Closed vladimir-v-diaz closed 7 years ago
An idea we've entertained in the past is providing a tool that can be used for conformance testing with the specification. More information on conformance testing and how it can be done in TUF/Uptane is available in a pending TAP (TUF Augmentation Proposal): https://github.com/theupdateframework/taps/blob/tap7/tap7.md
@awwad has provided setup notes on an attack we can show for the Uptane demo:
Compromised Director -- try rollback (fail; Defended w/ Sound Effect)
(?) Update Director key -- all is well, normal update( Updated screen, sound effect)
Compromise Supplier -- arbitrary package attack fails (Defended, sound effect)
Also Compromise Director -- arbitrary package attack succeeds (Compromised, cackling witch)
Update keys for Supplier (some button on the attack interface)
Restore Primary & Secondary (I guess clean_slate() --- command delivered on command line?)
Press button to build (same) evil Director bundle again -- arbitrary package attack now fails (even with malicious Director)
Not an attack - that was a sketch of multiple attacks from some emails Justin and I had exchanged.
The attacks in that list are basically:
Recovery steps are included for a few of those.
The eventual goal is to cover in the demo each of the attacks you've described.
Including another sketch provided by @awwad.
(Note that the ECUs are continuously updating, to no effect.)
1. Assign normal update (Updated screen, sound effect) 2. MITM - Arbitrary fails (*) (fake Director -- wifi icon on OEM/Director Interface? wifi emoji in script button "MITM") 3. Compromised Director -- try rollback (fail; Defended w/ Sound Effect) 4. (?) Update Director key -- all is well, normal update( Updated screen, sound effect) 5. Compromise Supplier -- arbitrary package attack fails (Defended, sound effect) 6. Also Compromise Director -- arbitrary package attack succeeds (Compromised, cackling witch) 7. Update keys for Supplier (some button on the attack interface) 8. Restore Primary & Secondary (I guess clean_slate() --- command delivered on command line?) 9. Press button to build (same) evil Director bundle again -- arbitrary package attack now fails (even with malicious Director)
This issue was moved to uptane/uptane#26
Uptane's reference implementation should provide scripts, or tests, that verify protection against the attacks covered in the Uptane Design Overview.
Section 7.3 of the design overview document lists the following attacks:
In addition, the attacks blocked by TUF should also be shown to be prevented by Uptane. Other attacks not listed in the design document include:
References: (1) blocking malicious attacks in the TUF reference implementation.
(2) TUF unit tests that demonstrate prevention of known updater attacks (they end in
_attack.py
)