Survivable key compromise in software update systems

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2010, Pages 61-72

  Samuel, Justin ^a   Mathewson, Nick ^b   Cappos, Justin ^c   Dingledine, Roger ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b Tor Project   (United States)

^c UNIVERSITY OF WASHINGTON   (United States)

Author keywords

Authentication; Delegation; Key compromise; Key management; Revocation; Software updates; Threshold signatures

Indexed keywords

DELEGATION; KEY COMPROMISE; KEY MANAGEMENT; REVOCATION; SOFTWARE UPDATES; THRESHOLD SIGNATURE;

AUTHENTICATION; NETWORK SECURITY;

COMPUTER SOFTWARE;

EID: 78650002260     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1866307.1866315     Document Type: Conference Paper

References (60)

1. M. Abdalla and L. Reyzin. A new forward-secure digital signature scheme. Advances in Cryptology - ASIACRYPT 2000, pages 116-129, 2000.
2. Francisco Amato. ISR-evilgrade. http://www.infobyte.com.ar/down/isr- evilgrade- Readme.txt.
3. Vulnerability note VU#944335 Apache web servers fail to handle chunks with a negative size, Jun 2002. http://www.kb.cert.org/vuls/id/944335.
4. APT HOWTO. http://www.debian.org/doc/manuals/apt-howto/.
5. A. Barth, A.P. Felt, P. Saxena, and A. Boodman. Protecting browsers from extension vulnerabilities. In Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010), 2010.
6. Mihir Bellare and Gregory Neven. Multi-signatures in the plain public-key model and a general forking lemma. In CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, pages 390-399, New York, NY, USA, 2006. ACM.
7. Anthony Bellissimo, John Burgess, and Kevin Fu. Secure software updates: Disappointments and new challenges. In 1st USENIX Workshop on Hot Topics in Security, pages 37-43, Vancouver, Canada, Jul 2006.
8. D. Boneh, X. Ding, G. Tsudik, and C.M. Wong. A method for fast revocation of public key certificates and security capabilities. In Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, page 22. USENIX Association, 2001.
9. Dan Boneh and David Brumley. Remote timing attacks are practical. In Proc. 12th USENIX Security Symposium, Washington, DC, Aug 2003.
10. Canonical JSON - OLPC. http://wiki.laptop.org/go/Canonical-JSON.
11. Justin Cappos, Justin Samuel, Scott Baker, and John Hartman. A look in the mirror: Attacks on package managers. In Proc. 15th ACM Conference on Computer and Communications Security, pages 565-574, New York, NY, USA, 2008. ACM.
12. CERT/CC. CERT advisory CA-2000-09 aw in PGP 5.0 key generation, May 2000. http://www.cert.org/advisories/CA-2000-09.html.
13. Bug 476766 - add China Internet Network Information Center (CNNIC) CA root certificate. https: //bugzilla.mozilla.org/show-bug.cgi?id=476766.
14. Open client update protocol. http://omaha.googlecode.com/svn/wiki/cup. html.
15. Microsoft Corporation. Microsoft security bulletin MS01-017, Mar 2001. http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx.
16. CPAN. http://www.cpan.org/.
17. Internet x.509 public key infrastructure certificate and certificate revocation list (CRL) profile. http://tools.ietf.org/html/rfc5280.
18. Y. Desmedt. Society and group oriented cryptography: A new concept. In Advances in Cryptology - Crypto 1987, pages 120-127. Springer, 1987.
19. Vulnerability note VU#800113 multiple DNS implementations vulnerable to cache poisoning. http://www.kb.cert.org/vuls/id/800113.
20. EasyInstall - the PEAK developers' center. http: //peak.telecommunity. com/DevCenter/EasyInstall.
21. New signing key. https://fedoraproject.org/wiki/New-signing-key.
22. Firefox update. http://www.mozilla.com/en-US/firefox/update/.
23. Paul W. Frields. Infrastructure report, 2008-08-22 UTC 1200, Aug 2008. https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html.
24. Omaha (google update). http://code.google.com/p/omaha/.
25. Update Engine and security: How to use Update Engine in a secure manner. http://code.google.com/p/update- engine/wiki/UpdateEngineAndSecurity.
26. Microsoft security bulletin MS08-006 - important vulnerability in internet information services could allow remote code execution (942830), Feb 2008. http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx.
27. M. Just and P.C. van Oorschot. Addressing the problem of undetected signature key compromise. In Proceedings of the Network and Distributed System Security Symposium, NDSS. Citeseer, 1999.
28. Werner Koch. [Announce] GnuPG's ElGamal signing keys compromised, Nov 2003. http://lists.gnupg.org/pipermail/gnupg- announce/2003q4/000160.html.
29. M. Mambo, K. Usuda, and E. Okamoto. Proxy signatures: Delegation of the power to sign messages. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 79(9):1338-1354, 1996.
30. Moxie Marlinspike. Defeating OCSP with the number 3, 2009. http: //www.thoughtcrime.org/papers/ocsp-attack.pdf.
31. Moxie Marlinspike. Null-prefix attacks against SSL certificates, 2009. http://www.thoughtcrime.org/papers/null- prefix-attacks.pdf.
32. Nick Mathewson. Thandy: Automatic updates for Tor bundles. https://git.torproject.org/checkout/thandy/specs/thandy-spec.txt.
33. Nick Mathewson. Thandy: Secure update for Tor - Google open source blog. http://google-opensource.blogspot.com/2009/03/thandy-secure-update-for-tor.html.
34. Extension versioning, update and compatibility: Securing updates. https://developer.mozilla.org/en/Extension-Versioning%2c-Update-and- Compatibility#Securing-Updates.
35. Microsoft SSL library remote compromise vulnerability (ms04-011, exploit), Apr 2004. http://www.securiteam.com/windowsntfocus/ 5CP0L0KCKO.html.
36. Greg Miller. Revving software with Update Engine, Sep 2008. http://googlemac.blogspot.com/2008/09/revving-software-with-update-engine.html.
37. Mirror manager security risks. http://fedoraproject.org/wiki/Mirror- manager-security-risks.
38. Mozilla Labs Jetpack j Exploring new ways to extend and personalize the Web. https://jetpack.mozillalabs.com/.
39. M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. RFC2560: X. 509 Internet public key infrastructure online certificate status protocol-OCSP. Internet RFCs, 1999.
40. M. Naor and K. Nissim. Certificate revocation and certificate update. In in Proceedings of the 7th USENIX Security Symposium, 1998.
41. B.C. Neuman et al. Proxy-based authorization and accounting for distributed systems. In International Conference on Distributed Computing Systems, volume 13, pages 283-283. Citeseer, 1993.
42. O. Nordstrom and C. Dovrolis. Beware of BGP attacks. SIGCOMM Comput. Commun. Rev, 34(2):1-8, 2004.
43. Vulnerability note VU#102795 OpenSSL servers contain a buffer overow during the SSL2 handshake process, Aug 2002. http://www.kb.cert.org/vuls/id/ 102795.
44. PEAR - PHP Extension and Application Repository. http://pear.php.net/.
45. Python package index : Pypi. http://pypi.python.org/pypi.
46. Critical: openssh security update, Aug 2008. http: //rhn.redhat.com/ errata/RHSA-2008-0855.html.
47. R. Rivest. Can we eliminate certificate revocation lists? In Financial Cryptography, pages 178-183. Springer, 1998.
48. RubyGems manuals. http://docs.rubygems.org/.
49. Signing your gems - RubyGems user guide. http://docs.rubygems.org/read/ chapter/21.
50. Seattle: Open peer-to-peer computing. http://seattle.cs.washington.edu/.
51. V. Shoup. Practical threshold signatures. In Advances in Cryptology - EUROCRYPT 2000, pages 207-220. Springer, 2000.
52. Christopher Soghoian and Sid Stamm. Certified lies: Detecting and defeating government interception attacks against SSL. Technical Report 684, Indiana University Computer Science Department, April 2010.
53. Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. MD5 considered harmful today: Creating a rogue CA certificate, Dec 2008. http://www.win.tue.nl/hashclash/ rogue-ca/.
54. Tor: anonymity online. http://www.torproject.org/.
55. Securing python package management - tuf: The update framework. http://www.updateframework.com/wiki/SecuringPythonPackageManagement.
56. /specs/tuf-spec.txt - TUF: The Update Framework. https://www. updateframework.com/browser/specs/tuf-spec.txt.
57. V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991. Proceedings., pages 255-275, 1991.
58. Florian Weimer. [security] [DSA 1571-1] new openssl packages fix predictable random number generator, May 2008. http://lists.debian.org/debian- security-announce/2008/msg00152.html.
59. YaST - openSuSE. http://en.opensuse.org/YaST.
60. Yum: Yellow Dog Updater Modiffed. http://linux.duke.edu/projects/yum/.