3 Nov 14, 2021
A JOSE implementation in Python

python-jose A JOSE implementation in Python Docs are available on ReadTheDocs. The JavaScript Object Signing and Encryption (JOSE) technologies - JSON

Michael Davis 1.2k Dec 28, 2022
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 01, 2023
Django x Elasticsearch Templates

Django x Elasticsearch Requirements Python 3.7 Django = 3 Elasticsearch 7.15 Setup Elasticsearch Install via brew Install brew tap elastic/tap brew

Aji Pratama 0 May 22, 2022
Authentication with fastapi and jwt cd realistic

Authentication with fastapi and jwt cd realistic Dependencies bcrypt==3.1.7 data

Fredh Macau 1 Jan 04, 2022
Basic auth for Django.

easy-basicauth WARNING! THIS LIBRARY IS IN PROGRESS! ANYTHING CAN CHANGE AT ANY MOMENT WITHOUT ANY NOTICE! Installation pip install easy-basicauth Usa

bichanna 2 Mar 25, 2022