Hacking It Through

by Dec 13, 2018Blockchain, Decentralization, General, Security, Technical

 “The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. ”― Alvin Toffler

Last Saturday Team Hypermine took participation at the Cloud 20/20 UNISYS (www.unisys.com) hackathon. 

The tech giant conducted the event to bring together professionals for their unique ideas around disruptive technologies and to recognise them for their talent.

The event was dedicated to technology professionals with more than 3 years hands on work experience. This resulted in a very sophisticated collection of PoCs, and also made sure that the participating teams were top notch..

A total of 73 teams has applied; of which a mere 23 were selected showcase their work.

The themes provided were  

  1. AI/ML
  2. Security
  3. IoT 

There were some very interesting Machine Learning projects, Team TAKA [won 3rd Place] built Office Login Security system using AWS DeepLense. Similarly there were several projects in AI and IOT security using RaspberryPI as a proxy at L2 level. As for us, team Hypermine, was participating the Security segment with our Cryptographic SingleSignOn Solution. 

We team chose Security as our theme. 

The problem statement
Storing passwords in databases are not secure, additionally are a hassle to manage. 

Our Solution
A cryptographic based login mechanism where users login into applications without having to provide there log in credentials.

How ?
The solution is divided into three modules 

  1. SDK
  2. Mobile APP
  3. Server 

The server is where the A website owner registers their website by providing their SSL Certificates and details like domain name and redirection URL and so on. The server then generates an ‘APP ID’ and provides a SDK which the website owner implements in the website and controls the login/Authentication.

 

The users then register themselves in mobile app. On registration Hypersign generates a Public/Private Key Pair [based on the Elliptic Curve standard] and attaches the public key to the user’s account on server. Next when user access the website for the first time they will see a QR code on the website.

 

Registration

 

 

We then generate a Key Pair [Public & Private] and attach the public key to the user’s account on server.

 

 

At the next step, when the user browses to the website for the first time, the user will see a QR code on the screen. 

 

The user will have to scan the QR code by clicking on the button on the scan qr section in the mobile app. 

 

The user will scan the QR code [on the website] by from the mobile app. 

The following steps occur : 

  1. Decrypt the QR message using the key [Mobile APP]. the encrypted message contains the APPID of the website.
  2. Encrypt another message to tell server to allow the user login along with the APPID with the user’s Private Key [stored in the mobile phone].
  3. Next the encrypted data is sent to server to be verified. The server uses another decryption method to get the public key back, and matches the public key of the user request with the generated public key
  4. Once matched It proves that a user is valid and a notification is sent to the app with the particular APPID to redirect login. 

We use ECDSA encryption algorithm which is a standard in blockchain hence our pki wallet works with any blockchain to broadcast transaction in a blockchain based apps. 

We plan to integrate this mechanism with other standard SSO applications such as 

  1. Datapower
  2. KeyCloak 

Hypersign will add another layer of encryption and security on the existing platforms without having to change anything in their existing setup.

Our team won 1st prize. 🙂 

Technologies Used for the project

Vuejs
Quasar
ECDSA
AWS