#23 Farbling needs a thorough security review
Closed: Fixed 2 years ago by polcak. Opened 2 years ago by polcak.

We claim that the results of farbled APIs depend on session hash. I realised that during farbling, the wrappers used to call a common PRNG which means that the obtained pseudorandom numbers depended on the order of the call. So enabling or disabling the API resulted in changed wrapped APIs and changed fingerprint without the change to the domain and session key.

I fixed this in 249e002.

During the work I also noticed that images are farbled the same way. I created a test page with a 5x2 canvas https://www.fit.vutbr.cz/~ipolcak/jsr/farbling/canvas.html (currently I fill the canvas with the same colour; twice black, white, gray and almost black). See the attached images.

  • Brave farbles different colours and pixels in each image. The same image is farbled the same way.
  • We farble all images the same way so it is easy to remove the farbling. Additionally, we always farble only one channel.

Proposed solution:

  • Farble all channels.
  • Farble according to PRNG initialised with domainHash and the original image.

Hence the same image will be repeatedly farbled the same way. Different images will have different pixels farbled.

We need to go through all farbled APIs and make sure that the implementation really make sense.


Fixed in 0.8. Audio wrappers revisited in 0.10. If anyone wants to review the commits, please, let me know.

Metadata Update from @polcak:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @polcak:
- Issue private status set to: False (was: True)

2 years ago

Metadata Update from @polcak:
- Issue untagged with: research
- Issue set to the milestone: NLNet evaluation

2 years ago

Log in to comment on this ticket.

Metadata
Attachments 5
Attached 2 years ago View Comment
Attached 2 years ago View Comment
Attached 2 years ago View Comment
Attached 2 years ago View Comment
Attached 2 years ago View Comment