Project 3: Secure Auto-Updates for PHP Applications

One of the major problems in today’s IT security is making software updates a part of the software user’s schedule. We are dealing with unnecessarily outdated software and a vast number of known exploits. On the other hand, automated updates imply a certain danger: If the update server itself is exploited it can issue a manipulated update which then will automatically infect all connected system.

Cryptographic signatures could be an easy solution for this problem: only the legitimate software developer (or team) would digitally sign the updates in question. Even after a successful attack on the update server, the software cannot be distributed because of the invalid signature.Based on the PHP library libsodium we want to develop proofs of concept for popular web applications during the Hackathon.

Comments

Tags: Cloudfest Hackathon 2018