Initial import of Brizzi HCE project
This commit is contained in:
56
PRODUCTION_CHECKLIST.md
Normal file
56
PRODUCTION_CHECKLIST.md
Normal file
@ -0,0 +1,56 @@
|
||||
# Brizzi HCE — Production Readiness (Langkah 1–6)
|
||||
|
||||
## 1) Hardening APDU & State Machine
|
||||
- ✅ Structured APDU parser (`ApduParser`) sudah dipakai.
|
||||
- ✅ Guard sesi/transaksi berbasis phase (`BrizziSession`).
|
||||
- ✅ Validasi panjang APDU, timeout sesi, replay-duplicate, dan limit command-rate di service.
|
||||
|
||||
## 2) Command/Session Security (Sudah Dilakukan)
|
||||
- ✅ Branching APDU terproteksi state (select → auth → command → commit/abort).
|
||||
- ✅ Error SW dipisahkan untuk malformed, unsupported, rate-limit, dan security status.
|
||||
|
||||
## 3) Build & Obfuscation (Sudah Dilakukan)
|
||||
- ✅ `release` tetap pakai R8 + shrink/resources.
|
||||
- ✅ Baseline ProGuard rules untuk service/router/card classes.
|
||||
- ✅ `debug` tetap non-minify agar troubleshooting.
|
||||
|
||||
## 4) Runtime & Platform Baseline (Baru)
|
||||
- ✅ Tambah NFC permission di manifest.
|
||||
- ✅ Nonaktifkan cleartext traffic (`usesCleartextTraffic=false`) + network security config.
|
||||
- ✅ Tambah `FLAG_SECURE` di activity agar layar tidak bisa di-screen capture.
|
||||
|
||||
## 5) Monitoring & Incident Readiness (Wajib)
|
||||
- Implement `audit log` terstruktur untuk event security (replay hit, rate-limit hit, auth fail).
|
||||
- ✅ Menambahkan counter audit event di runtime:
|
||||
- `BrizziSecurityMetrics` menyimpan jumlah event keamanan dan command-response.
|
||||
- Batasi log production ke metadata minimum (tanpa card data raw/APDU body).
|
||||
- ✅ Export statistik sudah aktif:
|
||||
- success/fail command rate (`COMMAND_SUCCESS`, `COMMAND_FAIL`, `COMMAND_TOTAL`),
|
||||
- timeout/rate-limit/replay statistik terpisah,
|
||||
- incident threshold auto-alert (`COMMAND_RATE_LIMIT`, `REPLAY_DETECTED`, `APDU_PARSE_FAILED`, `AUTH_DENIED`, dll.).
|
||||
- ✅ Incident report juga diekspor ke file lokal internal:
|
||||
- `security_metrics_report.txt` ditulis saat command selesai dan saat deactivation.
|
||||
|
||||
### Perintah cepat (opsional)
|
||||
- Dump metrik (debug-only):
|
||||
- `adb shell am start -n com.korancrew.brizzi/.MainActivity -a com.korancrew.brizzi.ACTION_DUMP_METRICS`
|
||||
- Reset metrik (debug-only):
|
||||
- `adb shell am start -n com.korancrew.brizzi/.MainActivity -a com.korancrew.brizzi.ACTION_RESET_METRICS`
|
||||
- Catatan:
|
||||
- file log tambahan ada di:
|
||||
- `/data/data/com.korancrew.brizzi/files/security_metrics_report.txt` (dengan `run-as` pada debug)
|
||||
|
||||
## 6) Release Operations (Wajib)
|
||||
- Siapkan signing config release dan keystore aman.
|
||||
- Smoke test HCE end-to-end di device fisik:
|
||||
- select AID 1 & AID 3,
|
||||
- auth success/fail,
|
||||
- debit/credit + commit + abort,
|
||||
- update log/last transaction + commit,
|
||||
- replay/rate-limit handling.
|
||||
- Lakukan QA dengan:
|
||||
- command invalid / malformed,
|
||||
- APDU burst,
|
||||
- NFC deactivation/reactivation,
|
||||
- timeout sesi.
|
||||
- Pastikan Play Console/enterprise rollout memakai APK/AAB yang sudah ditandatangani.
|
||||
Reference in New Issue
Block a user