How Technician data is protected.
EOD Technicians (Techs) work with highly sensitive data and methods to carry out operations. Handling information for operations must be resilient against cybersecurity threats and exposure. The following explains the security and encryption policies used by EODTOC to protect data stored by the application.
Privacy
Information entered by the Tech is stored locally and can be backed up to the Tech's Apple or Google account. Sensitive data, such as Operations and After Action Reports (AARs), are always encrypted with a unique key for each Tech. Keys are always generated locally and never shared with the developers of EODTOC.
This key is stored in the Tech's local Keychain (Apple) or Keystore (Android) and access is locked behind biometrics (e.g. FaceID) or device passcode. The app can also export a recovery key for backup. For maximum security, the key can be split between the Tech's device and a physical key so that both the device passcode and the physical key are required for decryption.
Personal Tech data, such as last name, e-mail, and rank, are always optional and require biometric or device passcode confirmation to share with other Techs. Networking capabilities are limited to map rendering with Apple Maps and checking app status through the EODTOC Status page.
Encryption and Data Security
Sensitive data are protected using a quantum-resilient encryption process with algorithms designed to defend against harvest-now, decrypt-later attacks. A general explanation first, then the details:
When the Tech first downloads the EODTOC application, they are generated a keypair: one private key and one public key. Sensitive information is not directly encrypted using these keys. Instead, the payload is first encrypted with a fresh helper key, then the helper key is itself encrypted using the Tech's public key.
The helper key is symmetric, meaning it can both encrypt and decrypt data. The Tech's keypair is asymmetric, meaning only the Tech's private key can be used to unlock helper keys. The unlocked helper key can then be used to decrypt the payload.
Specifically, the Tech keypair operates a quantum-secure Key Encapsulation Mechanism (ML-KEM-1024) to safely store the symmetric 256-bit helper key. The helper key uses the AES-GCM algorithm to secure the payload (quantum-secure when using a 256-bit key).
The two-step process removes the unlock key requirement when data needs to be stored compared to using a symmetric key directly, reducing the amount of time an unlock key needs to remain in device memory.
Physical Key Option
To maximize security in the case of lost or stolen devices, an option is provided to split the private key between the Tech's device and a writable NFC tag. By splitting the key, encrypted data can only be unlocked if both the Tech's biometric or passcode is verified and the NFC tag is read in, each providing its required half of the key.
The NFC tag can be kept in a physically safe location so that even if the device is obtained by a sophisticated attacker, the data remains inaccessible without the tag.
Intelligence
This section relates only to Apple devices that support Apple Intelligence. Development is ongoing for local AI on Android devices.
Artificial Intelligence (AI) backed features can be enabled on supported devices. On Apple devices, this is through the Foundation Models framework, which operates fully on-device and privately. AI features are always off by default. Techs can give and revoke permission to the framework at any time. Any future AI integrations will be integrated with first-class security and privacy.