MedCo documentation is centralized on the following website: MedCo Unlynx.
medco-unlynx is licensed under a End User Software License Agreement ('EULA') for non-commercial use. If you need more information, please contact us.
DEPRECATED REPOSITORY (MedCo v =< 1.0.0)
Home Page: https://medco.epfl.ch/documentation
License: Other
MedCo documentation is centralized on the following website: MedCo Unlynx.
medco-unlynx is licensed under a End User Software License Agreement ('EULA') for non-commercial use. If you need more information, please contact us.
In many places (e.g. here, here, here, here, here, here), the code waits for information on a channel, but does not allow for a timeout. As this information is provided by other nodes over the network, the information will never come in case of crashes, and the goroutine will be stuck forever.
Allowing for a timeout in a select
statement will make the code more fault-tolerant.
The concurrent maps are used to store per-request information. The information is, however, never removed from the maps once the requests are finished, resulting in a memory leak as the maps contents will grow without bound.
After submitting a request, it happens regularly that the response never comes back, while the frontend still thinks it is processing (the animated spinning icons are still active).
This has been verified both on the public demo (https://medco-demo.epfl.ch/) and a local installation ("test-local"). With a local installation, this event is usually associated with "Unlynx timeout" errors in the logs.
The project README file should contain a short description and a basic explanation on how to use the project (for an example, this provides some good ideas).
Also, the link to MedCo documentation currently points to "coming soon" page.
The main project applications currently reside in app/
, which is non-standard (see e.g. Go project layout). Furthermore, there are scripts to build for Linux and Mac, which should no longer be needed.
Main applications are usually organized as follows, after which a simple go build
should do:
app
to cmd
.medco-unlynx
in this case).*.go
files pertaining to an app to its directory.func main()
) to main.go
(here medco.go
).Security Code Review observation:
The documentation for medco-unlynx
is said to be available at https://medco.epfl.ch/documentation/developer/components/medco-unlynx.html
But this link is dead.
Notice that https://ldsec.gitbook.io/medco-documentation/ does not contain specific documentation regarding medco-unlynx
.
Security Code Review finding:
From both the code and the Medco paper, it is not 100% clear to us, but we believe that the system initialization is vulnerable to a "last player" attack on the key generation:
It seems the keys are generated in medco-unlynx using keyGenerationFromApp
, but then it is handled by Onet (which is out of the scope of this audit) and its "GroupDescToml" file, but a cursory look at Onet's source shows that Onet's NewRoster
func is simply summing the keys together without any checks, which means that "the last player" attack would work:
sk_n
and public point Pk
Pk_i
before advertising her own key.sk_i
by advertisingPk_n = Pk - Sum_0^n-1(Pk_i)
instead of her actual key Pk.AP = Sum(Pk_i) = Sum_0^n-1(Pk_i) + Pk - Sum_0^n-1(Pk_i) = Pk
To avoid this attack there should be a "commitment" phase prior to the public key broadcast by the nodes.
We couldn't determine how that broadcast is currently done (we guess it's done out of bound?)
But it doesn't seem to generate any commitment so we assume this step is currently missing.
- app:
- services/service.go:
It happens randomly that a medco-unlynx server crashes while processing a DDT during a medco query.
Logs in crashing medco-unlynx (medco-unlynx-srv2):
medco-unlynx-srv2_1 | 1 : deterministic_tagging_protocol.go:139 (protocols.(*DeterministicTaggingProtocol).Start) - [tls://172.31.0.121:2004] starts a Deterministic Tagging Protocol on 1 element(s)
medco-unlynx-srv2_1 | 3 : router.go:233 (network.(*Router).connect) - tls://[::]:2004 Connecting to tls://172.31.0.101:2000
medco-unlynx-srv2_1 | 2 : tls.go:428 (network.NewTLSConn) - NewTLSConn to: tls://172.31.0.101:2000
medco-unlynx-srv2_1 | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.121:2004 (939a500c-375c-523d-9c61-5045b94e2972): DeterministicTagging
medco-unlynx-srv2_1 | 2 : tls.go:261 (network.NewTLSListenerWithListenAddr.func1) - Got new connection request from: 172.31.0.111:57172
medco-unlynx-srv2_1 | 2 : tls.go:261 (network.NewTLSListenerWithListenAddr.func1) - Got new connection request from: 172.31.0.111:57176
medco-unlynx-srv2_1 | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Ze65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd
medco-unlynx-srv2_1 | 3 : router.go:239 (network.(*Router).connect) - tls://[::]:2004 Connected to tls://172.31.0.101:2000
medco-unlynx-srv2_1 | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2004 Handling new connection from tls://172.31.0.101:2000
medco-unlynx-srv2_1 | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837
medco-unlynx-srv2_1 | 3 : router.go:496 (network.(*Router).receiveServerIdentity) - tls://[::]:2004: Identity received si=504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837 from tls://172.31.0.111:2002
medco-unlynx-srv2_1 | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2004 Handling new connection from tls://172.31.0.111:2002
medco-unlynx-srv2_1 | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.121:2004 (ebaee563-a1d8-5ffa-af09-5fd3edba3289): DeterministicTagging
medco-unlynx-srv2_1 | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.121:2004 preparation round for deterministic tagging
medco-unlynx-srv2_1 | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837
medco-unlynx-srv2_1 | 3 : router.go:496 (network.(*Router).receiveServerIdentity) - tls://[::]:2004: Identity received si=504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837 from tls://172.31.0.111:2002
medco-unlynx-srv2_1 | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2004 Handling new connection from tls://172.31.0.111:2002
medco-unlynx-srv2_1 | F : service.go:451 (services.(*Service).NewProtocol) - buffer read: EOF
Logs in other medco-unlynx, not crashing (medco-unlynx-srv1):
medco-unlynx-srv1_1 | 1 : deterministic_tagging_protocol.go:139 (protocols.(*DeterministicTaggingProtocol).Start) - [tls://172.31.0.111:2002] starts a Deterministic Tagging Protocol on 1 element(s)
medco-unlynx-srv1_1 | 3 : router.go:233 (network.(*Router).connect) - tls://[::]:2002 Connecting to tls://172.31.0.121:2004
medco-unlynx-srv1_1 | 2 : tls.go:428 (network.NewTLSConn) - NewTLSConn to: tls://172.31.0.121:2004
medco-unlynx-srv1_1 | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.111:2002 (f50ba839-30bf-5806-9452-80870ff0d80f): DeterministicTagging
medco-unlynx-srv1_1 | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Ze65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd
medco-unlynx-srv1_1 | 3 : router.go:496 (network.(*Router).receiveServerIdentity) - tls://[::]:2002: Identity received si=e65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd from tls://172.31.0.101:2000
medco-unlynx-srv1_1 | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2002 Handling new connection from tls://172.31.0.101:2000
medco-unlynx-srv1_1 | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.111:2002 (80c03081-09af-5420-b50c-a89d662828f0): DeterministicTagging
medco-unlynx-srv1_1 | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.111:2002 preparation round for deterministic tagging
medco-unlynx-srv1_1 | 3 : router.go:233 (network.(*Router).connect) - tls://[::]:2002 Connecting to tls://172.31.0.121:2004
medco-unlynx-srv1_1 | 2 : tls.go:428 (network.NewTLSConn) - NewTLSConn to: tls://172.31.0.121:2004
medco-unlynx-srv1_1 | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z2c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c5
medco-unlynx-srv1_1 | 3 : router.go:239 (network.(*Router).connect) - tls://[::]:2002 Connected to tls://172.31.0.121:2004
medco-unlynx-srv1_1 | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2002 Handling new connection from tls://172.31.0.121:2004
medco-unlynx-srv1_1 | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z2c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c5
medco-unlynx-srv1_1 | 3 : router.go:239 (network.(*Router).connect) - tls://[::]:2002 Connected to tls://172.31.0.121:2004
medco-unlynx-srv1_1 | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.111:2002 (0ff301f5-0677-5924-9f28-b915cf4a28ad): DeterministicTagging
medco-unlynx-srv1_1 | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2002 Handling new connection from tls://172.31.0.121:2004
medco-unlynx-srv1_1 | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.111:2002 preparation round for deterministic tagging
medco-unlynx-srv1_1 | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.111:2002 preparation round for deterministic tagging
medco-unlynx-srv1_1 | E : tcp.go:287 (network.handleError) - Unknown error caught: read tcp 172.31.0.111:57172->172.31.0.121:2004: read: connection reset by peer
(medco-unlynx-srv0):
medco-unlynx-srv0_1 | 1 : deterministic_tagging_protocol.go:139 (protocols.(*DeterministicTaggingProtocol).Start) - [tls://172.31.0.101:2000] starts a Deterministic Tagging Protocol on 1 element(s)
medco-unlynx-srv0_1 | 3 : router.go:233 (network.(*Router).connect) - tls://[::]:2000 Connecting to tls://172.31.0.111:2002
medco-unlynx-srv0_1 | 2 : tls.go:428 (network.NewTLSConn) - NewTLSConn to: tls://172.31.0.111:2002
medco-unlynx-srv0_1 | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e837
medco-unlynx-srv0_1 | 3 : router.go:239 (network.(*Router).connect) - tls://[::]:2000 Connected to tls://172.31.0.111:2002
medco-unlynx-srv0_1 | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2000 Handling new connection from tls://172.31.0.111:2002
medco-unlynx-srv0_1 | 2 : tls.go:261 (network.NewTLSListenerWithListenAddr.func1) - Got new connection request from: 172.31.0.121:57862
medco-unlynx-srv0_1 | 3 : tls.go:294 (network.makeVerifier.func1.1) - verify cert -> Z2c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c5
medco-unlynx-srv0_1 | 3 : router.go:496 (network.(*Router).receiveServerIdentity) - tls://[::]:2000: Identity received si=2c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c5 from tls://172.31.0.121:2004
medco-unlynx-srv0_1 | 3 : router.go:302 (network.(*Router).handleConn) - tls://[::]:2000 Handling new connection from tls://172.31.0.121:2004
medco-unlynx-srv0_1 | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.101:2000 (8422a675-e70d-5a30-9b1f-e75cd6f17eaf): DeterministicTagging
medco-unlynx-srv0_1 | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.101:2000 preparation round for deterministic tagging
medco-unlynx-srv0_1 | 3 : treenode.go:520 (v3.(*TreeNodeInstance).dispatchMsgReader) - Starting node tls://172.31.0.101:2000 (730e262a-9c4b-5d57-9cd7-4fc143ccd999): DeterministicTagging
medco-unlynx-srv0_1 | 1 : deterministic_tagging_protocol.go:195 (protocols.(*DeterministicTaggingProtocol).Dispatch) - tls://172.31.0.101:2000 preparation round for deterministic tagging
Client side of crashing server (medco-connector-srv2):
medco-connector-srv2_1 | 2 : api.go:41 (services.(*API).SendSurveyDDTRequestTerms) - Client 2 is creating a DDT survey with ID: MedCo_Explore_Query_2020031121148216_DDT
medco-connector-srv2_1 | DEBU[51997] User has 10 authorizations
medco-connector-srv2_1 | INFO[51997] user is authorized to request the endpoint with authorization medco-explore
medco-connector-srv2_1 | INFO[51997] user is authorized to execute the query type count_per_site
medco-connector-srv2_1 | 4 : websocket.go:513 (v3.(*Client).Send) - Sending 0a284d6564436f5f4578706c6f72655f51756572795f323032303033313132313134383231365f44445412fa020a10982992005bd858859ac51884c2d46d0f12680a2865642e706f696e74e65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd1a10e62d9bcb4294500d8ddfe5f2e48cdf702217746c733a2f2f3137322e33312e302e3130313a323030302a0f556e6c796e782053657276657220303a0012680a2865642e706f696e74504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e8371a10b4e5fdd871d25a9696e32e28977e38652217746c733a2f2f3137322e33312e302e3131313a323030322a0f556e6c796e782053657276657220313a0012680a2865642e706f696e742c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c51a105500fb842698598b84dfb682c593c92a2217746c733a2f2f3137322e33312e302e3132313a323030342a0f556e6c796e782053657276657220323a001a2865642e706f696e7418aaee7e4e9bb2e3307a0c5c3eaafb07568558a8add6ccc996e819d351e448f0180020002a540a2865642e706f696e74be8f936da1b7c2df19e779f6fd68e80d674f3d213f35099339f0a48c8eb60969122865642e706f696e74a1b2e25707718f159d0bdb584edcbbdbeb3880a8b1298fc1a9a732a974e83ce3 to medco/SurveyDDTRequest
medco-connector-srv2_1 | ERRO[51997] unlynx error executing DDT: sending: connection read: websocket: close 1006 (abnormal closure): unexpected EOF
Client side of not crashing servers, having a timeout (medco-connector-srv1):
medco-connector-srv1_1 | 2 : api.go:41 (services.(*API).SendSurveyDDTRequestTerms) - Client 1 is creating a DDT survey with ID: MedCo_Explore_Query_2020031121148216_DDT
medco-connector-srv1_1 | DEBU[51997] User has 10 authorizations
medco-connector-srv1_1 | INFO[51997] user is authorized to request the endpoint with authorization medco-explore
medco-connector-srv1_1 | INFO[51997] user is authorized to execute the query type count_per_site
medco-connector-srv1_1 | 4 : websocket.go:513 (v3.(*Client).Send) - Sending 0a284d6564436f5f4578706c6f72655f51756572795f323032303033313132313134383231365f44445412fa020a10982992005bd858859ac51884c2d46d0f12680a2865642e706f696e74e65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd1a10e62d9bcb4294500d8ddfe5f2e48cdf702217746c733a2f2f3137322e33312e302e3130313a323030302a0f556e6c796e782053657276657220303a0012680a2865642e706f696e74504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e8371a10b4e5fdd871d25a9696e32e28977e38652217746c733a2f2f3137322e33312e302e3131313a323030322a0f556e6c796e782053657276657220313a0012680a2865642e706f696e742c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c51a105500fb842698598b84dfb682c593c92a2217746c733a2f2f3137322e33312e302e3132313a323030342a0f556e6c796e782053657276657220323a001a2865642e706f696e7418aaee7e4e9bb2e3307a0c5c3eaafb07568558a8add6ccc996e819d351e448f0180020002a540a2865642e706f696e74be8f936da1b7c2df19e779f6fd68e80d674f3d213f35099339f0a48c8eb60969122865642e706f696e74a1b2e25707718f159d0bdb584edcbbdbeb3880a8b1298fc1a9a732a974e83ce3 to medco/SurveyDDTRequest
medco-connector-srv1_1 | ERRO[52147] unlynx timeout
(medco-connector-srv0):
medco-connector-srv0_1 | 2 : api.go:41 (services.(*API).SendSurveyDDTRequestTerms) - Client 0 is creating a DDT survey with ID: MedCo_Explore_Query_2020031121148216_DDT
medco-connector-srv0_1 | 4 : websocket.go:513 (v3.(*Client).Send) - Sending 0a284d6564436f5f4578706c6f72655f51756572795f323032303033313132313134383231365f44445412fa020a10982992005bd858859ac51884c2d46d0f12680a2865642e706f696e74e65a2a74ddbfa1712192b2048707345822989bdf9cf73b35d18e1366017ae3dd1a10e62d9bcb4294500d8ddfe5f2e48cdf702217746c733a2f2f3137322e33312e302e3130313a323030302a0f556e6c796e782053657276657220303a0012680a2865642e706f696e74504f7f48a57acf0dcf7b3771cc38855f31bbefaa504574f6f92c97a20ee4e8371a10b4e5fdd871d25a9696e32e28977e38652217746c733a2f2f3137322e33312e302e3131313a323030322a0f556e6c796e782053657276657220313a0012680a2865642e706f696e742c5195464fe086f21e1b0205bff64014ab4cd9459c8d2ca9695c7460039d90c51a105500fb842698598b84dfb682c593c92a2217746c733a2f2f3137322e33312e302e3132313a323030342a0f556e6c796e782053657276657220323a001a2865642e706f696e7418aaee7e4e9bb2e3307a0c5c3eaafb07568558a8add6ccc996e819d351e448f0180020002a540a2865642e706f696e74be8f936da1b7c2df19e779f6fd68e80d674f3d213f35099339f0a48c8eb60969122865642e706f696e74a1b2e25707718f159d0bdb584edcbbdbeb3880a8b1298fc1a9a732a974e83ce3 to medco/SurveyDDTRequest
medco-connector-srv0_1 | ERRO[52148] unlynx timeout
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.