We analyze security aspects of the SecureDNA system regarding its system design, engineering, and implementation. This system enables DNA synthesizers to screen order requests against a database of hazards. By applying novel cryptography, the system aims to keep order requests and the database of hazards secret. Discerning the detailed operation of the system in part from source code (Version 1.0.8), our analysis examines key management, certificate infrastructure, authentication, and rate-limiting mechanisms. We also perform the first formal-methods analysis of the mutual authentication, basic request, and exemption-handling protocols. Without breaking the cryptography, our main finding is that SecureDNA's custom mutual authentication protocol SCEP achieves only one-way authentication: the hazards database and keyservers never learn with whom they communicate. This structural weakness violates the principle of defense in depth and enables an adversary to circumvent rate limits that protect the secrecy of the hazards database, if the synthesizer connects with a malicious or corrupted keyserver or hashed database. We point out an additional structural weakness that also violates the principle of defense in depth: inadequate cryptographic bindings prevent the system from detecting if responses, within a TLS channel, from the hazards database were modified. Consequently, if a synthesizer were to reconnect with the database over the same TLS session, an adversary could replay and swap responses from the database without breaking TLS. Although the SecureDNA implementation does not allow such reconnections, it would be stronger security engineering to avoid the underlying structural weakness. We identify these vulnerabilities and suggest and verify mitigations, including adding strong bindings. Software Version 1.1.0 fixes SCEP with our proposed SCEP+ protocol.

翻译：本文从系统设计、工程实现与代码实现三个维度分析SecureDNA系统的安全性。该系统旨在使DNA合成器能够根据危害数据库筛查订单请求，并运用新型密码学技术以保障订单请求与危害数据库的机密性。基于对源代码（版本1.0.8）的部分解析，我们深入剖析了系统的密钥管理、证书基础设施、身份验证及速率限制机制，并首次对双向认证、基础请求及豁免处理协议进行了形式化方法分析。在不破解密码学机制的前提下，我们的核心发现是：SecureDNA自定义的双向认证协议SCEP仅实现单向认证——危害数据库与密钥服务器始终无法确认通信对象身份。这一结构性缺陷违背了纵深防御原则，使得攻击者可通过连接恶意或遭篡改的密钥服务器或哈希化数据库，绕过用于保护危害数据库机密的速率限制。我们还指出另一同样违反纵深防御原则的结构性弱点：密码学绑定机制不足导致系统无法检测TLS信道内来自危害数据库的响应是否被篡改。因此，若合成器在同一TLS会话中重连数据库，攻击者可在不破坏TLS的情况下重放或替换数据库响应。尽管SecureDNA现有实现禁止此类重连操作，但从安全工程角度而言，消除该底层结构性缺陷将显著提升系统鲁棒性。我们识别了上述漏洞，提出并验证了包括增强绑定机制在内的修复方案。软件版本1.1.0已采用我们提出的SCEP+协议对SCEP进行了修复。