[liberationtech] Satori - distributed tamper-resistant circumvention tools

Fri May 2 08:15:52 PDT 2014

On 2 May 2014 11:00, Griffin Boyce <griffin at cryptolab.net> wrote:
> Also open to ideas about how I'm screwing this all up or am
> failing to account for Threat Model X.

I'm wondering about the update mechanism.  As I understand it, some
scenarios are:

1) You bake in SHA256 hashes of software, with links to the bundles.
2) User installs extension over SSL
... Some time passes
3) User downloads software over SSL, the SSL connection gets attacked,
user gets a trojaned bundle
4) Extension notices, saves the day

But then in the non saves-the-day scenario:

1) You bake in SHA256 hashes of software, with links to the bundles.
2) User installs extension over SSL, SSL connection gets attacked, the
extension is backdoored or whatever
3) User downloads software over SSL, the SSL connection gets attacked,
user gets a trojaned bundle
4) Extension does not notice, because extension is backdoored.  Sad times.
BUT, extension cannot help, it assumes you download/install it over
trustworthy connection, just like CryptoCat, Tor (without gpg
checking), etc etc.  No harm no foul.

But what about updates...

1) You bake in SHA256 hashes of software, with links to the bundles.
2) User installs extension over SSL
... Some time passes
3) Extension checks for update over SSL???
4) The SSL connection gets attacked, user gets a trojaned extension???
5) User downloads software over SSL, the SSL connection gets attacked,
user gets a trojaned bundle
6) Extension does not notice, because extension is backdoored.  Sad times.

So my question is around this type of scenario.

Do chrome extensions update over SSL? Is this update connection to
google pinned, so you have to compromise a specific CA, instead of any
CA?  Do chrome extensions have a private offline key you use to sign
extensions, to prevent malicious extension upgrades by google/an
attacker who can middle SSL?

-tom