In Code We Trust
IN CODE WE TRUST: FIGHTING TARGETED BACKDOORS WITH SECURE MULTIPARTY CODE REVIEWS AND A SINGLE SOURCE OF TRUTH In his HCPP17 talk "The Fog of Cryptowar" (see http://shadowlife.cc/files/hcpp17-smuggler.html) Smuggler warned about targeted updates being used to introduce backdoors into specific devices in order to surveil the user.
Unfortunately, that's exactly the approach the Australian government, a member of the Five Eyes, is taking in their proposed Assistance and Access Bill 2018:
"[Technical Capability] Notices may still require a provider to enable access to a particular service, particular device or particular item of software, which would not systematically weaken these products across the market."
This approach won't be unique to Australia, they are just spearheading the approach for the Five Eye nations, and others are likely to follow.
The suggested technical counter-measures in "The Fog of Cryptowar" included secure software development and delivery.
In this talk a tool is presented which tackles these two areas by:
- Establishing code trust via multi-party code reviews recorded in unmodifiable hash chains. This prevents that a single developer can include a generic backdoor into software.
- A single source of truth (SSOT) mechanism which makes sure every user of the software gets the same version of the software. This prevents targeted backdoors and the suppression of security updates.
Together this builds a secure software delivery and update mechanism which cannot be compromised by a single developer or for a specific user. In the next step it could be used to improve the most common signing mechanism used by open-source software distributions---a single GPG signature---which has neither of the two properties described above.
