Sunday, 10 July 2022

Digital Identity for Malaysia

 Jul.2019-Apr.2020: A solution to use iOS secure enclave and Android key store to generate a secure key pair and build trust based on this secure key pair.

Technical Stack:

  • Kotlin, Swift, C
  • Digital ID
  • Fingerprint authentication
  • CSR
  • 2 ways SSL
  • Root/Jailbreak detection, debugger detection
Experience:

  • CSR(Certificate Signing Request) generation with secure key pair, sent CSR to EJBCA server and return certificate chain signed with user document ID hash. 
  • 2 ways SSL authentication using secure key pair to generate ECDSA signature. 
  • Using SQLCipher to create local storage, and using PBKDF2 to generate the key.
  • Root/Jailbreak detection and debugger detection. JNI interface data obfuscation. 


Posted by at No comments:
Labels: , ,

Root of Trust

 Oct.2019-Dec.2019: A secure IoT solution by using SIM.

Technical Stack:

  • Raspberry Pi
  • mbedTLS
  • ECDSA and ECDHE
Experience:
  • Customized mbedTLS library, replaced most of the TLS cryptographic operations by using SIM card applet operations, including using SIM card to store client key pair and X509 certificate, calculate ECDSA signature and ECDHE session key. 









Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)