Skip to main content

TideCloak 0.12.0

This release introduces a massive new capability: Tide's Ineffable Passwordless authentication. This includes UI changes, administration, new network protocols, and an entire new project: a mobile app.

Highlights:

  • New Passwordless flows
  • Improved realtime communications
  • Enhanced system resilience

Try our TideCloak dev Playground demo here:

Open in Codespaces

Cybersecurity Fabric changes

Passwordless flow

Tide's PRISM authentication has been proven to significantly reduce the vulnerabilities of traditional password-based logins, but non-vigilant users may still be susceptible to phishing and credential-stuffing attacks. To address this, Tide is introducing a fully decentralized, passwordless authentication method via a dedicated mobile app for Android and iOS. The Secure Web Enclave now lets users choose between password and passwordless flows. The new flow uses public-key cryptography that is both zero-knowledge and decentralized. Communication between the Enclave and the app occurs via QR code or inter-app deep link. This approach binds a user's mobile device to their account using a non-exportable, device-bound secret key, and the standard account-recovery process securely links a new device if one is lost.

New realtime channel

There are a few scenarios that require the user (through the Secure Web Enclave) maintain an open, real-time, bidirectional communications channel with the Tide Fabric - such as the account-recovery flow that requires realtime updates on additional emails opened, and the new passwordless app communications where the enclave awaits for the app to conclude. This release includes an overhaul of the technology behind those channels the introduction of a new websocket-based mechanism to guarantee best performance, and internet protocol compatibility.

Enhanced decentralized attestation

Several work flows requiring signature-based attestation (both double blinded and other) have been unified into a more robust, performant and secure multi-party signature protocol.

Enhanced secret shard recovery process

Network failures and ORK nodes unavailability are now recovering quicker and more efficiently without dependency on network database sync.

Enhanced ORK database

The ORK databases (both it's network state and the one holding its secret internal state) have gone through several improvements for better performance, reliability and future resilience.

Enhanced Secure Web Enclave

As part of the implementation of the passwordless flows, many other enhancements were made on the UI to improve performance, browser compatibility and reliability.

TideCloak changes

Enhanced Ineffable attestation flows

The JWT signing flow utilizing Tide decentralized fabric was updated to support the newly enhanced multi-party signing protocol to allow better security, performance and reliability.

Better self-provenance control

As a verifiable proof of its own configuration, TideCloak attests its settings by signing those with its Ineffable Verifiable Vendor Key (VVK) and passing that proof to the user's web enclave to be used against the Tide Fabric - to guarantee the user is operating in the context of a specific verifiable vendor. These configurations (named "signed settings") are automatically sent to Tide Fabric to be re-signed when needed (after a confirmed configuration change), however, in case of a network outage or other failure, the admin can now check the latest status of that attestation with the ability to manually request it to be re-attested.

Tide SDK

Support for Passwordless flow added

Programmable support for the new passwordless flows have now been added to the javascript-based SDK.

Passwordless Mobile App

This release announces the first implementation of Tide's Passwordless authentication mobile app. The app is currently only available in dev/testflight mode through Apple and Google's app stores. The app introduces a minimalistic user authentication mechanism that utilizes the mobile device security features to identify its operator (biometric) and bind its unique instance (a secret key generated on the device) with the Ineffable user identity on Tide Cybersecurity Fabric - without compromising the user's privacy or personal details.