[Colloq] Robbie Ye Thesis Defense 4/23

[Patricia Freeman]

College of Computer Science
PhD Thesis Defense
Ruopeng Ye

will speak on
”Authenticated Software Update"

Wednesday, April 23, 2007
3:00PM
366 West Village H

Abstract:
Software update is the process of updating software running on computing
devices.
It allows computing devices to download and to install software packages and
patches in real time. This is an important feature for managing the
computing
devices in a distributed network, as it saves the trouble of having to
either recall
the devices back to the manufacturers or send field engineers to remote
locations
to maintain the devices.

Without authentication, software update can be exploited to distribute
trojan
horses, viruses, or other malicious programs. Previous approaches to
software update
either use no authentication at all, or use conventional digital
signatures that
are inefficient for authenticating partial updates such as patches. In
our research,
we solve two problems, 1) how to distribute software updates to devices
so that the
devices can efficiently authenticate the data that is received; and 2)
how to restrict
devices to run only the authenticated software that is authorized for
the devices.

We design and develop a client-server software update system, which uses an
on-the-fly signature generation scheme to provide data authentication to
a dynamic
bundle of various software packages. With our scheme, each bundle is
authenticated
by a single digital signature. Compared with conventional software
update systems
where each software package within a bundle has to be individually
signed, our
scheme reduces the computation for the server to generate the signature
and for
the client to verify it. For client devices which has an embedded
trusted computing
module (TCM), by using a single signature for a bundle instead of one
signature per
software package inside the bundle, our data authentication scheme can
prevent the
bundle from being modified by adding or removing signed software packages.

Using one signature for a bundle, with conventional fingerprint
algorithms this
means any change to the bundle will incur the whole bundle to go through
the underlying
hashing process of the fingerprint algorithm. We devised two incremental
fingerprint
algorithms. When the bundle is partially updated, by using our
incremental fingerprint
algorithms, the fingerprint of the bundle can be quickly updated by
incorporating to
the fingerprint of the original bundle with the fingerprints of those
packages that are
actually changed. Experiments show that our fingerprint update cost is
proportional to
the size of the data that is modified.