wirabasalamah/Brizzi-HCE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9994823fb34bdab04d006532b2cd739d0860c9e8
Brizzi-HCE/PRODUCTION_CHECKLIST.md

57 lines
2.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Brizzi HCE — Production Readiness (Langkah 16)
## 1) Hardening APDU & State Machine
- ✅ Structured APDU parser (`ApduParser`) sudah dipakai.
- ✅ Guard sesi/transaksi berbasis phase (`BrizziSession`).
- ✅ Validasi panjang APDU, timeout sesi, replay-duplicate, dan limit command-rate di service.
## 2) Command/Session Security (Sudah Dilakukan)
- ✅ Branching APDU terproteksi state (select → auth → command → commit/abort).
- ✅ Error SW dipisahkan untuk malformed, unsupported, rate-limit, dan security status.
## 3) Build & Obfuscation (Sudah Dilakukan)
-`release` tetap pakai R8 + shrink/resources.
- ✅ Baseline ProGuard rules untuk service/router/card classes.
-`debug` tetap non-minify agar troubleshooting.
## 4) Runtime & Platform Baseline (Baru)
- ✅ Tambah NFC permission di manifest.
- ✅ Nonaktifkan cleartext traffic (`usesCleartextTraffic=false`) + network security config.
- ✅ Tambah `FLAG_SECURE` di activity agar layar tidak bisa di-screen capture.
## 5) Monitoring & Incident Readiness (Wajib)
- Implement `audit log` terstruktur untuk event security (replay hit, rate-limit hit, auth fail).
- ✅ Menambahkan counter audit event di runtime:
- `BrizziSecurityMetrics` menyimpan jumlah event keamanan dan command-response.
- Batasi log production ke metadata minimum (tanpa card data raw/APDU body).
- ✅ Export statistik sudah aktif:
- success/fail command rate (`COMMAND_SUCCESS`, `COMMAND_FAIL`, `COMMAND_TOTAL`),
- timeout/rate-limit/replay statistik terpisah,
- incident threshold auto-alert (`COMMAND_RATE_LIMIT`, `REPLAY_DETECTED`, `APDU_PARSE_FAILED`, `AUTH_DENIED`, dll.).
- ✅ Incident report juga diekspor ke file lokal internal:
- `security_metrics_report.txt` ditulis saat command selesai dan saat deactivation.
### Perintah cepat (opsional)
- Dump metrik (debug-only):
- `adb shell am start -n com.korancrew.brizzi/.MainActivity -a com.korancrew.brizzi.ACTION_DUMP_METRICS`
- Reset metrik (debug-only):
- `adb shell am start -n com.korancrew.brizzi/.MainActivity -a com.korancrew.brizzi.ACTION_RESET_METRICS`
- Catatan:
- file log tambahan ada di:
- `/data/data/com.korancrew.brizzi/files/security_metrics_report.txt` (dengan `run-as` pada debug)
## 6) Release Operations (Wajib)
- Siapkan signing config release dan keystore aman.
- Smoke test HCE end-to-end di device fisik:
- select AID 1 & AID 3,
- auth success/fail,
- debit/credit + commit + abort,
- update log/last transaction + commit,
- replay/rate-limit handling.
- Lakukan QA dengan:
- command invalid / malformed,
- APDU burst,
- NFC deactivation/reactivation,
- timeout sesi.
- Pastikan Play Console/enterprise rollout memakai APK/AAB yang sudah ditandatangani.
Reference in New Issue View Git Blame Copy Permalink