search

Consensys / orion

Orion is a PegaSys component for doing private transactions
https://docs.orion.consensys.net/
Apache License 2.0
91 stars 43 forks source link

Risk of private data leaks due to lack of access control #427

Closed Viserius closed 3 years ago

Viserius commented 3 years ago

As far as I know, Orion nodes do not provide any form of access control. As a result, private data can be obtained by virtually anyone that can open a connection to the Orion node. The following flow explains the issue.

  1. When a private transaction is created, the private transaction is stored on Orion and a hash is returned.
  2. This hash is stored on the public ledger, for any participant in the network to see.
  3. Using this publicly available hash, one can request the private transaction from another node using the /receive endpoint.
  4. The adversarial/spying user now has the private transaction, even if he was not part of the private group.

Even though the data returned is the private transaction and not state, the smart contract creation transaction is recorded in the same way. Thus, by fetching everything, i.e. the smart contract creation tx and all consecutive txs, one can reconstruct the entire state of a private group. Since orion nodes may be part of multiple partially overlapping groups and connect using peer discovery, the entire network is able to find their network addresses by default (so hiding them behind a firewall does not work in many cases).

macfarla commented 3 years ago

Hi @Viserius you're right, the hash is on the public ledger. But anyone who is not party to the tx (ie they are not in the privacy group or privateFor) will get an empty result from the /receive method when they query their Orion instance. You can't query other Orion instances unless you have the matching private key.

macfarla commented 3 years ago

The diagram on this page might help explain - it's the same flow for GoQuorum/Tessera and Besu/Orion and Besu/Tessera. https://docs.goquorum.consensys.net/en/stable/Concepts/Privacy/PrivateTransactionLifecycle/

Viserius commented 3 years ago

Hi macfarla, you mention you cannot query another Orion instance unless you have the private key. In my experiment, I found that the only information required for receiving a transaction is the public hash. In other words, the receive endpoint returns the private data to anyone who provides the marker hash (public data) from what I've seen. The image below shows the Postman query I created, as well as the returned results. In this image, you see that only a key (= public hash of priv tx) is required to fetch the decrypted (but encoded) response. image

pinges commented 3 years ago

You can protect the Orion node (and Tessera, which is the replacement for Orion) with TLS mutual authentication. This can be configured in the config file for Orion (and Tessera).

pinges commented 3 years ago

And yes, you are right! If you can call the receive and you know the hash you can retrieve the private transaction. You have to limit access to the port, e.g. by using mutual authenticated TLS or other methods.

vmichalik commented 3 years ago

Let me know if you're happy with these answers and I'll close the issue @Viserius - and as a reminder we're moving from Orion to Tessera so this project is no longer under active development

Viserius commented 3 years ago

Thanks! I am fine with closing.