Towards Usable Checksums: Automating the Integrity Verification of Web Downloads for the Masses

Details

Ressource 1Download: Cherubini18CCS.pdf (5035.52 [Ko])
State: Public
Version: Author's accepted manuscript
Serval ID
serval:BIB_9BD511E5C0D0
Type
Inproceedings: an article in a conference proceedings.
Collection
Publications
Institution
Title
Towards Usable Checksums: Automating the Integrity Verification of Web Downloads for the Masses
Title of the conference
Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS)
Author(s)
Cherubini M., Meylan A., Chapuis B., Humbert M., Bilogrevic I., Huguenin K.
Publisher
ACM
Address
Toronto, ON, Canada
Publication state
Published
Issued date
10/2018
Peer-reviewed
Oui
Pages
1256-1271
Language
english
Abstract
Internet users can download software for their computers from app stores (e.g., Mac App Store and Windows Store) or from other sources, such as the developers' websites. Most Internet users in the US rely on the latter, according to our representative study, which makes them directly responsible for the content they download. To enable users to detect if the downloaded files have been corrupted, developers can publish a checksum together with the link to the program file; users can then manually verify that the checksum matches the one they obtain from the downloaded file. In this paper, we assess the prevalence of such behavior among the general Internet population in the US (N=2,000), and we develop easy-to-use tools for users and developers to automate both the process of checksum verification and generation. Specifically, we propose an extension to the recent W3C specification for sub-resource integrity in order to provide integrity protection for download links. Also, we develop an extension for the popular Chrome browser that computes and verifies checksums of downloaded files automatically, and an extension for the WordPress CMS that developers can use to easily attach checksums to their remote content. Our in situ experiments with 40 participants demonstrate the usability and effectiveness issues of checksums verification, and shows user desirability for our extension.
Open Access
Yes
Create date
13/08/2018 10:17
Last modification date
21/08/2019 6:09
Usage data