Chainiac: Proactive software-update transparency via collectively signed skipchains and verified builds

Kirill Nikitin, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, Justin Cappos, Bryan Ford

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Software-update mechanisms are critical to the security of modern systems, but their typically centralized design presents a lucrative and frequently attacked target. In this work, we propose CHAINIAC, a decentralized software-update framework that eliminates single points of failure, enforces transparency, and provides efficient verifiability of integrity and authenticity for software-release processes. Independent witness servers collectively verify conformance of software updates to release policies, build verifiers validate the source-to-binary correspondence, and a tamper-proof release log stores collectively signed updates, thus ensuring that no release is accepted by clients before being widely disclosed and validated. The release log embodies a skipchain, a novel data structure, enabling arbitrarily out-of-date clients to efficiently validate updates and signing keys. Evaluation of our CHAINIAC prototype on reproducible Debian packages shows that the automated update process takes the average of 5 minutes per release for individual packages, and only 20 seconds for the aggregate timeline. We further evaluate the framework using real-world data from the PyPI package repository and show that it offers clients security comparable to verifying every single update themselves while consuming only one-fifth of the bandwidth and having a minimal computational overhead.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 26th USENIX Security Symposium
    PublisherUSENIX Association
    Pages1271-1287
    Number of pages17
    ISBN (Electronic)9781931971409
    StatePublished - 2017
    Event26th USENIX Security Symposium - Vancouver, Canada
    Duration: Aug 16 2017Aug 18 2017

    Publication series

    NameProceedings of the 26th USENIX Security Symposium

    Conference

    Conference26th USENIX Security Symposium
    CountryCanada
    CityVancouver
    Period8/16/178/18/17

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems
    • Safety, Risk, Reliability and Quality

    Fingerprint Dive into the research topics of 'Chainiac: Proactive software-update transparency via collectively signed skipchains and verified builds'. Together they form a unique fingerprint.

  • Cite this

    Nikitin, K., Kokoris-Kogias, E., Jovanovic, P., Gasser, L., Gailly, N., Khoffi, I., Cappos, J., & Ford, B. (2017). Chainiac: Proactive software-update transparency via collectively signed skipchains and verified builds. In Proceedings of the 26th USENIX Security Symposium (pp. 1271-1287). (Proceedings of the 26th USENIX Security Symposium). USENIX Association.