Unikname’s authentication protocol audited with success!
The audit of our authentication protocol is part of the open source publication process of our code. This audit of Unikname Connect follows the same process as the audit of our Blockchain, UNS Network. Learn more here. The objective being, again, to give more transparency, general security and a guarantee of trust with future users. The Unikname Connect audit confirms the implementation of current cyber security best practices.
This approach, at a European level, is also part of the French ANSSI certification process as we are aiming for the CSPN certification.
What are Unikname Connect and Unikname’s authentication protocol?
Unikname Connect is a decentralized authentication solution to secure ALL website access. It takes advantage of uns.network Blockchain security to protect your web access from malicious intrusion attempts.
It provides Decentralized IDentifiers (DID / SSI), Unikname IDs to replace the email and password and strong 2FA authentications for the Web.
Unikname Connect is also based on standards, such as OAuth2.0 and OpenID Connect authentication protocols or coming from Decentralized Identity Foundation.
Why did we choose to have our authentication protocol audited?
Security audits are comprehensive examinations of an enterprise’s information security system. It can give an understanding of how protected an organization is against known security threats.
We’re happy to announce that Unikname Connect was successfully audited by Vaadata, a company specialized in security audits.
About Vaadata: Hyper-specialized in pentest, Vaadata helps companies increase their level of cybersecurity with audits that target various areas: Web platforms, Mobile applications, IoT – Connected device, -Infrastructure & network, Social engineering, Information system. Their mission is to democratize pentesting with offers adapted to the security challenges faced by start-ups and large companies. All their pentests are realised by their internal team to ensure they achieve the best quality standards of their industry.
In this spotlight, we’ll elaborate on the scope of the audit, as well as present some of the issues found during the auditing process.
Code Review & Auditing Process
The initial review was conducted in two phases:
- between April 19th and April 23th 2021
- between May 10th and May 12th 2021
The findings mainly refer to optimizations, especially in logging area, and infrastructure security standards.
Hence, the issues identified pose no threat to the safety of the solution.
The auditing process focused on the following considerations:
- Corrupting uns.network blockchain data
- Introducing fraudulent data into uns.network blockchain
- Stealing uns.network credits
- Stealing @unikname self-sovereign identifiers
- Stealing users’ accounts created on our partners’ websites with @unikname self-sovereign identifiers
- Impersonating and identity thefts by connecting as fraudulent administrators on websites protected by Unikname Connect
A total of 4 vulnerabilities have been identified through the complete security audit, including 1 medium vulnerability, 1 low vulnerability and 2 information notifications. The medium and low vulnerabilities are currently being fixed and will be available in the next versions of our products or will be progressively roll-out in the next weeks.
Scope of audit
Here are the products and protocols that have been audited by code reviews for some of them and by pentesting techniques for all of them:
- uns.network Core
- uns.network SDK
- Unikname Web Authentication Protocol
- Unikname API
- Unikname Connect
- My Unikname App
No major or critical issues were found during the auditing process. With successful completion of this audit, the security of the Unikname Connect solution is significantly proven and demonstrated.
uns.network and Unikname developers will continue to improve the security of uns.network and Unikname softwares, in partnership with 3rd party security experts and community developers.
Dashlane, one of the leading password management solutions, estimates that by 2022, the average...
Traditionally, digital identities are managed, generated, and owned by centralized service...
Dear community,Something big has been on the horizon for quite some time now and our team is super...