Show simple item record

dc.contributor.author
Poettering, Bertram
dc.contributor.author
Rastikian, Simon
dc.contributor.editor
Atluri, Vijayalakshmi
dc.contributor.editor
Di Pietro, Roberto
dc.contributor.editor
Jensen, Christian D.
dc.contributor.editor
Meng, Weizhi
dc.date.accessioned
2022-10-28T09:45:58Z
dc.date.available
2022-10-28T03:15:30Z
dc.date.available
2022-10-28T09:45:58Z
dc.date.issued
2022
dc.identifier.isbn
978-3-031-17146-8
en_US
dc.identifier.isbn
978-3-031-17145-1
en_US
dc.identifier.issn
0302-9743
dc.identifier.issn
1611-3349
dc.identifier.other
10.1007/978-3-031-17146-8_13
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/578168
dc.description.abstract
Consider a computer user who needs to update a piece of software installed on their computing device. To do so securely, a commonly accepted ad-hoc method stipulates that the old software version first retrieves the update information from the vendor’s public repository, then checks that a cryptographic signature embedded into it verifies with the vendor’s public key, and finally replaces itself with the new version. This updating method seems to be robust and lightweight, and to reliably ensure that no malicious third party (e.g., a distribution mirror) can inject harmful code into the update process. Unfortunately, recent prominent news reports (SolarWinds, Stuxnet, TikTok, Zoom, ...) suggest that nation state adversaries are broadening their efforts related to attacking software supply chains. This calls for a critical re-evaluation of the described signature based updating method with respect to the real-world security it provides against particularly powerful adversaries. We approach the setting by formalizing a cryptographic primitive that addresses specifically the secure software updating problem. We define strong, rigorous security models that capture forward security (stealing a vendor’s key today doesn’t allow modifying yesterday’s software version) as well as a form of self-enforcement that helps protecting vendors against coercion attacks in which they are forced, e.g. by nation state actors, to misuse or disclose their keys. We note that the common signature based software authentication method described above meets neither the one nor the other goal, and thus represents a suboptimal solution. Hence, after formalizing the syntax and security of the new primitive, we propose novel, efficient, and provably secure constructions.
en_US
dc.language.iso
en
en_US
dc.publisher
Springer
en_US
dc.title
Sequential Digital Signatures for Cryptographic Software-Update Authentication
en_US
dc.type
Conference Paper
ethz.book.title
Computer Security – ESORICS 2022
en_US
ethz.journal.title
Lecture Notes in Computer Science
ethz.journal.volume
13555
en_US
ethz.journal.abbreviated
LNCS
ethz.pages.start
255
en_US
ethz.pages.end
274
en_US
ethz.event
27th European Symposium on Research in Computer Security (ESORICS 2022)
en_US
ethz.event.location
Copenhagen, Denmark
ethz.event.date
SEP 26-30, 2022
en_US
ethz.identifier.wos
ethz.publication.place
Cham
en_US
ethz.publication.status
published
en_US
ethz.date.deposited
2022-10-28T03:15:40Z
ethz.source
WOS
ethz.eth
yes
en_US
ethz.availability
Metadata only
en_US
ethz.rosetta.installDate
2022-10-28T09:45:59Z
ethz.rosetta.lastUpdated
2024-02-02T18:49:46Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Sequential%20Digital%20Signatures%20for%20Cryptographic%20Software-Update%20Authentication&rft.jtitle=Lecture%20Notes%20in%20Computer%20Science&rft.date=2022&rft.volume=13555&rft.spage=255&rft.epage=274&rft.issn=0302-9743&1611-3349&rft.au=Poettering,%20Bertram&Rastikian,%20Simon&rft.isbn=978-3-031-17146-8&978-3-031-17145-1&rft.genre=proceeding&rft_id=info:doi/10.1007/978-3-031-17146-8_13&rft.btitle=Computer%20Security%20%E2%80%93%20ESORICS%202022
 Search print copy at ETH Library

Files in this item

FilesSizeFormatOpen in viewer

There are no files associated with this item.

Publication type

Show simple item record