MISP
/
misp-bump
mirror of https://github.com/MISP/misp-bump
2
0
Fork 0
Code Issues Releases Wiki Activity

improve readme

pull/5/head
Felix Prahl-Kamps 2019-07-16 13:38:05 +02:00
parent dd374300f1
commit 7b673e2a6e
1 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
README.md
View File

@ -9,31 +9,37 @@ Note: only **use case 1** from the [documentation](https://www.circl.lu/doc/misp
# How does MISPbump work? # How does MISPbump work?
First of all: MISP admins login by providing the base URL of their instance and their authkey (automationkey). First of all: MISP admins login by providing the base URL of their instance and their authkey (automationkey).
On a successfull login the users profile and the linked organisation information will be downloaded automatically. On a successfull login the admins profile and the linked organisation information will be downloaded automatically.
This information can be updated at any time from the profile view. This information can be updated at any time from the profile view.
From the main screen you can start a synchronisation process by pressing the dedicated button. From the main screen you can start a synchronisation process by pressing the dedicated button.
The synchronisation process consists of 3 steps: The synchronisation process consists of 3 steps:
1. Key Exchange (unencrypted QR code) 1. **Key Exchange**
1. Synchronisation Information Exchange (with shared secret encrypted QR code) To provide a secure chanel for data exchange, the first step is to generate a shared secret with [DiffieHellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) ([Elliptic Curve](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman)).
1. Upload information to own MISP instance
#### 1. Key Exchange Public keys are exchanged via QR code.
[DiffieHellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) ([Elliptic Curve](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman)), where the public part is exchanged via a QR code.
The result is a shared secret which will be used to encrypt the information passed via QR code in step 2.
#### 2. Synchronisation Information Exchange 1. **Synchronisation Information Exchange**
Local information like Organisation name, UUID, description and User information is encrypted with a from step 1 derived key. Contains the following information:
The information can now be securely exchanged via QR code. + Own Organisation: Name, UUID, description, nationality, sector, type and contacts
+ Own User: Email
+ Own MISP instance: base URL
+ Generated: sync user authkey, sync user password
(your partner will create a sync user with these credentials)
#### 3. Upload information to MISP instance The Synchronisation information is encrypted with AES using the shared secret (from step 1).
Uploading the information to the MISP instance is accomplished with MISP's REST API.
Uploading consists of the following steps: The sync process information will be saved securely on the device, that means the upload can be started any time in the future.
1. Create organisation
1. Create Sync User & add to organisation
1. Create Sync Server & populate with information above 1. **Upload information to own MISP instance**
Uploading the information to the MISP instance is accomplished with MISP's REST API.
Uploading consists of the following steps:
1. Create organisation
1. Create Sync User & add to organisation
1. Create Sync Server & populate with information above
After that the two MISP instances are connected. After that the two MISP instances are connected.