FUTURE_ENHANCEMENTS.md

Hinweis: Vage Einträge ohne messbares Ziel, Interface-Spezifikation oder Teststrategie mit <!-- TODO: add measurable target, interface spec, test strategy --> markieren.

Security Module - Future Enhancements

• TLS 1.3 and mTLS for all client-server and service-to-service transport
• AES-256-GCM encryption-at-rest for stored documents, index entries, and WAL segments
• RBAC and ABAC policy enforcement at query-execution and storage layer
• HSM integration (PKCS#11) for root key material storage and hardware-backed signing
• Post-quantum cryptography: CRYSTALS-Kyber (key encapsulation) and CRYSTALS-Dilithium (signatures)
• Anomaly detection and behavioral analytics for insider-threat and abuse detection
• Zero-trust network model: every request authenticated and authorized regardless of network origin
• Compliance attestation: FIPS 140-3, SOC 2 Type II, PCI DSS v4.0, GDPR/HIPAA audit support

✅ Implemented (v1.6.0)

USB Volume Hardening — Defence Against FAT Manipulation

Status: ✅ Implemented (v1.6.0)

The USB admin security system has been hardened against FAT filesystem manipulation attacks. An attacker with physical access to the USB stick can no longer simply copy, replace, or hex-edit the license file: three independent protection layers have been added.

Scope

• include/security/usb_volume_hardening.h — USBVolumeHardening static class
• src/security/usb_volume_hardening.cpp — production implementation
• Extended USBAdminConfig with three new opt-in fields
• Extended USBAdminAuthenticator::Metrics with three new counters
• tests/test_usb_volume_hardening.cpp — 22 tests; USBVolumeHardeningFocusedTests

Protection Layers

1. Volume integrity hash (expected_volume_hash config field)
   • SHA-256 of the raw license file content, provisioned at USB-issuance time
   • Computed fresh on every refreshUSBStatus() call and compared with constant-time CRYPTO_memcmp
   • Detects: file replacement, byte-level edits via hex editor, FAT sector rewriting
2. Read-only mount enforcement (require_readonly_mount config field)
   • Checks /proc/mounts on Linux, FILE_READ_ONLY_VOLUME on Windows
   • Prevents any process (including a compromised one) from writing to the stick during auth
3. USB device serial binding (expected_usb_serial config field)
   • Reads SCSI VPD page 0x80 serial via /sys/class/block/<dev>/device/../../serial on Linux
   • Prevents dd clone attacks: a cloned stick reports a different USB string descriptor serial
   • Windows fallback: volume serial number from GetVolumeInformation()

Design Constraints

• All checks are opt-in via config fields; existing deployments are unaffected
• No new mandatory dependencies; reuses OpenSSL (already a hard dependency)
• All comparisons use CRYPTO_memcmp (OpenSSL constant-time compare)

---

Design Constraints

• All cryptographic primitives must use OpenSSL 3.x FIPS provider or liboqs; no custom implementations
• Key material must never appear in process memory longer than necessary; zeroize immediately after use
• AES-256-GCM nonces must be generated by CSPRNG; counter-based nonce reuse is a hard error
• [~] HSM operations must be non-blocking; use async PKCS#11 C_Sign/C_Encrypt where available (deferred: PKCS#11 async not yet exposed)
• Post-quantum algorithms run alongside classical algorithms in hybrid mode until full migration completes
• Zero-trust policy engine must deny by default; explicit allow rules are required for every resource
• Audit log entries must be tamper-evident (HMAC-chained) and must not be deletable via normal DB ops
• All security module public APIs must be thread-safe with no shared mutable state outside explicit locks

Required Interfaces

Interface	Consumer	Notes
IEncryptionProvider	Storage engine, WAL writer	AES-256-GCM encrypt/decrypt with key-ID tagging
IKeyProvider	Encryption provider, signing service	Fetch/rotate symmetric and asymmetric keys; HSM-backed
ITLSProvider	Network layer (gRPC/HTTP)	Configure TLS 1.3 contexts, mTLS client-cert validation
IRBACEvaluator	Query engine	Role-permission evaluation; deny-by-default
IABACPolicyEngine	Query engine	Attribute-based policy (XACML-style) evaluation
IPostQuantumProvider	Key exchange, signing	Kyber-1024 encapsulate/decapsulate; Dilithium-5 sign/verify
IAnomalyDetector	Audit subsystem	Score access events; return threat level + explanation
IAuditLogger	All security-sensitive paths	Write tamper-evident, append-only audit records

Planned security features and improvements for ThemisDB.

Table of Contents

1. Post-Quantum Cryptography
2. Advanced Key Management
3. Zero-Knowledge Proofs
4. Homomorphic Encryption
5. Hardware Security Enhancements
6. Advanced Threat Detection
7. Compliance & Certification
8. Performance Optimizations
9. Cloud Security Integration
10. Blockchain Integration

Source Code Audit Findings (2026-03-12)

ArrowUserRegistrationPlugin: Implement Apache Arrow Integration

Priority: High Target Version: v1.8.0

arrow_user_registration_plugin.cpp has 4 TODO stubs:

• Line 82: "TODO: Implement Apache Arrow integration"
• Line 118: "TODO: Implement Arrow-based authentication"
• Line 136: "TODO: Implement bulk user sync from Arrow source"
• Line 156: "TODO: Implement user update from Arrow source"

All Arrow-based user management operations silently no-op.

Implementation Notes:

• [x] Wire arrow::RecordBatch deserialization for user records using the Apache Arrow C++ library (already a dependency via src/exporters/arrow_ipc_exporter.cpp).
• [x] Implement bulkSyncFromArrow(arrow::RecordBatch): upsert users from a record batch with columns user_id, password_hash, roles, email.
• [x] Implement authenticateFromArrow(user_id, credentials): look up user record from the Arrow-backed store.
• [x] Add unit tests: bulk sync of 1000 users via Arrow record batch; verify authentication works for synced users.

---

AQLInjectionDetector: AST-Level Validation

Priority: High Target Version: v1.4.0

aql_injection_detector.cpp: AST-level operation validation implemented in v1.4.0. The detector now parses queries into an AST and validates them structurally, catching injection attacks that evade regex by using non-standard whitespace, Unicode escapes, or concatenation.

Implementation Notes:

• [x] Integrate with src/query/aql_parser.cpp: parse the query into an AST before validation.
• [x] Walk the AST to detect disallowed operation/function nodes in expressions (e.g., EXECUTE, EXEC, SYSTEM, SHELL, XP_CMDSHELL, SP_EXECUTESQL, WAITFOR, BENCHMARK, SLEEP, LOAD_FILE).
• [x] Fall back to regex-based detection if AST parsing fails (defense in depth).
• [x] Add unit tests: queries that bypass regex but contain disallowed operation/function nodes in the AST are detected.
• [x] Extend AST validation to detect DDL/write operations in read-only contexts.
• [x] Extend AST validation to flag unbounded FOR loops that do not contain a LIMIT clause.
• [x] Add unit tests: queries with DDL in read-only contexts and unbounded FOR loops without LIMIT are rejected once AST validation is extended.

---

Overview

Prepare for quantum computing threats by implementing quantum-resistant algorithms.

Planned Features

1. NIST Post-Quantum Algorithms

// CRYSTALS-Kyber for key encapsulation
class QuantumResistantKeyProvider : public KeyProvider {
public:
    // Kyber-1024 for 256-bit security level
    std::vector<uint8_t> encapsulateKey(const PublicKey& pub_key) override;
    std::vector<uint8_t> decapsulateKey(const std::vector<uint8_t>& ciphertext) override;
};

// CRYSTALS-Dilithium for digital signatures
class QuantumResistantSigning : public SigningService {
public:
    // Dilithium-5 for maximum security
    SigningResult sign(const std::vector<uint8_t>& data) override;
    bool verify(const std::vector<uint8_t>& data,
                const std::vector<uint8_t>& signature) override;
};

2. Hybrid Cryptography

Combine classical and post-quantum algorithms for defense-in-depth:

class HybridEncryption {
public:
    // AES-256-GCM + Kyber-1024
    EncryptedBlob encrypt(const std::string& plaintext) {
        auto kyber_key = kyber_.generateKey();
        auto aes_key = aes_.generateKey();

        // Encrypt data with AES
        auto ciphertext = aes_.encrypt(plaintext, aes_key);

        // Encapsulate AES key with Kyber
        auto encapsulated = kyber_.encapsulate(aes_key);

        return {ciphertext, encapsulated};
    }
};

3. Migration Path

• Phase 1: Add post-quantum algorithms alongside existing
• Phase 2: Implement hybrid mode (classical + PQ)
• Phase 3: Full migration to post-quantum only
• Phase 4: Deprecate classical algorithms

Timeline: 2025-2027

Implementation Priorities

1. ✅ High: Key encapsulation (Kyber)
2. ✅ High: Digital signatures (Dilithium)
3. 🔶 Medium: Hash functions (SPHINCS+)
4. 🔶 Medium: Hybrid mode implementation
5. ⬜ Low: Performance optimization

Advanced Key Management

1. Distributed Key Generation (DKG)

Generate keys across multiple parties without single point of trust:

class DistributedKeyGenerator {
public:
    struct DKGConfig {
        int threshold;        // Minimum shares needed (e.g., 3)
        int total_shares;     // Total shares (e.g., 5)
        std::vector<std::string> participant_ids;
    };

    // Generate key shares
    std::vector<KeyShare> generateShares(const DKGConfig& config);

    // Reconstruct key from threshold shares
    std::vector<uint8_t> reconstructKey(const std::vector<KeyShare>& shares);

    // Refresh shares without changing key
    std::vector<KeyShare> refreshShares(const std::vector<KeyShare>& old_shares);
};

Use Cases:

• Multi-region disaster recovery
• Split control between security teams
• Regulatory compliance (dual control)

2. Threshold Signatures

Require multiple parties to authorize signatures:

class ThresholdSignature {
public:
    // Create partial signature with individual key share
    PartialSignature signPartial(const std::vector<uint8_t>& data,
                                   const KeyShare& share);

    // Combine partial signatures
    Signature combinePartials(const std::vector<PartialSignature>& partials);

    // Verify threshold signature
    bool verify(const std::vector<uint8_t>& data, const Signature& sig);
};

Applications:

• Multi-approval workflows
• Critical operations (key deletion, config changes)
• Fraud prevention

3. Secure Multi-Party Computation (MPC)

Compute on encrypted data without decryption:

class SecureMultiPartyComputation {
public:
    // Secret-share input across parties
    std::vector<Share> share(const std::vector<uint8_t>& input, int parties);

    // Compute on shares (e.g., average, sum, comparison)
    std::vector<Share> compute(const std::vector<std::vector<Share>>& inputs,
                               const ComputeFunction& func);

    // Reconstruct result
    std::vector<uint8_t> reconstruct(const std::vector<Share>& shares);
};

Use Cases:

• Privacy-preserving analytics
• Confidential data sharing
• Secure auctions

4. Key Derivation Functions (KDF)

Advanced key derivation with domain separation:

class AdvancedKDF {
public:
    // HKDF with context binding
    std::vector<uint8_t> deriveKey(const std::vector<uint8_t>& master_key,
                                    const std::string& context,
                                    const std::string& purpose,
                                    size_t output_len);

    // Argon2id for password-based keys
    std::vector<uint8_t> deriveFromPassword(const std::string& password,
                                            const std::vector<uint8_t>& salt,
                                            int memory_cost,
                                            int time_cost);

    // X963 KDF for ECDH
    std::vector<uint8_t> deriveFromECDH(const ECPoint& shared_secret,
                                        const std::vector<uint8_t>& info);
};

Zero-Knowledge Proofs

Overview

Prove data properties without revealing the data itself.

Planned Features

1. zkSNARKs for Query Verification

class ZeroKnowledgeQuery {
public:
    // Generate proof that query result is correct
    // without revealing underlying data
    Proof generateProof(const AQLQuery& query,
                        const QueryResult& result);

    // Verify proof
    bool verifyProof(const AQLQuery& query,
                     const QueryResult& result,
                     const Proof& proof);
};

Applications:

• Prove compliance without exposing PII
• Verifiable aggregate statistics
• Audit without data access

2. Zero-Knowledge Authentication

class ZKAuthentication {
public:
    // Prove knowledge of password without sending it
    Challenge requestChallenge(const std::string& username);
    Proof proveKnowledge(const std::string& password, const Challenge& challenge);
    bool verifyProof(const std::string& username, const Proof& proof);
};

3. Range Proofs

class RangeProof {
public:
    // Prove value is in range without revealing exact value
    Proof proveInRange(int64_t value, int64_t min, int64_t max);

    // Example: Prove age >= 18 without revealing exact age
    bool verifyAgeProof(const Proof& proof, int64_t min_age);
};

Use Cases:

• Age verification (>18, >21)
• Credit score ranges
• Salary bands

Homomorphic Encryption

Overview

Compute on encrypted data without decryption.

Planned Features

1. Partially Homomorphic Encryption

class HomomorphicEncryption {
public:
    // Paillier cryptosystem for additive operations
    PaillierCiphertext encrypt(int64_t plaintext);

    // Add encrypted values
    PaillierCiphertext add(const PaillierCiphertext& a,
                           const PaillierCiphertext& b);

    // Multiply encrypted value by constant
    PaillierCiphertext multiplyConstant(const PaillierCiphertext& ct,
                                        int64_t constant);

    int64_t decrypt(const PaillierCiphertext& ct);
};

Applications:

• Encrypted voting
• Privacy-preserving machine learning
• Secure aggregation

2. Fully Homomorphic Encryption (FHE)

class FullyHomomorphicEncryption {
public:
    // Microsoft SEAL or OpenFHE backend
    FHECiphertext encrypt(int64_t plaintext);

    // Arbitrary arithmetic on encrypted data
    FHECiphertext add(const FHECiphertext& a, const FHECiphertext& b);
    FHECiphertext multiply(const FHECiphertext& a, const FHECiphertext& b);
    FHECiphertext negate(const FHECiphertext& a);

    int64_t decrypt(const FHECiphertext& ct);
};

Challenges:

• Performance (1000-1000000x slower than plaintext)
• Noise accumulation (limits operation depth)
• Key management complexity

Timeline: Research phase, 2026-2028

Hardware Security Enhancements

1. Trusted Execution Environments (TEE)

Intel SGX

class SGXEnclave {
public:
    // Run encryption inside SGX enclave
    EncryptedBlob encryptInEnclave(const std::string& plaintext,
                                    const std::string& key_id);

    // Seal data to enclave (encrypted with CPU key)
    SealedBlob seal(const std::vector<uint8_t>& data);

    // Attest enclave integrity
    AttestationReport generateAttestation();
};

AMD SEV (Secure Encrypted Virtualization)

class SEVProtection {
public:
    // Encrypt entire VM memory
    bool enableSEV(const VMConfig& config);

    // Verify VM integrity
    bool attestVM(const AttestationToken& token);
};

ARM TrustZone

class TrustZoneSecureWorld {
public:
    // Execute cryptographic operations in secure world
    SecureResult executeSecure(const SecureOperation& op);

    // Store keys in secure storage
    bool storeKeySecure(const std::string& key_id,
                        const std::vector<uint8_t>& key);
};

2. Advanced HSM Features

class AdvancedHSM : public HSMProvider {
public:
    // Dual control (require 2+ admins)
    bool setDualControl(const std::string& key_id, int min_approvals);

    // Key ceremony (generate key with witnesses)
    KeyCeremonyResult conductKeyCeremony(const std::vector<std::string>& witnesses);

    // Backup and recovery
    EncryptedBackup backupKeys(const std::vector<std::string>& key_ids);
    bool restoreKeys(const EncryptedBackup& backup);

    // Audit logging
    std::vector<HSMAuditEvent> getAuditLog(int64_t start_ts, int64_t end_ts);
};

3. TPM Integration

class TPMProvider : public KeyProvider {
public:
    // Use TPM for key storage
    bool sealKeyToTPM(const std::string& key_id,
                      const std::vector<uint8_t>& key);

    // Unseal only if PCR values match (measured boot)
    std::optional<std::vector<uint8_t>> unsealKey(const std::string& key_id);

    // Remote attestation
    AttestationQuote quote(const std::vector<uint8_t>& nonce);
};

Advanced Threat Detection

1. Behavioral Analytics

class BehavioralSecurityAnalyzer {
public:
    struct UserBehavior {
        std::string user_id;
        std::vector<QueryPattern> typical_queries;
        std::vector<AccessPattern> typical_access;
        TimeOfDayProfile time_profile;
        LocationProfile location_profile;
    };

    // Learn normal behavior
    void train(const std::vector<AuditEvent>& events);

    // Detect anomalies
    AnomalyScore scoreEvent(const AuditEvent& event);

    // Alert on suspicious activity
    std::vector<SecurityAlert> detectAnomalies();
};

Detection Patterns:

• Unusual query patterns (sudden bulk exports)
• Access from new locations
• Time-of-day anomalies (access at 3 AM)
• Permission escalation attempts
• Rapid-fire queries (potential scraping)

2. Machine Learning Threat Detection

class MLThreatDetector {
public:
    // Train model on labeled threats
    void train(const std::vector<LabeledEvent>& events);

    // Classify new events
    ThreatClassification classify(const AuditEvent& event);

    // Adaptive learning (update model with new threats)
    void updateModel(const std::vector<ConfirmedThreat>& threats);
};

ML Models:

• Random Forest for query classification
• LSTM for sequential pattern detection
• Autoencoders for anomaly detection
• Graph neural networks for access pattern analysis

3. Real-Time Intrusion Detection

class IntrusionDetectionSystem {
public:
    struct IDS_Rule {
        std::string name;
        std::string pattern;
        SeverityLevel severity;
        ResponseAction action;  // LOG, ALERT, BLOCK
    };

    // Load Snort/Suricata rules
    void loadRules(const std::vector<IDS_Rule>& rules);

    // Real-time event processing
    void processEvent(const AuditEvent& event);

    // Auto-response
    void triggerResponse(const SecurityIncident& incident);
};

Compliance & Certification

1. Additional Compliance Frameworks

FIPS 140-3 Compliance

class FIPS140Compliance {
public:
    // Ensure only FIPS-approved algorithms
    bool validateAlgorithm(const std::string& algorithm);

    // FIPS self-tests
    bool runSelfTests();

    // Zeroization (secure deletion)
    void zeroize(void* ptr, size_t len);
};

PCI DSS v4.0

class PCIDSSCompliance {
public:
    // Requirement 3: Protect stored cardholder data
    void encryptCardData(const std::string& pan);

    // Requirement 4: Encrypt transmission
    void enableTLS13();

    // Requirement 8: Multi-factor authentication
    void enforceMFA();

    // Requirement 10: Log and monitor
    void auditAllAccess();
};

FedRAMP Authorization

• Continuous monitoring
• Boundary protection
• Configuration management
• Incident response

2. Privacy-Enhancing Technologies (PETs)

Differential Privacy

class DifferentialPrivacy {
public:
    // Add calibrated noise to query results
    QueryResult addNoise(const QueryResult& result, double epsilon);

    // Privacy budget tracking
    bool checkPrivacyBudget(const std::string& dataset, double epsilon);

    // Composition theorems
    double computeComposedEpsilon(const std::vector<double>& epsilons);
};

Synthetic Data Generation

class SyntheticDataGenerator {
public:
    // Generate synthetic dataset preserving statistics
    Dataset generateSynthetic(const Dataset& original,
                             const PrivacyParams& params);

    // Validate synthetic data quality
    QualityMetrics evaluateQuality(const Dataset& original,
                                   const Dataset& synthetic);
};

3. Automated Compliance Reporting

class ComplianceReporter {
public:
    // Generate SOC 2 report
    SOC2Report generateSOC2(int64_t period_start, int64_t period_end);

    // Generate GDPR compliance report
    GDPRReport generateGDPR();

    // Generate HIPAA audit log
    HIPAAReport generateHIPAA(int64_t period_start, int64_t period_end);

    // Export for auditors
    AuditPackage exportForAudit(const std::vector<std::string>& controls);
};

Performance Optimizations

1. Hardware Acceleration

GPU-Accelerated Encryption

class GPUEncryption {
public:
    // Batch encrypt on GPU
    std::vector<EncryptedBlob> encryptBatch(
        const std::vector<std::string>& plaintexts,
        const std::string& key_id);

    // CUDA kernel for AES-GCM
    __global__ void aes_gcm_encrypt_kernel(
        const uint8_t* plaintexts,
        uint8_t* ciphertexts,
        const uint8_t* keys,
        int batch_size);
};

Expected Performance:

• 10-50x throughput improvement
• Ideal for bulk operations
• Latency similar to CPU for small batches

CPU AES-NI Instructions

class HardwareAES {
public:
    // Use Intel AES-NI or ARM Crypto Extensions
    std::vector<uint8_t> encryptAESNI(const std::vector<uint8_t>& plaintext,
                                       const std::vector<uint8_t>& key);

    // VAES (AVX-512)
    void encryptBatchVAES(const BatchInput& input, BatchOutput& output);
};

2. Caching Optimizations

class AdvancedKeyCache {
public:
    struct CacheConfig {
        size_t max_size_bytes;
        std::chrono::seconds ttl;
        bool use_lru_eviction;
        bool enable_prefetch;
    };

    // Predictive prefetch
    void prefetchKeys(const std::vector<std::string>& key_ids);

    // Multi-tier cache (L1 in-memory, L2 Redis)
    std::optional<KeyMaterial> getKey(const std::string& key_id);

    // Negative caching (cache key-not-found results)
    void cacheNegative(const std::string& key_id);
};

3. Parallel Encryption

class ParallelEncryption {
public:
    // Encrypt fields in parallel
    std::vector<EncryptedBlob> encryptParallel(
        const std::vector<std::pair<std::string, std::string>>& fields,
        int num_threads);

    // Pipeline encryption (overlap I/O and compute)
    void encryptPipeline(InputStream& input, OutputStream& output);
};

Cloud Security Integration

1. Cloud KMS Integration

AWS KMS

class AWSKMSProvider : public KeyProvider {
public:
    std::vector<uint8_t> encrypt(const std::vector<uint8_t>& plaintext,
                                  const std::string& key_arn) override;

    std::vector<uint8_t> decrypt(const std::vector<uint8_t>& ciphertext,
                                  const std::string& key_arn) override;

    // Envelope encryption
    EnvelopeKey generateDataKey(const std::string& key_arn);
};

Azure Key Vault

class AzureKeyVaultProvider : public KeyProvider {
public:
    std::vector<uint8_t> wrapKey(const std::vector<uint8_t>& key,
                                 const std::string& vault_key_name) override;

    std::vector<uint8_t> unwrapKey(const std::vector<uint8_t>& wrapped_key,
                                    const std::string& vault_key_name) override;
};

Google Cloud KMS

class GCPKMSProvider : public KeyProvider {
public:
    std::vector<uint8_t> asymmetricEncrypt(const std::vector<uint8_t>& plaintext,
                                           const std::string& key_path) override;

    std::vector<uint8_t> asymmetricDecrypt(const std::vector<uint8_t>& ciphertext,
                                           const std::string& key_path) override;
};

2. Secrets Management

class CloudSecretsManager {
public:
    // Rotate secrets automatically
    void enableAutoRotation(const std::string& secret_id,
                           std::chrono::hours rotation_period);

    // Version management
    SecretVersion getSecretVersion(const std::string& secret_id,
                                   const std::string& version);

    // Access control
    bool grantAccess(const std::string& secret_id,
                    const std::string& principal);
};

3. Cloud-Native Security Services

class CloudSecurityServices {
public:
    // AWS GuardDuty integration
    void enableGuardDuty();

    // Azure Sentinel integration
    void streamToSentinel(const std::vector<AuditEvent>& events);

    // GCP Security Command Center
    void reportToSCC(const SecurityFinding& finding);
};

Blockchain Integration

1. Immutable Audit Logs

class BlockchainAuditLog {
public:
    // Write audit event to blockchain
    TransactionHash logToBlockchain(const AuditEvent& event);

    // Verify event integrity
    bool verifyEvent(const AuditEvent& event, const TransactionHash& tx_hash);

    // Prove event ordering (temporal proof)
    TemporalProof proveOrdering(const AuditEvent& event1,
                               const AuditEvent& event2);
};

Supported Blockchains:

• Ethereum (public/private)
• Hyperledger Fabric (permissioned)
• Avalanche (high-throughput)

2. Smart Contract Security

class SmartContractSecurity {
public:
    // Deploy security policy as smart contract
    ContractAddress deployPolicy(const SecurityPolicy& policy);

    // Enforce policy on-chain
    bool checkPolicy(const AccessRequest& request);

    // Audit smart contract
    std::vector<Vulnerability> auditContract(const ContractAddress& addr);
};

3. Decentralized Identity (DID)

class DecentralizedIdentity {
public:
    // Create decentralized identifier
    DID createDID(const PublicKey& pub_key);

    // Verifiable credentials
    VerifiableCredential issueCredential(const DID& subject,
                                        const Claims& claims);

    // Verify credential
    bool verifyCredential(const VerifiableCredential& credential);
};

Implementation Roadmap

Phase 1: Q2 2025

• ✅ Post-quantum key encapsulation (Kyber)
• ✅ Distributed key generation
• ✅ GPU-accelerated encryption
• ✅ AWS KMS integration

Phase 2: Q4 2025

• ✅ Zero-knowledge authentication
• ✅ Behavioral analytics
• ✅ FIPS 140-3 compliance
• ✅ Intel SGX integration

Phase 3: Q2 2026

• ✅ Threshold signatures
• ✅ ML threat detection
• ✅ Differential privacy
• ✅ Blockchain audit logs

Phase 4: Q4 2026

• 🔶 Homomorphic encryption (partial)
• 🔶 Smart contract security
• 🔶 Decentralized identity
• 🔶 Azure/GCP KMS integration

Phase 5: 2027+

• ⬜ Fully homomorphic encryption
• ⬜ Post-quantum migration (complete)
• ⬜ Advanced TEE support
• ⬜ Quantum key distribution (QKD)

Research Areas

1. Quantum Key Distribution (QKD)

• BB84 protocol implementation
• Entanglement-based QKD
• Integration with existing infrastructure

2. Secure Multi-Party Computation

• Yao's garbled circuits
• GMW protocol
• SPDZ framework

3. Verifiable Computing

• Interactive proofs
• Probabilistically checkable proofs (PCP)
• Succinct non-interactive arguments (SNARGs)

4. Privacy-Preserving Machine Learning

• Federated learning
• Secure aggregation
• Model encryption

Contributing

Interested in contributing to security features? See:

• CONTRIBUTING.md
• Security development guide
• Security research proposals

References

Standards

• NIST SP 800-175B: Post-Quantum Cryptography
• FIPS 140-3: Security Requirements for Cryptographic Modules
• RFC 5652: Cryptographic Message Syntax
• RFC 3161: Time-Stamp Protocol

Libraries

• liboqs: Open Quantum Safe
• Microsoft SEAL: Homomorphic Encryption
• Intel SGX SDK
• Google Tink: Cryptographic Library

Papers

• "Post-Quantum Cryptography" - Bernstein et al.
• "Practical Homomorphic Encryption" - Gentry
• "Zerocash: Decentralized Anonymous Payments" - Sasson et al.
• "CryptoNote: Untraceable Electronic Cash System" - van Saberhagen

Test Strategy

• Unit tests: ≥ 80% line coverage on all encryption providers, key management, and policy evaluators
• AES-256-GCM: NIST CAVP Known-Answer Tests (KAT) for all supported key sizes; nonce-reuse must throw at run time
• TLS: test with TLS 1.2 (must be rejected) and TLS 1.3 (must succeed); verify mTLS rejects untrusted client certs
• Post-quantum: cross-validate Kyber/Dilithium outputs against liboqs reference test vectors
• RBAC/ABAC: ≥ 500 policy matrix tests including deny-by-default, privilege escalation, wildcard, and negation rules
• HSM integration: mock PKCS#11 token tests for sign, encrypt, and key-generation; hardware tests on CI with SoftHSM2
• Anomaly detector: labeled event dataset with ≥ 1,000 samples; precision ≥ 0.90, recall ≥ 0.85 for threat classification
• Audit log: tamper-evidence test — mutate any record and assert chain-verification fails
• Performance regression gate: CI blocks merge if AES-256-GCM throughput drops > 10% from baseline

Performance Targets

• AES-256-GCM encryption throughput (CPU AES-NI): ≥ 1 GB/s on a single core
• RSA-4096 signature verification: p99 ≤ 5 ms
• Kyber-1024 key encapsulation: ≥ 2,000 ops/s on a single core
• Dilithium-5 signing: ≥ 1,000 ops/s on a single core
• TLS 1.3 handshake (ECDHE-AES256-GCM): p99 ≤ 10 ms for new connections
• RBAC policy evaluation (up to 100 roles): p99 ≤ 0.5 ms
• HSM-backed RSA-2048 sign (SoftHSM2 baseline): p99 ≤ 20 ms
• Audit log write (tamper-evident append): p99 ≤ 2 ms per entry

---

Security Hardening Backlog (Q2–Q3 2026)

Items below were identified via static analysis (2026-04-21) and are tracked as GAP entries in docs/governance/SOURCECODE_COMPLIANCE_GOVERNANCE.md.

GAP-008 – Constant-Time Token Comparison

Scope: src/server/export_api_handler.cpp:443, src/server/auth_middleware.cpp:204

Design Constraints

• Must not regress existing auth flow (all tests in tests/test_auth_middleware.cpp must pass)
• Constant-time comparison must guard against both value-equality and length-equality leaks

Required Interfaces

• Use CRYPTO_memcmp (OpenSSL, already a dependency) for raw byte comparison
• For auth_middleware, hash each stored token with HMAC-SHA256 (keyed by a server secret) and compare the incoming token's digest against stored digests

Implementation Notes

• export_api_handler.cpp:443: return token == admin_token; → replace with constant-length comparison after strlen(admin_token) == token.size() check (length check itself must not short-circuit; use |= to accumulate difference)
• auth_middleware.cpp:204: key the token map on HMAC-SHA256(token); on lookup, compute the incoming token's HMAC and do a direct map lookup (hash maps are structurally O(1) and hide timing from the value comparison)

Test Strategy

• Unit test: submit tokens that differ only in last byte; assert response times are statistically indistinguishable (Welch's t-test, α=0.01, n=1000 samples)
• Regression: all existing auth tests must pass unchanged

Performance Targets

• Token validation overhead: ≤ 5 µs additional latency per request (HMAC-SHA256 is ~1 µs on modern HW)

Security / Reliability

• CRYPTO_memcmp must be used; std::equal with custom comparator is not acceptable because the compiler may optimise it into a timing-unsafe branch

---

GAP-003 – Reject SHA-1 in SAML Assertions

Scope: src/auth/saml_authenticator.cpp:338

Design Constraints

• Existing SHA-256 SAML flows must not be affected
• Change must be accompanied by an operator-visible warning period (deprecation log at WARN for 1 release before hard rejection)

Required Interfaces

• EVP_sha1() branch becomes: THEMIS_ERROR("SAML: SHA-1 digest rejected"); return false;
• Add a THEMIS_SAML_ALLOW_SHA1 emergency override env-var (logs a critical warning on startup)

Implementation Notes

• RFC 8211 (2017) mandates deprecation of SHA-1 in XML Digital Signatures
• NIST SP 800-131A Rev. 2 prohibits SHA-1 for digital signatures after 2015

Test Strategy

• Unit test: assert that a SHA-1-signed assertion returns false
• Unit test: assert that THEMIS_SAML_ALLOW_SHA1=1 env var re-enables SHA-1 with CRITICAL log

Performance Targets

• No performance impact (rejection is early-exit)

Security / Reliability

• Hard rejection by default; no silent downgrade