Authenticated software update

Software update is the process of updating software running on computing devices. It allows computing devices to download and to install software packages and patches in real time. This is an important feature for managing the computing devices in a distributed network, as it saves the trouble of having to either recall the devices back to the manufacturers or send field engineers to remote locations to maintain the devices.;Without authentication, software update can be exploited to distribute trojan horses, viruses, or other malicious programs. Previous approaches to software up-date either use no authentication at all, or use conventional digital signatures that are inefficient for authenticating partial updates such as patches. In our research, we solve two problems, (1) how to distribute software updates to devices, so that the devices can efficiently authenticate the data that is received; and (2) how to restrict devices to run only the authenticated software that is authorized for the devices.;We design and develop a client-server software update system, which uses an on-the-fly signature generation scheme to provide data authentication to a dynamic bundle of various software packages. With our scheme, each bundle is authenticated by a single digital signature. Compared with conventional software update systems where each software package within a bundle has to be individually signed, our scheme reduces the computation for the server to generate the signature and for the client to verify it. For client devices which has an embedded trusted computing module (TCM), by using a single signature for a bundle instead of one signature per software package inside the bundle, our data authentication scheme can prevent the bundle from being modified, for example, by adding or removing signed software packages.;Using one signature for a bundle, with conventional fingerprint algorithms this means any change to the bundle will incur the whole bundle to go through the underlying hashing process of the fingerprint algorithm. We devised two incremental fingerprint algorithms. When the bundle is partially updated, by using our incremental fingerprint algorithms, the fingerprint of the bundle can be quickly updated, by incorporating to the fingerprint of the original bundle with the fingerprints of those packages inside the bundle that are actually changed. Experiments show that our fingerprint update cost is proportional to the size of the data that is modified.