Paper 2017/648

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds

Kirill Nikitin, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, Justin Cappos, and Bryan Ford

Abstract

Software-update mechanisms are critical to the security of modern systems, but their typically centralized design presents a lucrative and frequently attacked target. In this work, we propose CHAINIAC, a decentralized software-update framework that eliminates single points of failure, enforces transparency, and provides efficient verifiability of integrity and authenticity for software-release processes. Independent $\textit{witness servers}$ collectively verify conformance of software updates to release policies, $\textit{build verifiers}$ validate the source-to-binary correspondence, and a tamper-proof release log stores collectively signed updates, thus ensuring that no release is accepted by clients before being widely disclosed and validated. The release log embodies a $\textit{skipchain}$, a novel data structure, enabling arbitrarily out-of-date clients to efficiently validate updates and signing keys. Evaluation of our CHAINIAC prototype on reproducible Debian packages shows that the automated update process takes the average of 5 minutes per release for individual packages, and only 20 seconds for the aggregate timeline. We further evaluate the framework using real-world data from the PyPI package repository and show that it offers clients security comparable to verifying every single update themselves while consuming only one-fifth of the bandwidth and having a minimal computational overhead.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Proceedings of the 26th USENIX Conference on Security Symposium
Keywords
system securitysoftware updatesdecentralization
Contact author(s)
kirill nikitin @ epfl ch
History
2017-07-05: received
Short URL
https://ia.cr/2017/648
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/648,
      author = {Kirill Nikitin and Eleftherios Kokoris-Kogias and Philipp Jovanovic and Linus Gasser and Nicolas Gailly and Ismail Khoffi and Justin Cappos and Bryan Ford},
      title = {CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds},
      howpublished = {Cryptology ePrint Archive, Paper 2017/648},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/648}},
      url = {https://eprint.iacr.org/2017/648}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.