Mercury: Bandwidth-effective prevention of rollback attacks against community repositories

Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    A popular community repository such as Docker Hub, PyPI, or RubyGems distributes tens of thousands of software projects to millions of users. The large number of projects and users make these repositories attractive targets for exploitation. After a repository compromise, a malicious party can launch a number of attacks on unsuspecting users, including rollback attacks that revert projects to obsolete and vulnerable versions. Unfortunately, due to the rapid rate at which packages are updated, existing techniques that protect against rollback attacks would cause each user to download 2-3 times the size of an average package in metadata each month, making them impractical to deploy. In this work, we develop a system called Mercury that uses a novel technique to compactly disseminate version information while still protecting against rollback attacks. Due to a different technique for dealing with key revocation, users are protected from rollback attacks, even if the software repository is compromised. This technique is bandwidth-efficient, especially when delta compression is used to transmit only the differences between previous and current lists of version information. An analysis we performed for the Python community shows that once Mercury is deployed on PyPI, each user will only download metadata each month that is about 3.5% the size of an average package. Our work has been incorporated into the latest versions of TUF, which is being integrated by Haskell, OCaml, RubyGems, Python, and CoreOS, and is being used in production by LEAP, Flynn, and Docker.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017
    PublisherUSENIX Association
    Pages673-688
    Number of pages16
    ISBN (Electronic)9781931971386
    StatePublished - 2019
    Event2017 USENIX Annual Technical Conference, USENIX ATC 2017 - Santa Clara, United States
    Duration: Jul 12 2017Jul 14 2017

    Publication series

    NameProceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017

    Conference

    Conference2017 USENIX Annual Technical Conference, USENIX ATC 2017
    CountryUnited States
    CitySanta Clara
    Period7/12/177/14/17

    ASJC Scopus subject areas

    • Computer Science(all)

    Fingerprint Dive into the research topics of 'Mercury: Bandwidth-effective prevention of rollback attacks against community repositories'. Together they form a unique fingerprint.

    Cite this