Paper 2022/995

Sequential Digital Signatures for Cryptographic Software-Update Authentication

Bertram Poettering, IBM Research Europe – Zurich
Simon Rastikian, IBM Research Europe – Zurich, ETH Zurich
Abstract

Consider a computer user who needs to update a piece of software installed on their computing device. To do so securely, a commonly accepted ad-hoc method stipulates that the old software version first retrieves the update information from the vendor's public repository, then checks that a cryptographic signature embedded into it verifies with the vendor's public key, and finally replaces itself with the new version. This updating method seems to be robust and lightweight, and to reliably ensure that no malicious third party (e.g., a distribution mirror) can inject harmful code into the update process. Unfortunately, recent prominent news reports (SolarWinds, Stuxnet, TikTok, Zoom, ...) suggest that nation state adversaries are broadening their efforts related to attacking software supply chains. This calls for a critical re-evaluation of the described signature based updating method with respect to the real-world security it provides against particularly powerful adversaries. We approach the setting by formalizing a cryptographic primitive that addresses specifically the secure software updating problem. We define strong, rigorous security models that capture forward security (stealing a vendor's key today doesn't allow modifying yesterday's software version) as well as a form of self-enforcement that helps protecting vendors against coercion attacks in which they are forced, e.g. by nation state actors, to misuse or disclose their keys. We note that the common signature based software authentication method described above meets neither the one nor the other goal, and thus represents a suboptimal solution. Hence, after formalizing the syntax and security of the new primitive, we propose novel, efficient, and provably secure constructions.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. ESORICS 2022
Keywords
signatures forward security self-enforcement software authentication
Contact author(s)
sra @ zurich ibm com
History
2022-08-03: approved
2022-08-02: received
See all versions
Short URL
https://ia.cr/2022/995
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX

@misc{cryptoeprint:2022/995,
      author = {Bertram Poettering and Simon Rastikian},
      title = {Sequential Digital Signatures for Cryptographic Software-Update Authentication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/995},
      year = {2022},
      url = {https://eprint.iacr.org/2022/995}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.