harirubix
commented
1 month ago Refer : https://github.com/rubixchain/rubixgoplatform/tree/hari/recv-validation . Need to modify structure as per #185
Open Maneesha-rubix opened 1 month ago
harirubix
commented
1 month ago Refer : https://github.com/rubixchain/rubixgoplatform/tree/hari/recv-validation . Need to modify structure as per #185
At present, the receiver is not verifying the quorums' as well as sender's signature. If a receiver does not verify the sender's signature and quorums' signatures, several security and integrity issues can arise:
1. Tampering and Data Integrity
Unverified Sender Signature: Without verifying the sender's signature, the receiver cannot be sure that the transaction has not been altered. This opens the door for data tampering. An attacker could modify the transaction content, leading to incorrect or malicious data being processed.
Unverified Quorum Signatures: Quorum signatures provide a layer of trust and verification. If these are not checked, any fraudulent or incorrect data that managed to bypass initial checks could be accepted as valid. For example, quorums could create fake blocks with invalid transactions, and if these blocks are not verified, they could be accepted into the blockchain, causing inconsistencies.
2. Non-Repudiation
3. Man-in-the-Middle (MITM) Attacks
Unverified Sender Signature: In a MITM attack, an attacker intercepts the communication between two parties. Without verifying the sender's signature, the receiver might accept data from the attacker, who could alter or steal information.
Unverified Quorum Signatures: If quorums are part of a consensus or verification process, not checking their signatures means an attacker could manipulate this process, undermining the integrity of the data, which can lead to chain forks, double-spending, and other integrity issues.
4. Loss of Trust in the System