security improvements in t ex live
play

Security improvements in T EX Live Norbert Preining T EX Live - PowerPoint PPT Presentation

Feb 24, 2024 •35 likes •715 views

Security improvements in T EX Live Norbert Preining T EX Live Team Tug 2016, Toronto T EX Live security 2 Overview status up to (and including) 2015 possible attack vectors integrity and authenticity verification

  1. Security improvements in T EX Live Norbert Preining T EX Live Team Tug 2016, Toronto

  2. T EX Live security – 2 Overview ▶ status up to (and including) 2015 ▶ possible attack vectors ▶ integrity and authenticity ▶ verification architecture ▶ (non-)distributing GnuGP (and alternatives) ▶ Problems ▶ user experience ▶ key management

  3. T EX Live security – 3 Status up to 2015 name 12many ... containersize 2100 containermd5 ..... doccontainersize 375404 doccontainermd5 .... ... only used to restart an interrupted installation not for tlmgr update nor for normal installation! ▶ container checksum (md5) is available in the tlpdb ▶ but …

  4. T EX Live security – 3 Status up to 2015 name 12many ... containersize 2100 containermd5 ..... doccontainersize 375404 doccontainermd5 .... ... not for tlmgr update nor for normal installation! ▶ container checksum (md5) is available in the tlpdb ▶ but … only used to restart an interrupted installation

  5. T EX Live security – 3 Status up to 2015 name 12many ... containersize 2100 containermd5 ..... doccontainersize 375404 doccontainermd5 .... ... not for tlmgr update nor for normal installation! ▶ container checksum (md5) is available in the tlpdb ▶ but … only used to restart an interrupted installation

  6. T EX Live security – 4 Do we need better security?

  7. ▶ exchange pdftex binary with one shipping a crypto-virus ▶ enjoy … T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror

  8. ▶ enjoy … T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus

  9. T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ enjoy …

  10. T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ enjoy …

  11. T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ enjoy …

  12. ▶ exchange pdftex binary with one shipping a crypto-virus ▶ adjust the container that the MD5 sum does not change ▶ enjoy … T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror

  13. ▶ adjust the container that the MD5 sum does not change ▶ enjoy … T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus

  14. ▶ enjoy … T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ adjust the container that the MD5 sum does not change

  15. T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ adjust the container that the MD5 sum does not change ▶ enjoy …

  16. T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ adjust the container that the MD5 sum does not change ▶ enjoy …

  17. ▶ exchange pdftex binary as before ▶ adjust the checksum in the tlpdb file ▶ enjoy … T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good

  18. ▶ adjust the checksum in the tlpdb file ▶ enjoy … T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good ▶ exchange pdftex binary as before

  19. ▶ enjoy … T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good ▶ exchange pdftex binary as before ▶ adjust the checksum in the tlpdb file

  20. T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good ▶ exchange pdftex binary as before ▶ adjust the checksum in the tlpdb file ▶ enjoy …

  21. T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good ▶ exchange pdftex binary as before ▶ adjust the checksum in the tlpdb file ▶ enjoy …

  22. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  23. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  24. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  25. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  26. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  27. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  28. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  29. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  30. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  31. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  32. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  33. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  34. T ... ... r2mB9xEnR4o2SRBDNI... iQEVAwUBVyAV9kzhh3... —–BEGIN PGP SIGNATURE—– texlive.tlpdb.sha512.asc <128 hex digits> texlive.tlpdb texlive.tlpdb.sha512 containerchecksum ... EX Live security – 10 name 2up ... containerchecksum ... name 12many ... name 00texlive.config texlive.tlpdb Verification of authenticity —–END PGP SIGNATURE—–

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pedestrian Improvements at Rail Crossings Study Safety and Security for All Evaluated several

Pedestrian Improvements at Rail Crossings Study Safety and Security for All Evaluated several

Pedestrian Improvements at Rail Crossings Study Safety and Security for All Evaluated several of the Countys railroad crossings Developed a toolbox of strategies Identified possible funding sources Recommended improvements

418 views • 20 slides
Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the

Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the

Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the Security of International Spent Nuclear Fuel Transportation Adam D. Williams Global Security Research &amp; Analysis Sandia National Laboratories

505 views • 13 slides
Update on Security Improvements at San Francisco General Hospital Department Public Health

Update on Security Improvements at San Francisco General Hospital Department Public Health

Update on Security Improvements at San Francisco General Hospital Department Public Health Health Commission Meeting December 17, 2013 1 New Security Measures Implemented Beginning in October Daily emergency stairwell checks by Sheriff

118 views • 7 slides
Improvements on Distributed Key Generation Bachelor Project Kopiga Rasiah Responsible

Improvements on Distributed Key Generation Bachelor Project Kopiga Rasiah Responsible

Improvements on Distributed Key Generation Bachelor Project Kopiga Rasiah Responsible Supervisor Bryan Ford Nicolas Gailly 1 Improvements on Distributed Key Generation Objective: Bringing improvements in order to enhance the security of

634 views • 28 slides
SUSTAINABLE IMPROVEMENTS IN FOOD SECURITY AND NUTRITION Dr. Kavita Sethuraman, Technical Advisor,

SUSTAINABLE IMPROVEMENTS IN FOOD SECURITY AND NUTRITION Dr. Kavita Sethuraman, Technical Advisor,

EMPOWERING WOMEN AND GIRLS: A CRITICAL PATHWAY TO ACCELERATE SUSTAINABLE IMPROVEMENTS IN FOOD SECURITY AND NUTRITION Dr. Kavita Sethuraman, Technical Advisor, Maternal and Child Health and Nutrition April 19 2017 Food and Nutrition Technical

408 views • 20 slides
De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst Speaker Background Computer Science degree from the University of New Orleans Former Security Consultant for Neohapsis Worked for Digital

911 views • 61 slides
LIBREOFFICE LOCKDOWN &amp; ENCRYPTION Improvements to document security &amp; permissions

LIBREOFFICE LOCKDOWN &amp; ENCRYPTION Improvements to document security &amp; permissions

LIBREOFFICE LOCKDOWN &amp; ENCRYPTION Improvements to document security &amp; permissions Thorsten Behrens, CIB software GmbH FOSDEM 2020, Brussels, February 3, 2020 1 Yours Truly Thorsten Behrens thb@libreoffice.org Since 2015 with

502 views • 14 slides
Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in

Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in

Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in Deposit Accounts, Securities Accounts and Other Investment Property Establishing Control Under the UCC to Perfect Security Interests in Special

784 views • 64 slides
that it is not sufficient to preserve security in outer space. Via the UN General Assembly

that it is not sufficient to preserve security in outer space. Via the UN General Assembly

Prospects for Progress on Space Security Diplomacy Presentation by Paul Meyer Senior Fellow, The Simons Foundation Space Security Index side event Tracking Space Security: Are We Ready to Go Live? held during the United Nations General

229 views • 3 slides
Water Infrastructure Improvements in Highland Park Highland Park Community Council June 21, 2020

Water Infrastructure Improvements in Highland Park Highland Park Community Council June 21, 2020

Water Infrastructure Improvements in Highland Park Highland Park Community Council June 21, 2020 1 AGENDA Introduction and Purpose COVID-19 Impacts Highland I Reservoir Parapet Wall Security Improvements Rising Main and Pump

354 views • 9 slides
IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst

IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst

#RSAC SESSION ID: SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst Independent Security Evaluators (ISE) Independent Security Evaluators (ISE) @rramgatie @omerfar23 #RSAC

924 views • 43 slides
Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r

Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r

APNA 30th Annual Conference Session 3046: October 21, 2016 Assumptio ns T his to pic c a n b ring up a lo t o f e mo tio ns Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r Altho ug h the

328 views • 8 slides
Yaos Garbled Circuits Recent Directions and Implementations Pete Snyder Outline 1. Context

Yaos Garbled Circuits Recent Directions and Implementations Pete Snyder Outline 1. Context

Yaos Garbled Circuits Recent Directions and Implementations Pete Snyder Outline 1. Context 2. Security definitions 3. Oblivious transfer 4. Yaos original protocol 5. Security improvements 6. Performance improvements 7.

1.05k views • 73 slides
+ Continues Improvements Outcome Measures &amp; Surveys Security &amp; Privacy Considerations

+ Continues Improvements Outcome Measures &amp; Surveys Security &amp; Privacy Considerations

Bounce back Seminar 9/11/2015 Harnessing technology and Pres esen entatio ion Ov Over ervi view exercise intervention to optimise patient outcomes Technology &amp; Work Flow + Continues Improvements Outcome Measures &amp; Surveys

86 views • 5 slides
Who Benefited From Transportation Improvements? Weve seen that many of the transportation

Who Benefited From Transportation Improvements? Weve seen that many of the transportation

Who Benefited From Transportation Improvements? Weve seen that many of the transportation improvements led to major reductions in shipping costs but didnt necessarily lead to big profits for investors If transportation improvements were so

609 views • 40 slides
Bike Security Task Force Update JPB Citizens Advisory Committee September 19, 2018 Agenda Item

Bike Security Task Force Update JPB Citizens Advisory Committee September 19, 2018 Agenda Item

Bike Security Task Force Update JPB Citizens Advisory Committee September 19, 2018 Agenda Item 9 Presentation Outline Interdepartmental Effort Data Gathering &amp; Improvements Improvements Key Complete Near-term Long-term 2

333 views • 11 slides
Introduction CS 4410 Operating Systems [ R. Agarwal, L. Alvisi, A. Bracy, M. George, F. B.

Introduction CS 4410 Operating Systems [ R. Agarwal, L. Alvisi, A. Bracy, M. George, F. B.

Introduction CS 4410 Operating Systems [ R. Agarwal, L. Alvisi, A. Bracy, M. George, F. B. Schneider, E. G. Sirer, R. van Renesse ] What an OS does OS is an intermediary between programs and hardware. OS creates an environment to

697 views • 21 slides
PISCES: A Programmable, Protocol-Independent Software Switch Muhammad Shahbaz, Sean Choi , Ben

PISCES: A Programmable, Protocol-Independent Software Switch Muhammad Shahbaz, Sean Choi , Ben

PISCES: A Programmable, Protocol-Independent Software Switch Muhammad Shahbaz, Sean Choi , Ben Pfaff, Changhoon Kim, Nick Feamster, Nick McKeown, and Jennifer Rexford Fixed Set of Protocols Fixed-Function Switch Chip Ethernet TCP HTTP UDP

1.34k views • 30 slides
Is End-to-End Integrity Verification Really End- to-End? Ahmed Alhussen, Batyr Charyyev, and Engin

Is End-to-End Integrity Verification Really End- to-End? Ahmed Alhussen, Batyr Charyyev, and Engin

Is End-to-End Integrity Verification Really End- to-End? Ahmed Alhussen, Batyr Charyyev, and Engin Arslan Whats End-to-End Integrity Verification Data corruption may occur during transfers Faulty equipment, transient errors etc.

523 views • 13 slides
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits

Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits

Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n ). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits; 8th bit is

979 views • 40 slides
Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services

Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services

Overview Cryptography functions Secret key (e.g., DES) Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy: preventing unauthorized release of information Outline Authentication:

883 views • 5 slides
Pr Pract ctica cal Web-ba based d Delta Sy Sync fo for Cloud Storage Services He Xiao

Pr Pract ctica cal Web-ba based d Delta Sy Sync fo for Cloud Storage Services He Xiao

Pr Pract ctica cal Web-ba based d Delta Sy Sync fo for Cloud Storage Services He Xiao Zhenhua Li Ennan Zhai Tianyin Xu xiaoh16@gmail.com July 10, 2017 Hotstorage17 Ne Network Traffic is Ov Overwhelming in in Clo loud Storag age

622 views • 26 slides
Types vs Tests Amanda Laucher @pandamonial* Intersubjectivity Assumptions Craftsmanship Quotes

Types vs Tests Amanda Laucher @pandamonial* Intersubjectivity Assumptions Craftsmanship Quotes

Types vs Tests Amanda Laucher @pandamonial* Intersubjectivity Assumptions Craftsmanship Quotes When in doubt create a type. Martin Fowler Make illegal states unrepresentable. Yaron Minsky Michael Feathers describes legacy code as

1.03k views • 69 slides
Berkeley Archival Storage Encapsulation Library (BASE) Alex Sim, Junmin Gu Scientific Data

Berkeley Archival Storage Encapsulation Library (BASE) Alex Sim, Junmin Gu Scientific Data

Berkeley Archival Storage Encapsulation Library (BASE) Alex Sim, Junmin Gu Scientific Data Management Research Group Computational Research Division Lawrence Berkeley National Laboratory A. Sim, CRD , LBNL Sep. 30, 2015 1 BASE Berkeley

518 views • 22 slides

More recommend