arXiv:2512.09233 — Security audit of SecureDNA

Abstract

We analyze security aspects of the SecureDNA system regarding its system design, engineering, and implementation. This system enables DNA synthesizers to screen order requests against a database of hazards. By applying novel cryptography, the system aims to keep order requests and the database of hazards secret. Discerning the detailed operation of the system in part from source code (Version 1.0.8), our analysis examines key management, certificate infrastructure, authentication, and rate-limiting mechanisms. We also perform the first formal-methods analysis of the mutual authentication, basic request, and exemption-handling protocols. Without breaking the cryptography, our main finding is that SecureDNA's custom mutual authentication protocol SCEP achieves only one-way authentication: the hazards database and keyservers never learn with whom they communicate. This structural weakness violates the principle of defense in depth and enables an adversary to circumvent rate limits that protect the secrecy of the hazards database, if the synthesizer connects with a malicious or corrupted keyserver or hashed database. We point out an additional structural weakness that also violates the principle of defense in depth: inadequate cryptographic bindings prevent the system from detecting if responses, within a TLS channel, from the hazards database were modified. Consequently, if a synthesizer were to reconnect with the database over the same TLS session, an adversary could replay and swap responses from the database without breaking TLS. Although the SecureDNA implementation does not allow such reconnections, it would be stronger security engineering to avoid the underlying structural weakness. We identify these vulnerabilities and suggest and verify mitigations, including adding strong bindings. Software Version 1.1.0 fixes SCEP with our proposed SCEP+ protocol.

Summary

A formal security audit of SecureDNA, a privacy-preserving biosecurity screening system that checks DNA synthesis orders against a hazards database using distributed oblivious pseudorandom functions. The authors identify two critical structural vulnerabilities—one-way authentication in the SCEP protocol enabling rate-limit circumvention, and inadequate cryptographic bindings enabling replay attacks—without breaking the underlying cryptography. Version 1.1.0 addresses these issues via the proposed SCEP+ protocol.

Key Points

• •SecureDNA screens DNA synthesis orders for known biohazards while preserving privacy via distributed oblivious pseudorandom functions, with policy goals of mandating universal screening.
• •Custom SCEP mutual authentication protocol achieves only one-way authentication, allowing adversaries to circumvent rate limits protecting the hazards database.
• •Inadequate cryptographic bindings enable response modification and replay attacks within TLS sessions, violating defense-in-depth principles.
• •Formal-methods analysis was applied for the first time to SecureDNA's authentication, request, and exemption-handling protocols, identifying mitigations verified by the team.
• •The work highlights that secure systems require formal specifications, sound key management, and strong message bindings—not just mathematically correct cryptography.