Updaticator: Updating Billions of Devices by an Efficient, Scalable and Secure Software Update Distribution over Untrusted Cache-enabled Networks

  • Moreno Ambrosin
  • Christoph Busold
  • Mauro Conti
  • Ahmad-Reza Sadeghi
  • Matthias Schunter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8712)

Abstract

Secure and fast distribution of software updates and patches is essential for improving functionality and security of computer systems. Today, each device downloads updates individually from a software provider distribution server. Unfortunately, this approach does not scale to large systems with billions of devices where the network bandwidth of the server and the local Internet gateway become bottlenecks. Cache-enabled Network (CN) services (either proprietary, as Akamai, or open Content-Distribution Networks) can reduce these bottlenecks. However, they do not offer security guarantees against potentially untrusted CN providers that try to threaten the confidentiality of the updates or the privacy of the users. In this paper, we propose Updaticator, the first protocol for software updates over Cache-enabled Networks that is scalable to billions of concurrent device updates while being secure against malicious networks. We evaluate our proposal considering Named-Data Networking, a novel instance of Cache-enabled overlay Networks. Our analysis and experimental evaluation show that Updaticator removes the bottlenecks of individual device-update distribution, by reducing the network load at the distribution server: from linear in the number of devices to a constant, even if billions of devices are requesting updates. Furthermore, when compared to the state-of-the-art individual device-update mechanisms, the download time with Updaticator is negligible, due to local caching.

Keywords

Software Updates Secure Updates Distribution Attribute-based Encryption Internet of Things Cache-enabled Network 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    2013 US-CERT Techical Security Alerts, http://www.us-cert.gov/ncas/alerts/2013
  2. 2.
    Akamai Content Delivery Network, http://www.akamai.com
  3. 3.
  4. 4.
    Adelsbach, A., Huber, U., Sadeghi, A.-R.: Secure Software Delivery and Installation in Embedded Systems. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 255–267. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Bellissimo, A., Burgess, J., Fu, K.: Secure Software Updates: Disappointments and New Challenges. In: 1st USENIX Workshop on Hot Topics in Security, pp. 37–43. USENIX Association, Berkeley (2006)Google Scholar
  6. 6.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-Policy Attribute-Based Encryption. In: 2007 IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society, Washington (2007)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Cameron, D., Liu, J.: apt-p2p: A Peer-to-Peer Distribution System for Software Package Releases and Updates. In: 28th IEEE Conference on Computer Communications, pp. 864–872. IEEE, New York (2009)Google Scholar
  9. 9.
  10. 10.
    Delerablée, C., Paillier, P., Pointcheval, D.: Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 39–59. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Deutsches forschungsnetz (DFN), https://www.dfn.de/en/
  12. 12.
  13. 13.
    Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)CrossRefMATHMathSciNetGoogle Scholar
  14. 14.
    Gkantsidis, C., Karagiannis, T., Vojnovic, M.: Planet Scale Software Updates. In: 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 423–434. ACM, New York (2006)Google Scholar
  15. 15.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based Encryption for Fine-grained Access Control of Encrypted Data. In: 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM, New York (2006)Google Scholar
  16. 16.
    Guo, F., Mu, Y., Susilo, W., Wong, D.S., Varadharajan, V.: CP-ABE With Constant-Size Keys for Lightweight Devices. IEEE Transactions on Information Forensics and Security 9(5), 763–771 (2014)CrossRefGoogle Scholar
  17. 17.
    Halevy, D., Shamir, A.: The LSD Broadcast Encryption Scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
  19. 19.
    Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M.F., Briggs, N.H., Braynard, R.L.: Networking Named Content. In: 5th International Conference on Emerging Networking Experiments and Technologies, pp. 1–12. ACM, New York (2009)CrossRefGoogle Scholar
  20. 20.
    Misra, S., Tourani, R., Majd, N.E.: Secure Content Delivery in Information-centric Networks: Design, Implementation, and Analyses. In: 3rd ACM SIGCOMM Workshop on Information-centric Networking, pp. 73–78. ACM, New York (2013)CrossRefGoogle Scholar
  21. 21.
    Named-Data Networking Project (NDN), http://named-data.org
  22. 22.
    NDNx Documentation - Interest Message, http://named-data.net/doc/0.1/technical/InterestMessage.html
  23. 23.
    NDNx – NDN protocol implementation, http://named-data.net/codebase/platform/moving-to-ndnx/
  24. 24.
    NS-3 Simulator, https://www.nsnam.org/
  25. 25.
    Nilsson, D.K., Roosta, T., Lindqvist, U., Valdes, A.: Key Management and Secure Software Updates in Wireless Process Control Environments. In: 1st ACM Conference on Wireless Network Security, pp. 100–108. ACM, New York (2008)Google Scholar
  26. 26.
    Open Mobile Alliance. DRM Specification ver. 2.2, Technical Report (2011)Google Scholar
  27. 27.
    OpneSSL project, https://www.openssl.org/
  28. 28.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based Encryption with Non-monotonic Access Structures. In: 14th ACM Conference on Computer and Communications Security, pp. 195–203. ACM, New York (2007)Google Scholar
  29. 29.
    Philips Hue, http://meethue.com/
  30. 30.
    Sahai, A., Waters, B.: Fuzzy Identity-based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Samuel, J., Mathewson, N., Cappos, J., Dingledine, R.: Survivable Key Compromise in Software Update Systems. In: 17th ACM Conference on Computer and Communications Security, pp. 61–72. ACM, New York (2010)Google Scholar
  32. 32.
  33. 33.
  34. 34.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute Based Data Sharing with Attribute Revocation. In: 5th ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM, New York (2010)Google Scholar
  35. 35.
    Zhiqian, X., Martin, K.M.: Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption in Cloud Storage. In: 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 844–849. IEEE, New York (2012)Google Scholar
  36. 36.
    Zhou, Z., Huang, D., Wang, Z.: Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption. IEEE Transactions on Computers PP(99) (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Moreno Ambrosin
    • 1
  • Christoph Busold
    • 2
  • Mauro Conti
    • 1
  • Ahmad-Reza Sadeghi
    • 3
  • Matthias Schunter
    • 4
  1. 1.University of PaduaItaly
  2. 2.Intel CRI-SCTU DarmstadtGermany
  3. 3.CASED/TU DarmstadtGermany
  4. 4.Intel LabsDarmstadtGermany

Personalised recommendations