Making sure a program gets to the receiver intact
How can I insure a program, once put on FTP sites stays untampered with? I have done the following, but I still find holes: 1: PGP signed each file with a seperate .sig file. 2: Made a MD5 list, using 2-3 seperate programs (making sure they agree), PGP signing the list, and asking friends to sign the list, leaving seperate .sigs in the directory. 3: Encrypting a copy of the MD5 list with a passphrase (if all keys are fragged, then in front of trusted witnesses, I can decrypt the key, show them that the MD5 list is authentic.) 4: PKZIPPING it using my AV key. (Yes, I am aware that this is a joke, but since I am a registered user, why not use it?) (Side note, if one uses PKZIP, please register it. I have seen so many unregistered copies of this, that it makes my eyes water.) The holes: 1: Someone hacking the keyservers, substituting a key for all the people who signed, and modifing the archive to show that. 2: Someone breaking into my apt, sticking a keyboard monitor on, getting my passphrase and key. Most of this is theoritical, as it is hard to hack _all_ keyservers to nuke my PGP key, then hack AOL, compuserve, and other FTP sites to modify the binary, but I would like to make _sure_ this program gets into user's hands without getting modified. (Not for paranoia reasons, but just to see how well one can make a package resistant to tampering.) Pardon the anonymous ID, as my reputation with my REAL user id is not so great. (No, I am not Lance, but not that better off due to tons of dumb mistakes with my regular ID on this list.) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
From: an169306@anon.penet.fi How can I insure a program, once put on FTP sites stays untampered with? The best solution is not digital signatures but rather digital timestamping. The question is not persistence of authorship but rather persistence through time. Digital timestamping is not keyed. The Haber-Stornetta algorithm uses only one way functions. The certificate the timestamping algorithm spits out gives a way of verifying that the modification state (yes/no) is the same as that of the timestamping root, shared by many participants. The assumption is that spoofing the root of the timestamp system is hard, exactly because it is shared widely. The initial system published the root in the NYT announcements section. Since then, Haber and Stornetta have started Surety Technology, which is commercializing the patent. Their new system doesn't have a single point of failure at the root, it appears, but I don't know details. The problem of detecting modification is not the same problem as assuring that version one was written by the same author as version two. The asker of the original question said nothing of versioning. The question applies to first versions as well, where persistence of identity is not at issue. Digital signatures will work to affix a pattern of bits, but as with digital signatures, if the key is modified, so might be the signature. Yet digital signatures require private keys, which do persist through time, and so there is an issue of forward security. The private key, if compromised, might be used to sign a statement that the signature on the binary was a forgery! With digital timestamping, no keying information exists to be compromised, so the affixation of bit pattern is permanent. The holes: 1: Someone hacking the keyservers, substituting a key for all the people who signed, and modifing the archive to show that. 2: Someone breaking into my apt, sticking a keyboard monitor on, getting my passphrase and key. This is all a problem of economics. What is it worth to compromise the binary? How much does it cost to perform the compromises? In fact the real problem is deeper. The binary, public key, and signatures can simply be entirely replicated. Now a person trying to distinguish between one binary/key/sig triple from the other must rely upon some social process to distinguish, which is not much different than the original problem of distinguishing two binaries claiming to be the same thing. This is where digital timestamping shines. The timestamp algorithm yields time ordering of the various binaries. Now the discrimination problem between binaries can be resolved by choosing the _earlier_ one. We assume that the spoofer has only access to the public version in order to create an alteration. Note that this solution doesn't protect against an insider publishing a modified version before the actual release. This is not to say that binaries shouldn't be signed. A common trojan horse attack on binaries is to release "bug-fix" versions. It is in this situation that the persistence of identity of authorship is important. Eric
On Thu, 22 Dec 1994 an169306@anon.penet.fi wrote:
2: Someone breaking into my apt, sticking a keyboard monitor on, getting my passphrase and key.
I'm quite concerned about that myself. Is there a way to tell if your computer has been tampered with? Assume that looking at the case doesn't do much good (they get by that easy), and if they want to hide the bug they can. Voltage monitoring?
Pardon the anonymous ID, as my reputation with my REAL user id is not so great. (No, I am not Lance, but not that better off due to tons of dumb mistakes with my regular ID on this list.)
Ah. Glad you put in the "No, I'm not Lance" part. I was wondering when I read that paragraph. :)
participants (3)
-
an169306@anon.penet.fi -
eric@remailer.net -
Jason Burrell