The release of TUF 1.0 (The Update Framework) has been published, providing tools for securely checking for and downloading updates. The main goal of the project is to protect the client from typical attacks on repositories and infrastructure, including countering the promotion by attackers of fictitious updates created after gaining access to keys for generating digital signatures or compromising the repository. The project is developed under the auspices of the Linux Foundation and is used to improve the security of update delivery in projects such as Docker, Fuchsia, Automotive Grade Linux, Bottlerocket and PyPI (the inclusion of download verification and metadata in PyPI is expected in the near future). The TUF reference implementation code is written in Python and distributed under the Apache 2.0 license.
The project is developing a series of libraries, file formats and utilities that can be easily integrated into existing application update systems, providing protection in the event of key compromise on the side of software developers. To use TUF, it is enough to add the necessary metadata to the repository, and integrate the procedures provided in TUF for downloading and verifying files into the client code.
The TUF framework takes on the tasks of checking for an update, downloading the update, and verifying its integrity. The update installation system does not directly interfere with additional metadata, the verification and loading of which is undertaken by TUF. For integration with applications and update installation systems, a low-level API for accessing metadata and an implementation of a high-level client API ngclient, ready for integration with applications, are offered.
Among the attacks that TUF can counter are the substitution of old releases under the guise of updates in order to block the correction of software vulnerabilities or the user's rollback to an old vulnerable version, as well as the promotion of malicious updates correctly signed using a compromised key, DoS attacks on clients, such as filling up the disk with endless updates.
Protection against compromise of the software provider's infrastructure is achieved by maintaining separate, verifiable records of the state of the repository or application. Metadata verified by TUF includes information about keys that can be trusted, cryptographic hashes to evaluate the integrity of files, additional digital signatures to verify metadata, information about version numbers, and information about the lifetime of records. The keys used for verification have a limited lifetime and require constant updating to protect against signature formation by old keys.
Reducing the risk of compromise of the entire system is achieved through the use of a shared trust model, in which each party is limited only to the area for which it is directly responsible. The system uses a hierarchy of roles with their own keys, for example, the root role signs keys for roles responsible for metadata in the repository, data on the time of generation of updates and target assemblies, in turn, the role responsible for assemblies signs roles associated with the certification of delivered files.
To protect against key compromise, a mechanism for prompt revocation and replacement of keys is used. Each individual key contains only the minimum necessary powers, and authentication operations require the use of several keys (the leak of a single key does not allow an immediate attack on the client, and to compromise the entire system, the keys of all participants must be captured). The client can only accept files that are more recent than previously received files, and data is downloaded only according to the size specified in the certified metadata.
The published release of TUF 1.0.0 offers a completely rewritten and stabilized reference implementation of the TUF specification that you can use as a ready-made example when creating your own implementations or for integration into your projects. The new implementation contains significantly less code (1400 lines instead of 4700), is easier to maintain and can be easily extended, for example, if it is necessary to add support for specific network stacks, storage systems or encryption algorithms.
Source: opennet.ru