Securing downloads: integrity and authenticity

Raphaël 2024-09-09

Asfaload develops a solution to help secure and authenticate downloads from the internet. Enhancing the security of downloading files from the internet requires 2 checks: the integrity of the file, and its authenticity. We’ll explore those concepts in this post.

Integrity

By checking a file’s integrity we mean checking that the downloaded file, on your disk, is the same as the one published on the server.

Why is integrity important to be checked

Checking the integrity will ensure you have the original, unaltered, functional file as put on the server by the publisher. Being sure to have an unaltered file is important. It means:

  • the file wasn’t corrupted during the download due to transmission errors
  • the file on the server was not replaced by a malicious one. For example Sourceforge notoriously injected adware on some downloads.
  • the file wasn’t altered by a malicious actor during transfer (e.g. a Man In The Middle attack, a proxy, a local browser plugin)

Checking the integrity of a file is usually done by publishing a fingerprint (called a hash) of the file alongside it. Once you have downloaded the file, you can check its integrity by computing the fingerprint of the downloaded file, and compare it with the fingerprint shared by the publisher.

Why are integrity checks not sufficient?

Checking the integrity of a file is a good precaution to take and increases your security, but it is not flawless. If the server of the file publisher is hacked, the malicious actor can not only replace the published file by a malicious one, but also replace the fingerprint of the original file by the fingerprint of the malicious file. One counter-measure is to publish the fingerprint in different places. This makes it harder for an attacker to replace it in all locations, but it also makes it more cumbersome to check… And experience shows that inconvenient security is rapidly abandonned…

To increase security further, we also need authenticity checks.

Authenticity

An authenticity check will ensure that the downloaded file was made available by the expected publisher. This requires an additional signing step, and is not a novel idea. GPG can be used for this. But GPG is a general toolkit with a user-friendliness record less than convincing. That makes it cumbersome to use, and GPG signatures are rarely published, being confined to very security sensitive area for example a bitcoin wallet like Electrum.

Why is authenticity important to be checked?

Checking the authenticity of a file ensures the file you download was made available by its original publisher. Even if the publisher’s server is cracked, with the published file and its fingerprint replaced by the attacker, you are able to detect that the file was not made available by the original publisher, as long as the signing procedure of the published was not compromised.

Asfaload’s solution

Asfaload is working on a solution to easily check files integrity and authenticity of downloads from the internet. Our solution integrates with existing publishing platforms like Github Releases, and can be applied to already published file. A description of our approach will be shared in an upcoming post.