@inproceedings{2e4c6df8b60848c9b3d601e126ea5e54,
title = "Survivable key compromise in software update systems",
abstract = "Today's software update systems have little or no defense against key compromise. As a result, key compromises have put millions of software update clients at risk. Here we identify three classes of information whose authenticity and integrity are critical for secure software updates. Analyzing existing software update systems with our framework, we find their ability to communicate this information securely in the event of a key compromise to be weak or nonexistent. We also find that the security problems in current software update systems are compounded by inadequate trust revocation mechanisms. We identify core security principles that allow software update systems to survive key compromise. Using these ideas, we design and implement TUF, a software update framework that increases resilience to key compromise.",
keywords = "Authentication, Delegation, Key compromise, Key management, Revocation, Software updates, Threshold signatures",
author = "Justin Samuel and Nick Mathewson and Justin Cappos and Roger Dingledine",
year = "2010",
doi = "10.1145/1866307.1866315",
language = "English (US)",
isbn = "9781450302449",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
pages = "61--72",
booktitle = "CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security",
note = "17th ACM Conference on Computer and Communications Security, CCS'10 ; Conference date: 04-10-2010 Through 08-10-2010",
}