Reducing Unauthorized Modification of Digital Objects

Author(s): Paul C. van Oorschot, Member, IEEE, and Glenn Wurster
Venue: IEEE transactions on software engineering
Date: 20

Type of Experiement: Other


In this article, the authors presents a solution, which is a protection mechanism for malicious modification of digital artifacts. The authors start off by talking about restricting updates by key-locking which involves digital signatures against unauthorized modification to files. The idea is to replace the old key with a new key using the valid public keys in the old object. First, the authors talks about key evolution which involves handling a lost key by having verification keys in the object. The new public key should be updated with a major release to prevent downgrading. The authors suggests that using one of the public keys to verify signature to replace the old object with a new one. The authors also suggest that
private signing keys do not need to be shared among those who create key-locked digital objects. In addition the authors explain the benefits of key-locking, including no central key repository, low overhead, simplicity, and destruction or denial for key replacing attempt. The authors also give ways to enhance key-locking such as versioning and sub-keying. The authors, in addition, gives examples of applications that use key-locking mechanism. The authors thoroughly explain the mechanism of binary-locking and its usage. Furthermore, the authors also compare the proposed mechanism with Google Android's and other applications that use different protection mechanism