Releases: kasinathca/intent-aware-security
Release list
Release v1.0.0: Initial Architecture Launch
Release v1.0.0: Initial Architecture Launch
This release establishes a robust middleware architecture designed to secure legacy identity verification systems (such as Aadhaar OTP infrastructure) against advanced modern threat vectors, including credential stuffing, automated scraping, and SS7/SIM-swapping.
Key Architectural Frameworks Introduced
1. Cryptographic Security Engine (ZKP Layer)
This release introduces a localized cryptographic proxy mechanism that functionally mirrors a Zero-Knowledge Proof.
- Standards-Compliant: Implements Elliptic Curve Digital Signature Algorithm (ECDSA) relying on the NIST P-256 (SECP256R1) curve.
- Replay Immunity: Integrates a thread-safe
ChallengeStoreenforcing strict 60-second time-to-live (TTL) limits and single-use operational states for pseudorandom nonces. - Browser Sandbox Security: Private keys are generated securely on the edge via the WebCrypto API (
window.crypto.subtle) and strictly sandboxed within browserlocalStorage, ensuring the authentication secret is physically never transmitted over the network.
2. Behavioral Anomaly Engine (ML Layer)
To detect and halt statistically perfect protocol spoofing (Mimicry Attacks) where cryptographic keys are theoretically bypassed, this release implements a secondary defensive perimeter.
- Unsupervised Analysis: Deploys a trained
IsolationForestmodel to quantitatively predict threat arrays exclusively via spatial and temporal metadata (Time of Request, Global Geo-location, Network IP Rate, and Body Payload mass). - Deterministic Rejection: Classifies inbound API requests entirely devoid of algorithmic prejudice. Outliers generate negative structural coefficients, instigating an immediate automated
HTTP 403connection termination.
3. Middleware Integration & Telemetry
A high-throughput API gateway (FastAPI) binds the dual security layers into a low-latency environment.
- Interactive Telemetry Dashboard: Generates continuous, live visual telemetry parameters utilizing
Chart.jsfor Risk Scores, Traffic Volume mapping, and dynamic ZKP pie-chart analytics. - Testing Simulators: Includes two native simulation environments—a graphical Hacker Console and a CLI
attacker.py—designed to intentionally flood the application layer via Multi-Threading to objectively validate gateway load mitigation constraints.
Documentation
Comprehensive technical documentation, including endpoint mappings and model feature sets, is actively available on the GitHub Repository Wiki:
Artifact Signatures:
- Tested Frameworks: Python 3.10+, FastAPI, Scikit-Learn 1.3+, Cryptography 41+
- Validation State: Standard Integration Tests (PASSED)
- Release Branch:
main
(End of Release Notes)