Survivable key compromise in software update systems

Justin Samuel, Nick Mathewson, Justin Cappos, Roger Dingledine

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Today's software update systems have little or no defense against key compromise. As a result, key compromises have put millions of software update clients at risk. Here we identify three classes of information whose authenticity and integrity are critical for secure software updates. Analyzing existing software update systems with our framework, we find their ability to communicate this information securely in the event of a key compromise to be weak or nonexistent. We also find that the security problems in current software update systems are compounded by inadequate trust revocation mechanisms. We identify core security principles that allow software update systems to survive key compromise. Using these ideas, we design and implement TUF, a software update framework that increases resilience to key compromise.

    Original languageEnglish (US)
    Title of host publicationCCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security
    Pages61-72
    Number of pages12
    DOIs
    StatePublished - 2010
    Event17th ACM Conference on Computer and Communications Security, CCS'10 - Chicago, IL, United States
    Duration: Oct 4 2010Oct 8 2010

    Publication series

    NameProceedings of the ACM Conference on Computer and Communications Security
    ISSN (Print)1543-7221

    Other

    Other17th ACM Conference on Computer and Communications Security, CCS'10
    CountryUnited States
    CityChicago, IL
    Period10/4/1010/8/10

    Keywords

    • Authentication
    • Delegation
    • Key compromise
    • Key management
    • Revocation
    • Software updates
    • Threshold signatures

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Cite this

    Samuel, J., Mathewson, N., Cappos, J., & Dingledine, R. (2010). Survivable key compromise in software update systems. In CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security (pp. 61-72). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1866307.1866315