Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticate network messages #727

Closed
6 tasks done
ch1bo opened this issue Feb 17, 2023 · 1 comment · Fixed by #965
Closed
6 tasks done

Authenticate network messages #727

ch1bo opened this issue Feb 17, 2023 · 1 comment · Fixed by #965
Labels
green 💚 Low complexity or well understood feature 💬 feature A feature on our roadmap
Milestone

Comments

@ch1bo
Copy link
Collaborator

ch1bo commented Feb 17, 2023

Why

The Hydra Head protocol should be safe from adversaries which try to impersonate protocol actors via the L2 network.

When comparing the HydraV1 specification with the current implementation, we saw that we do not authenticate messages from the network layer.

Not addressing this, will allow anyone to trick the Head protocol into thinking a message came from one of the other parties. This can be used, for example, to ingest forged ReqSn messages to make the Head stuck (because they likely will not be consistent with other messages delivered).

However an attacker would not be able to sign snapshots nor create valid layer 2 transaction to spend funds. Both require the respective signing (private) keys.

What

Within this feature we add application-level signatures & verification (in contrast to transport level authentication of messages).

  • Network messages submitted on the L2 are signed the Hydra signing key
  • Received network messages are verified against the Hydra verification key of the sender (included)
    • If not, drop the message
  • It is checked that the sender is one of the known Head participants
    • If not, drop the message
  • Ensure that the signer of the message is the party that is present in the message itself.
  • Dropped messages are logged.
  • Explore replay attack

About the replay attack, we note that there are three kinds of messages that could be replayed and we don't see no issues with replaying them:

  • ReqSn -> includes the snaphotNumber so will ignore an already seen ReqSn
  • AckSn -> includes the snaphotNumber so will ignore an already seen ReqSn (and, anyway, the payload of an ackSn is true forever and this message is suppose to be idempotent)
  • ReqTx -> the ledger rule will prevent the transaction to be applied again on the ledger (you can't spend the same thing twice), especially since we don't support reference script inside a head.

The only exception to this might be if someone posts a transaction that only spend reference inputs. Then, maybe, one could repost this transaction to the ledger if there are no fees, which could be the case inside a head. But that raises several questions:

  • Is it really possible to forge transaction like that?
  • Why would someone forge a transaction like that in the first place (you need that for a replay attack)
  • Why would that be a problem if someone could replay that kind of transaction anyway?

So we'll consider the current solution fine at this stage.

How

  • Hydra keys are Ed25519 keys - use EdDSA to sign / verify; functions from Hydra.Crypto
  • ReqTx, ReqSn and AckSn contents need to have a SignableRepresentation
  • The sender Party shall not be part of the signed body
  • Connected and Disconnected events shall not be affected by this
  • Likely requires some restructuring of data types
  • Whether sender is part of the head needs to be in the HeadLogic layer.
  • Authenticity of the message itself can be checked on the networking layer or the HeadLogic layer.
@ch1bo ch1bo added the 💭 idea An idea or feature request label Feb 17, 2023
@pgrange pgrange added 💬 feature A feature on our roadmap and removed 💭 idea An idea or feature request labels Feb 21, 2023
@pgrange pgrange added the red 💣 💥 ⁉️ Very complex, risky or just not well understood feature label Feb 21, 2023
@pgrange
Copy link
Contributor

pgrange commented Feb 21, 2023

Marking as 🔴:

  • is it only a denial of service issue of a worst security problem?
  • would the solution match the authenticated channel assumption from the specification?

@ch1bo ch1bo moved this to Later in Hydra Head Roadmap Feb 28, 2023
@ch1bo ch1bo moved this from Later to Next in Hydra Head Roadmap May 2, 2023
@ch1bo ch1bo added green 💚 Low complexity or well understood feature and removed red 💣 💥 ⁉️ Very complex, risky or just not well understood feature labels May 2, 2023
@ch1bo ch1bo added this to the 0.11.0 milestone May 11, 2023
@ch1bo ch1bo moved this from Next to Now in Hydra Head Roadmap May 16, 2023
@ch1bo ch1bo modified the milestones: 0.11.0, 0.12.0 Jun 21, 2023
@ch1bo ch1bo moved this from Now to Next in Hydra Head Roadmap Jun 21, 2023
@v0d1ch v0d1ch self-assigned this Jun 30, 2023
@ghost ghost closed this as completed in #965 Jul 6, 2023
@github-project-automation github-project-automation bot moved this from Next to Done in Hydra Head Roadmap Jul 6, 2023
@v0d1ch v0d1ch removed their assignment Jul 7, 2023
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
green 💚 Low complexity or well understood feature 💬 feature A feature on our roadmap
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants