thomasten
commented
2 years ago Hi,
Thanks for investigating EdgelessDB's security, much appreciated.
As part of the remote attestation response, the client receives the root certificate of this EdgelessDB instance. The client then uses this certificate to verify that it's connecting to the real EdgelessDB instance. This prevents that the fake service can "use its own private key to complete the link establishment."
Thank you for the open source project, I have designed an attack on edgelessdb and would like to ask you to let me know if this is possible.
The attack scenario is that the attacker has full control of the server and creates a fake service to receive all requests from the client. After that, it analyzes the request and if it is a Remote Attestation request, it forwards it to the edgelessdb running inside the Enclave and allows them to complete the Remote Attestation and the subsequent set of operations. If the fake service finds that the client sends a TLS Hello request, it will hijack the request, unconditionally trust the CA in it, and use its own private key to complete the link establishment. After that, all requests from the client will be hijacked by the fake service and data will be stolen.
The attack looks like this:
I know that this attack is not easy to implement, but I still want to know if it has the possibility of being carried out.
Thank you for your time.