@webboot - a layer of trust for the web
Abstract:
Integrity guarantees
webboot provides a solution to provably verify the integrity of any piece of addressible content, increasing security guarantees for developers and end-users.
Social trust
webboot allows social trust chains for public data. Any entity publishing a piece of publicly addressible data can proof their authorship.
User benefits
webboot connects browsers with smart contract enabled distributed hash tables to provide version management, caching, and subresource integrity guarantees.
Byzantine betrayal resistance
Satoshi Nakamoto's solution to the byzantine fault problem enabled trustless transactions of digital currencies, and this spawned a decentralized ecosystem that is just getting started.We are bringing "byzantine betrayal resistance" to addressible content, enabling both the old and the new web to reach previously impossible levels of integrity.
Introduction
webboot is:
A verifiable source of integrity protocol for the web, utilizing a distributed network of validator nodes to provide both developers and users with a toolset that verifies the integrity of any piece of publicly addressable content.
webboot provides solutions for:
Tofu - Trust on first use
By making it possible to verify any published data, webboot solves the technological half of the tofu problem.
Tosu - Trust on subsequent use
Webboot adds functionality to control version updates for both developers and end-users.
Phishing
By knowing which homepages you frequent, webboot will be able to warn you if you visit a url that has similarities to one you visited the past.
All of that without any information about the content or dns of that url!
Problems
Homepages, webapps, and dapps are used to administrate a lot of our public and private lives, yet most users, and many developers, do not realize how broken and dangerous the delivery method of those applications is.
There are some open, unanswered questions to solve:
How can we trust a homepage before we even load it?
How can we trust a homepage not to send us malicious code, intentionally or unintentionally?
How can we verify if that public key somebody sent us is the correct key?
This is crucial nowadays, where a lot of money is exchanged using decentralized public/private key cryptography without transaction reversability.
The Tofu Problem
Trust on first use
How can we trust data someone sends us did not get changed on the way?
By adding @webboot as an intermediary to any data exchange workflow, there suddenly is a third party in the mix, verifying the integrity of the exchanged data on both ends.
Since there is publicly attestable proof of those transactions too, future attestation of past proofs is possible, this allows adding an additional layer to (de)centralized proof of provenance applications.
The Tosu Problem
Trust on subsequent use
TOSU. we made that up.
It being written somewhere on the internet makes it a thing now, though.
Lets assume we solved the TOFU problem; we loaded the first version of a homepage in a trustable way, and we have the working application running on our device. w00t!
But what happens when, on second load, we discover that a piece of data we have loaded has changed? At the least, we again have to verify the data and its origin just as we did on the first load.
Simply said: We MUST NOT trust the server to send us valid code, on the contrary, we SHOULD assume to receive malicious payloads on every load.
Threat Vectors
2.3.a Hackers
Maybe someone hacked the homepage servers between our first use of the app and now, established a Man in the Middle (MITM) attack between the server and us, or the country/company/coffeshop network we just connected to contains malware or spyware.
2.3.b Broken code
The developers of an app might have shipped a version of the code that does not work. If only the client could go back to the version of 5 minutes ago... This problem could be solved by making updates of homepages apps / dapps controllable by us, the users, and by providing multiple sources of "integrity proofs".
2.3.c Malicious developer
The only developer of Acme Corp. has been fired, finding a replacement will take a week or longer.
Before they left, they decided to hide a mining software on the company page.
2.3.d Phishing
Somebody just sent you a link to mircosoft.com.
Did you spot the typo?
Will you spot it if it is miсrosoft.com?
The good news: webboot will warn you if you visited microsoft.com in the past and then try to visit mircosoft.com
Status Quo
What is currently being done to solve trust issues involving software integrity?
This section describes the current Status Quo of data integrity guarantees we can make.
Auditing
Human auditing on for every piece of content is not a viable solution, due to the time it would take.
Formal verification
Theoretically, every script could be analyzed and proven to do what it should do in every situation. But testing software is hard.
This would represent millions of man hours of work
- which noone is willing (or able) to pay for.
Package managers
Some package managers are called app stores. Most use hash integrity checks as part of the install. Some also use public/private key cryptography for author verification.
Version control
(git, svn, mercurial)
Most versioning tools use hashes internally, some use cryptographic signatures for patches and releases.
Subresource integrity hashes
Browsers implemented an integriy system for assets.
SRI hashes prove that a piece of payload matches the expected hash.A compromised server can just send compromised scripts and hashes, breaking the security model.
Browser extensions
The noscript browser extension uses sri hashes to block javascript.
Solutions
Trust on First Use
Combining subresource integrity hashes with the @webboot database makes it possible to provide independent integrity verification.
By adding @webboot as the confirming third party, SRI hashes can suddenly be something we trust.
Trust on Subsequent Use
service worker caching
service workers allow us to cache the contents of a homepage for later use and make the homepage available offline.
using that caching mechanism in a smart way, an upgrade and deprecation mechanism can be implemented, prompting the user to update the homepage scripts to the new version when needed.
this solves parts of the tosu problem, giving control of homepage versioning to users, where it should always have been.
Developer tools
Developers need a way to authorize and verify new hashes of addressable content they control, using either a domain.com/keybase.txt identity or a domain.com/keys.txt file.
Using those keys, hashes can be cryptographically verified and checked, making it possible to create chains of trust that end with the actual developers of the properties.
Additionally, others can audit those changes and add their verification, making the chain links even stronger.
Phishing attacks
all addressible data of loaded homepages is cached locally in the user's browser plug in. this allows us to calculate the difference between known urls and the one being loaded, which, in return, allows us to warn the user about a possible phishing attack
Audience
Who does webboot seek to solve problems for?
B2B
developers/hosters of versioned JavaScript/CSS/HTML artifacts
(Microsoft(github)/Amazon/Cloudflare/Google)
cryptocurrency exchanges, custodial wallet services, DeFI
(Coinbase, JaXX, MyCryptoWallet, WalletConnect)
dapp developers
ethereum, aeternity, parity, bitcoin ...
B2C
Customers of the following services can greatly benefit from @webboot
- online banking
- e-commerce
- cryptocurrency exchange
- cryptocurrency wallet
- governance platforms for DAO users
- non-secure messaging platforms
Privacy Features
The data @webboot collects NEVER includes ip addresses, or other identifying data.
No user accounts
No login to @webboot servers is possible or necessary.
Public data
We only collect what we need, which means that all data @webboot saves is also public by default.
Debug logs
Debugging data is logged for a maximum of 7 days.
Data haven
@webboot does not, under any circumstances, share information about it's users with any third parties.
For further information, please visit our privacy policy
Conclusion
By adding an independent source of truth for addressible data, @webboot can be used in almost any kind of trust based data exchange.
This allows a lot of existing technology to easily be adapted to implement it, often without changing the application itself.
@webboot is the backbone for the creation of a suite of unique applications, allowing the secure exchange of data between individuals, based on public-private key cryptography best practices.