[enhancement] Validation Service & Agent with Double Challenges

[t2ym]

[enhancement] Validation Service & Agent

• Separated from [integrity.js][WIP] Optional double encryption for integrity #310 to show the updated status
• In addition to the above description, more robust security is achieved via double challanges that minimize the lifetime of the secret keys, which attackers would try to steal.

Shortened Lifetime of Keys

Version	0.4.0-alpha.62	Design at #310	Design at this issue with Double Challenges
htmlHash lifetime	> 4 weeks	> 4 weeks	several seconds
_traverse browserHash lifetime	4 weeks (not used)	4 weeks	several seconds
Connect browserHash lifetime	4 weeks (not used)	4 weeks	one time

• The lifetime of 4 weeks is the release cycle of major version browsers
• htmlHash without challenges is constant for the same web app version
• While a browserHash is generally consistent across a single major version, minor version updates can sometimes trigger changes. I therefore group these minor versions into "browser classes" that share a consistent hash per challenge value. This approach enables the system to validate hashes for previously unseen minor versions. (Note: "Class" here denotes a classification or category, distinct from the OOP definition.) ※本項目はAIレビューにより更改済み。厳密だけどのっぺりした力強くない表現だったのに、これが言いたかったんだよという表現に明確に近付けることができました。You do not have to translate this note in Japanese to understand this item.

Status Summary - Design and Implementation in Progress

• Validation with double challenges - basic features are working but error handling is fragile
  • Selection of challenge1 whose browserHash has been calculated via Agent browser
  • Generation and handing of challange2 on each user request
• Agent with challenge1 (1st challenge) - basic features are working but error handling is fragile
• Validation X (The compoent name is subject to change) - prototyping in progress
  • Different features in addition to agent scheduling are being considered

Feature Summary

Threat Models

• Replay Attacks
• Memory Scan Attacks
• MITM Attacks
• Man-in-the-Browser Attacks
• Social Engineering Attacks

Main Features

• Validation of browsers via challenges to make the lifetime of the secret keys as short as possible
• Validation Agent browsers to automatically generate the keys
• More robustness against different attack vectors
• TBD

Expected Components

• Integrity Service (integrityService.js) - enhanced to support validation of browsers
• Validation Service (validationService.js) - implemented as an HTTP/2 server with node:http2 (not spdy)
• [NEW] Agent Client - launch the app page in a new tab to generate new keys
• TBD

Detailed Status

• TBD