Risks associated with Firebase dependency

siv-org / siv

Secure Internet Voting protocol

Other

12 stars 9 forks source link

Google’s Firebase is depended upon for data storage and transmission

One could imagine such data being deleted, modified, or lost. Though this might be recoverable (is it?) it’s still not something covered in a threat model.

One could also imagine this service ignoring requests from particular IP addresses, again, with some intent to block based on political preference. It should be noted that IP addresses often have some relation to geographic location, a rough proxy for address.

One could even imagine this happening without SIV or others knowing about it; Firebase could just provide one version of the public log to the voter (with their vote included), and another to everyone else.

[...]

The goal is not to cast aspersions on the vendor, but to point out that the system is fundamentally trusting them in a way that might not be safe in the case of nation-state level adversaries.

Originally posted by @mspecter in https://github.com/siv-org/siv/issues/195

Entry Summary for HACK SIV @ DEF CON 2024

Thanks again for participating! This submission earned $340.14 from SIV and $91.45 from the Public Vote, for a total of $431.59.

Here's what we noted in our evaluation:

What's interesting about this submission

Huge blast radius if exploited.

Accurately adds context that this is especially relevant when adversary has nation-state resources

Hard to catch red-handed. If server is giving bad outputs, hard to pin down whether it is Firebase misbehaving specifically or another part of the stack.

Bit harder to switch out, because so much of the back-end logic currently tightly coupled to Firebase.

What takes away from it

Standard SIV verification should surface any time this happens.

Can resolve by switching out cloud DB for own.

Another mitigation option here is to look to distributed consensus algorithms, duplicating reads and writes, so inconsistent behavior becomes visible.

siv-org / siv