Skip to content
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.

Is zbox secure agains storage file tampering? #63

Open
vi opened this issue Dec 27, 2019 · 3 comments
Open

Is zbox secure agains storage file tampering? #63

vi opened this issue Dec 27, 2019 · 3 comments

Comments

@vi
Copy link

vi commented Dec 27, 2019

If underlying files of zbox file:// storage are modified by an attacker, what worst can happen?

I expect only [selective, attacker-chosen] data loss, never executed malicious code or injected malicious data when I try to use that storage. If storage continues to work after tampering, I expect newly added data to be as secure as original data. Does it all hold true?

@burmecia
Copy link
Contributor

ZboxFS uses authenticated encryption (AEAD) before saving data to storage, that is, any malicious modification will cause decryption failure. But how much worse depends on which part has been tampered.

  • If super block is modified, this is critical so your repo won't be able to open.
  • If wal block is modified, this may or may not cause repo open failure.
  • If index block is modified, the directory or file used that block will be corrupted.
  • If data block is modified, the directory or file used that block will be corrupted.

In any cases, ZboxFS will never execute data in the repo because any data is treated as plain bytes. Attackers can never inject any data into the repo without encryption key. If you're lucky, the repo may continues to work after tampering, any new data still be secured but some old data may be corrupted. When you read that corrupted file or directory, decryption error will happen.

Simply put, attackers can fully or partially damage the repo, but they cannot inject any data into the repo without being noticed.

@vi
Copy link
Author

vi commented Dec 27, 2019

So there's nothing like encryption settings (which can be set to "no encryption") in the superblock? (like attacker editing .encfs6.xml in encfs)

@burmecia
Copy link
Contributor

burmecia commented Dec 27, 2019 via email

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants