This repository has been archived by the owner on Jun 20, 2023. It is now read-only.
WIP: plausible deniability #946
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- ensure request pattern for playbooks is always the same VerificationService - apply padding to ensure equal request size (header & body) SecurityHelper - extract hash256 to HashHelper. This simplifies tests that use only the hash function (and therefore don´t need to initialize SecurityHelper and its dependencies)
Signed-off-by: Kolya Opahle <k.opahle@sap.com>
SubmissionService & SubmitDiagnosisKeysTransaction - inline playbook & backgroundNoise property to prevent issues during testing DiagnosisKeyConstantsTest, SubmissionServiceTest, SubmitDiagnosisKeysTransactionTest & SubmissionViewModelTest - adjusted to changes
Signed-off-by: Kolya Opahle <k.opahle@sap.com>
…rona-warn-app/cwa-app-android into feature/plausible-deniability � Conflicts: � Corona-Warn-App/src/main/java/de/rki/coronawarnapp/ui/main/MainActivity.kt
Signed-off-by: Kolya Opahle <k.opahle@sap.com>
Signed-off-by: Kolya Opahle <k.opahle@sap.com>
…ability # Conflicts: # Corona-Warn-App/src/main/java/de/rki/coronawarnapp/ui/main/MainActivity.kt
- ensure that fake requests are executed when real requests fail SubmissionService & VerificationService - adjust header name for padding WebRequestBuilder - add padding to dummy submission
PlaybookImpl - include follow-up executions after every playbook - logging SubmissionViewModel.kt, SubmissionService.kt, SubmitDiagnosisKeysTransaction.kt, MainActivity.kt, BackgroundNoisePeriodicWorker.kt, DiagnosisTestResultRetrievalPeriodicWorker.kt - propagate context for coroutine VerificationService - ensure body size of 1000
- adjust fake key generation PlaybookImplTest.kt - remove unused server.enqueue SubmissionService.kt 6 SubmitDiagnosisKeysTransaction.kt - remove commented out code
Signed-off-by: Kolya Opahle <k.opahle@sap.com>
…nto feature/plausible-deniability
- remove temporary comment
Signed-off-by: Kolya Opahle <k.opahle@sap.com>
…nto feature/plausible-deniability
Corona-Warn-App/build.gradle
Outdated
| @@ -244,11 +244,13 @@ dependencies { | |||
| // TESTING | |||
| testImplementation 'junit:junit:4.13' | |||
| testImplementation "android.arch.core:core-testing:1.1.1" | |||
| testImplementation 'org.jetbrains.kotlinx:kotlinx-coroutines-test:1.3.7' | |||
There was a problem hiding this comment.
this is still experimental and could cause issues. TBD
Corona-Warn-App/src/main/java/de/rki/coronawarnapp/http/playbook/PlaybookImpl.kt
Show resolved
Hide resolved
| @Body request: RegistrationRequest | ||
| ): TestResultResponse | ||
|
|
||
| @POST | ||
| suspend fun getTAN( | ||
| @Url url: String, | ||
| @Header("cwa-fake") fake: String, | ||
| @Header("cwa-header-padding") headerPadding: String?, |
There was a problem hiding this comment.
Is there a case where we do not have padding?
There was a problem hiding this comment.
I think currently you are right. The header can be omitted when the header of a request happens to be exactly as big as we need it.
…rom outside - remove experimental test dependency for coroutines
|
Thank you for the review. Feedback is applied with 863b12d |
jakobmoellerdev
previously approved these changes
Aug 6, 2020
- reduce request size from 1000 to 250 for the verification server - include dummy registration token in fake request to fulfill verification on server side - prepare for randomized count of submitted keys - always include headers cwa-authorization & cwa-header-padding for submission server
|
Kudos, SonarCloud Quality Gate passed!
|
jakobmoellerdev
approved these changes
Aug 6, 2020
jakobmoellerdev
pushed a commit
that referenced
this pull request
Aug 7, 2020
* Added requestPadding property to all VerficationService requests * Added fake calls to the WebReqeustBuilder * 🚧 initial draft to enable plausible deniability * Switched from SubmissionConstants to KeyType enum everywhere * basic playbook implementation with fake and real requests * Playbook - ensure request pattern for playbooks is always the same VerificationService - apply padding to ensure equal request size (header & body) SecurityHelper - extract hash256 to HashHelper. This simplifies tests that use only the hash function (and therefore don´t need to initialize SecurityHelper and its dependencies) * Implemented random chance of dummy playbook execution on app open Signed-off-by: Kolya Opahle <k.opahle@sap.com> * Playbook - ignore exceptions for fake requests SubmissionService - add padding header to fake request for same header size WebRequestBuilder - include fake keys in upload (🏗) * DiagnosisKeyService: removed (low value & difficult to test) SubmissionService & SubmitDiagnosisKeysTransaction - inline playbook & backgroundNoise property to prevent issues during testing DiagnosisKeyConstantsTest, SubmissionServiceTest, SubmitDiagnosisKeysTransactionTest & SubmissionViewModelTest - adjusted to changes * Dummy playbook will now be repeated and delayed randomly Signed-off-by: Kolya Opahle <k.opahle@sap.com> * Linting Signed-off-by: Kolya Opahle <k.opahle@sap.com> * Initial Code for background noise worker Signed-off-by: Kolya Opahle <k.opahle@sap.com> * First implementation of noise background worker Signed-off-by: Kolya Opahle <k.opahle@sap.com> * Linting Signed-off-by: Kolya Opahle <k.opahle@sap.com> * PlaybookImpl - ensure that fake requests are executed when real requests fail SubmissionService & VerificationService - adjust header name for padding WebRequestBuilder - add padding to dummy submission * BackgroundNoise is now trigger-only PlaybookImpl - include follow-up executions after every playbook - logging SubmissionViewModel.kt, SubmissionService.kt, SubmitDiagnosisKeysTransaction.kt, MainActivity.kt, BackgroundNoisePeriodicWorker.kt, DiagnosisTestResultRetrievalPeriodicWorker.kt - propagate context for coroutine VerificationService - ensure body size of 1000 * WebRequestBuilder.kt - adjust fake key generation PlaybookImplTest.kt - remove unused server.enqueue SubmissionService.kt 6 SubmitDiagnosisKeysTransaction.kt - remove commented out code * revert temporary changes to SubmissionResultPositiveOtherWarningFragment.kt * Background job scheduling implemented Signed-off-by: Kolya Opahle <k.opahle@sap.com> * - adjust fake key size - remove temporary comment * Moved build work calls to own file to fix linting Signed-off-by: Kolya Opahle <k.opahle@sap.com> * - initialize coroutine scope within the playbook, revert passing it from outside - remove experimental test dependency for coroutines * - use single endpoint per server for fake requests - reduce request size from 1000 to 250 for the verification server - include dummy registration token in fake request to fulfill verification on server side - prepare for randomized count of submitted keys - always include headers cwa-authorization & cwa-header-padding for submission server * - simplify empty header using constant Co-authored-by: Kolya Opahle <k.opahle@sap.com>
|
I'm interested: What does this change do? An emoji is not a very good description… |
|
@Fabian42 : as far as I can interpret the code, a new function for data privacy is introduced. Randomly when opening the app, there is a fake TEK uploading to the server. It is to protect a COVID positive tested user, who uploads his keys to the server to warn the others, while his network traffic is under oberservation (e. g., by a hacker...) By this, he may deny (upon being confronted with 'his network behaviour') that he uploaded keys, because ALL CWA apps now uploading (fake) keys from time to time. So, network sniffing is not reliable anymore to identify positive tested users. (-> plausible deniability) Dear devs, please correct me if I'm wrong. |
|
@Fabian42 ... sorry, now realized that you most likely don't need any explanation about the code... Your original question had a different intention, I guess... ;) |
|
No, that is actually exactly what I asked about. Thanks! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🏗