Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... ·...
Transcript of Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... ·...
![Page 1: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/1.jpg)
MercuryBandwidth-effective Prevention of RollbackAttacks Against Community Repositories
Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos
NYU Tandon School of Engineering
![Page 2: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/2.jpg)
Software repositories
2
![Page 3: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/3.jpg)
Software updates
● Experts agree: software updates the most important thing (USENIX SOUPS 2015)
● Updates fix security vulnerabilities
● However, important problem in software updates often neglected...
3
![Page 4: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/4.jpg)
Repository compromise: impact
● Nation state actors:○ Microsoft Windows Update (2012):
Flame malware targeted Iran nuclear efforts
○ South Korea cyberattack (2013): >$750M USD in economic damage
○ NotPetya (2017): infected multinational corporations
● Compromise millions of devices● Worst case: human lives
4
![Page 5: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/5.jpg)
SSL / TLS
● Use online key to sign all updates (e.g., SSL / TLS, CUP)● Protects users from man-in-the-middle attacks
5
Repository User
![Page 6: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/6.jpg)
The problem with SSL / TLS
● Doesn’t say anything about the security of the server: just the connection● Single point of failure: easy to compromise● If repository is compromised, attacker can install malware and control devices
6
Repository User
Attacker
![Page 7: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/7.jpg)
GPG / RSA
● Why not sign updates using GPG / RSA keys kept off repository?
7
![Page 8: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/8.jpg)
GPG / RSA
● Why not sign updates using GPG / RSA keys kept off repository?
● Assumes key distribution problem solved, but OK...
● Mission accomplished, right?
8
![Page 9: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/9.jpg)
What do these organizations have in common?
9
![Page 10: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/10.jpg)
Vulnerabilities in software updates
10
![Page 11: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/11.jpg)
Goal: compromise-resilience
● Only a question of when, not if
● Cannot prevent a compromise
● But must severely limit its impact
11
Internet
Update X
Update Y
Update Z
OEM repository
Phone
Tablet
Laptop
Users
Attacker
![Page 12: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/12.jpg)
One way GPG / RSA is insecure
12
![Page 13: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/13.jpg)
Project metadata & packages
● A repository has many projects
● A project has many packages
● A project signs a metadata file listing packages
13
DjangoDjango-1.8.tar.gz
Bcrypt
Django-1.7.tar.gz
Bcrypt-1.0.tar.gz
Bcrypt-0.1.tar.gz
v4
v7
Metadata Packages
hash
hash
hash
hash
![Page 14: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/14.jpg)
Rollback attacks
● Choose obsolete updates with known security vulnerabilities
14
Django-1.11.3.tar.gz (2017)
![Page 15: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/15.jpg)
Rollback attacks
● No need to tamper with signed updates
● Just replace new signed updates with old signed updates!
15
Django-1.0.4.tar.gz (2009)
![Page 16: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/16.jpg)
Why rollback attacks are bad
● Compromise users w/o tampering with updates! [CCS 2008]
● Obsolete = vulnerable = just as bad as malware
16
![Page 17: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/17.jpg)
Prevents rollback attacks on installed projects
● Verify project metadata to verify packages
● Download project metadata for only package to be installed
● Compare previous & current version numbers of project metadata
17
Django
Bcrypt
Django-1.7.tar.gz
Bcrypt-1.0.tar.gz
Bcrypt-0.1.tar.gz
v3
v7
Metadata Packages
hash
hash
hash
prev > curr !
![Page 18: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/18.jpg)
What about projects yet to be installed?
● BAD! Does not prevent rollback attacks on projects yet to be installed
● What is the previous version number?
18
Django
Bcrypt
Django-1.7.tar.gz
Bcrypt-0.1.tar.gz
Metadata Packages
v3
v6
prev ≤ curr ?
hash
hash
hash
prev > curr !
![Page 19: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/19.jpg)
Compromise-resiliencewith Diplomat
19
![Page 20: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/20.jpg)
The Update Framework (TUF)
20
● Design principles○ Separation of duties○ Threshold signatures○ Explicit & implicit revocation
of keys○ Minimizing risk using offline
keys○ Selective delegation of trust
● CCS 2010
![Page 21: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/21.jpg)
Diplomat
● Provides compromise-resilience & immediate project registration
● USENIX NSDI 2016
21
![Page 22: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/22.jpg)
Snapshot metadata
● Repositories distribute snapshot metadata, or manifest of all projects
22
![Page 23: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/23.jpg)
Download snapshot metadata
● To prevent rollback attacks, first download snapshot metadata
23
![Page 24: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/24.jpg)
Download project metadata
● Then, compare previous & current version number of project metadata
24
prev <= curr?
![Page 25: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/25.jpg)
Download all project metadata
● Do this for every single project metadata file listed in snapshot metadata
25
prev <= curr?
prev <= curr?
![Page 26: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/26.jpg)
Integrations & deployments
26
![Page 27: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/27.jpg)
Problem
● Diplomat too expensive on some repositories like PyPI
● A large number of frequently updated projects
27
![Page 28: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/28.jpg)
Bandwidth cost for new users
● Requires new users to download all project metadata
● 20MB (31x!)
28
![Page 29: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/29.jpg)
Bandwidth cost for returning users
● Requires returning users to download all new or updated project metadata
● 2.1MB (3.2x!)
29
![Page 30: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/30.jpg)
Mercury: a new security system
30
![Page 31: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/31.jpg)
Diplomat: repository cannot be trusted
31
● No trusted party (e.g., humans) to always correctly indicate new project metadata
● Projects are updated too rapidly
? v4
v7
![Page 32: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/32.jpg)
Diplomat: repository cannot be trusted
32
● Repositories use automation to indicate only which projects have been updated
v4
v7
![Page 33: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/33.jpg)
Diplomat: repository cannot be trusted
33
● But attackers who compromise repository can launch rollback attacks
● Just point to obsolete project metadata!
v3
v6
![Page 34: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/34.jpg)
Diplomat: only developers can be trusted
34
● Only developers trusted to provide version numbers
● Price: prohibitive b/w costs
4 > 3 !
7 > 6 !
![Page 35: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/35.jpg)
Mercury: shift trust from developers to repository
35
● Safely shift source of trust from developers to repository
● Snapshot metadata indicates version numbers of project metadata
![Page 36: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/36.jpg)
Mercury: low bandwidth cost
36
● Uses low bandwidth costs
● To prevent rollback attacks, first download snapshot metadata
![Page 37: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/37.jpg)
Mercury: low bandwidth cost
37
● Download project metadata for only package to be installed
● Use delta compression for more savings
![Page 38: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/38.jpg)
Security analysis
38
● But is it secure?
![Page 39: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/39.jpg)
Security analysis: rollback attacks
● Mercury always prevents rollback attacks
39
![Page 40: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/40.jpg)
Security analysis: rollback attacks
● Always compare previous & current version numbers in snapshot metadata
40
![Page 41: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/41.jpg)
Security analysis: rollback attacks
● Do not delete projects from snapshot metadata
● Otherwise, attackers can rollback these projects
41
??
![Page 42: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/42.jpg)
Security analysis: fast-forward attacks
● Unlike Diplomat, susceptible to fast-forward attacks
42
![Page 43: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/43.jpg)
Security analysis: fast-forward attacks
● Arbitrarily increase version numbers in snapshot metadata
● Can deny packages to users
43
![Page 44: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/44.jpg)
Security analysis: fast-forward attacks
● Waste b/w by setting arbitrarily large version numbers
44
9999999……9999999
![Page 45: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/45.jpg)
Security analysis: fast-forward attacks
● Increase version numbers to MAXINT
● Makes recovery impossible
45
![Page 46: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/46.jpg)
Recovering from fast-forward attacks
● Revoke and replace keys used to sign snapshot metadata
● Discard and replace snapshot metadata
46
![Page 47: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/47.jpg)
Recovering from fast-forward attacks
47
System /Cost
Common case
Rarecase
Diplomat Moreexpensive
Lesscomplicated
Mercury Lessexpensive
Morecomplicated
![Page 48: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/48.jpg)
Persistent Mirror +Developer Compromise
48
![Page 49: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/49.jpg)
Protection against malicious mirrors
● Malicious mirrors in powerful nation-states
● Cannot sign new snapshot metadata, but can sign some new project metadata
● Can switch project metadata w/o getting caught
49
![Page 50: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/50.jpg)
Protection against malicious mirrors
● Mercury-hash: hash + version number in snapshot metadata
● Malicious mirrors cannot switch project metadata w/o getting caught
● Higher b/w cost
50
![Page 51: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/51.jpg)
Evaluation ofbandwidth costs
51
![Page 52: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/52.jpg)
Experimental setup
● Security systems○ GPG / RSA — insecure!○ Mercury○ Mercury-hash○ Diplomat-version: projects sign detached version numbers○ Diplomat
● An anonymized log of a month of package downloads from PyPI
52
![Page 53: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/53.jpg)
Bandwidth overhead by security system
53
![Page 54: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/54.jpg)
Bandwidth overhead by security system
54
![Page 55: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/55.jpg)
Bandwidth overhead by security system
55
![Page 56: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/56.jpg)
Bandwidth overhead by security system
56
![Page 57: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/57.jpg)
Bandwidth vs. number of projects
57
![Page 58: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/58.jpg)
Bandwidth vs. rate of project updates
58
![Page 59: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/59.jpg)
Conclusions
59
![Page 60: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/60.jpg)
Takeaways
● Safely shift trust from developers to repository
● Common case less expensive, but rare case slightly more complicated
● Practical use uncovers problems
60
![Page 61: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/61.jpg)
Integrations & deployments
61
![Page 62: Mercury NYU Tandon School of Engineering Vladimir Diaz, Justin Cappos Trishank Karthik ... · 2019-12-18 · Trishank Karthik Kuppusamy, Vladimir Diaz, Justin Cappos NYU Tandon School](https://reader034.fdocuments.net/reader034/viewer/2022042305/5ed11d29a4cd0f7e1411eaee/html5/thumbnails/62.jpg)
Q & A
Thanks! Questions?
https://theupdateframework.github.io/
https://uptane.github.io/
62