“Updaticator: Updating Billions of Devices by an Efficient, Scalable and Secure Software Update Distribution Over Untrusted Cache-enabled Networks”; M. Ambrosin, C. Busold, M. Conti, A. Sadeghi, M. Schunter, accepted at ESORICS 2014.
Abstract
Secure and fast distribution of software updates and patches is essential for securing systems. Today, each device downloads updates individually from a software provider distribution server. This approach does not scale to large systems with billions of devices where the network bandwidth of the server and the local Internet gateway soon become bottlenecks. Cache-enabled Network (CN) services (either proprietary, as Akamai, or open Content-Distribution Networks) can reduce these bottlenecks. However, currently they do not offer security guarantees against potentially untrusted CN provider that try to threaten the confidentiality of the updates or the privacy of the users.
In this paper, we propose Updaticator, the first protocol for software updates over Cache-enabled Networks that is scalable to billions of concurrent device updates while being secure against malicious networks. We evaluate our proposal considering Named-Data Networking, a novel instance of Cache-enabled overlay Networks. Our analysis and experimental evaluation show that our solution removes the bottlenecks of individual device-update distribution, by reducing the network load at the distribution server from linear in the number of devices to a constant even if billions of devices are requesting updates. Furthermore, the download time is negligible due to local caching when compared to the state-of-the-art individual device-update mechanisms. Thus, our solution makes secure updates practical even for a large number of devices.
[gview file=”https://www.schunter.org/blog/wp-content/uploads/2014/09/main-1.pdf”]