Analysis of Implementations to Secure Git for Use as an Encrypted Distributed Version Control System

Shirey, Russell; Hopkinson, Kenneth M.; Stewart, Kyle E.; Hodson, Douglas D.; Borghetti, Brett J.

doi:10.1109/hicss.2015.625

Cited by 10 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In practice, the relevance of cryptographic hash functions is evident on a technical level, e.g. for securing commits in version control systems [25], the verifiable replication of data in blockchains [13], and on the level of information where research repositories such as Zenodo [26] use SHA-2 values together with further metadata for realizing the FAIR principles of findability, accessibility, interoperability, and reusability [5].…”

Section: A Data Integritymentioning

confidence: 99%

Decentralized Attestation and Distribution of Information Using Blockchains and Multi-Protocol Storage

Härer

Fill²

2022

IEEE Access

View full text Add to dashboard Cite

The distribution of information through web protocols is today based on the client-server model. Recently, decentralized protocols with greater availability appear as well as blockchain-based attestation methods, allowing for proving the existence of information. In combination, these methods promise a secure, decentralized and long-term storage. However, there exist two major problems: (1) the scalability of blockchains limits their storage capacity and ( 2) various (de)centralized web protocols are in use and could alleviate this problem, but they do not support blockchain-based attestations. In this paper, we extend an approach for blockchain-based attestation with compatibility for multi-protocol storage. Instead of specific protocols or blockchains, the extended approach aims to contribute novel concepts to the discussion on blockchain scalability. It augments the capabilities of existing protocols for applications such as certification or timestamping of digital artifacts. With the use of decentralized protocols such as IPFS, further availability and inherent resilience properties are gained, allowing for applications such as open research repositories and digital registries. We discuss the architecture of the extended approach, a possible implementation in a smart contract on the Ethereum blockchain with IPFS and Git, and evaluate the time and cost of attestations.

show abstract

Section: A Data Integritymentioning

confidence: 99%

Decentralized Attestation and Distribution of Information Using Blockchains and Multi-Protocol Storage

Härer

Fill²

2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…There have been proposals to protect sensitive data from hostile servers by incorporating secrecy into both centralized and distributed version control systems [1,50]. Shirey et al [53] analyzes the performance trade-offs of two open source Git encryption implementations. Secrecy from the server might be desirable in certain scenarios, but it is orthogonal to our goals in this work.…”

Section: Related Workmentioning

confidence: 99%

le-git-imate

Afzali

Torres-Arias

Curtmola

et al. 2018

Proceedings of the 2018 on Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Web-based Git hosting services such as GitHub and GitLab are popular choices to manage and interact with Git repositories. However, they lack an important security feature -the ability to sign Git commits. Users instruct the server to perform repository operations on their behalf and have to trust that the server will execute their requests faithfully. Such trust may be unwarranted though because a malicious or a compromised server may execute the requested actions in an incorrect manner, leading to a different state of the repository than what the user intended.In this paper, we show a range of high-impact attacks that can be executed stealthily when developers use the web UI of a Git hosting service to perform common actions such as editing files or merging branches. We then propose le-git-imate, a defense against these attacks which provides security guarantees comparable and compatible with Git's standard commit signing mechanism. We implement le-git-imate as a Chrome browser extension. le-git-imate does not require changes on the server side and can thus be used immediately. It also preserves current workflows used in Github/GitLab and does not require the user to leave the browser, and it allows anyone to verify that the server's actions faithfully follow the user's requested actions. Moreover, experimental evaluation using the browser extension shows that le-git-imate has comparable performance with Git's standard commit signature mechanism. With our solution in place, users can take advantage of GitHub/GitLab's web-based features without sacrificing security, thus paving the way towards verifiable web-based Git repositories.

show abstract

“…Git-crypt 6 is another project which enables transparent encryption and decryption of files i a git repository. In [84] Git-crypt and Git-encrypt are thoroughly analysed in comparison with the default Git implementation. The authors conclude positively in regards to the expected functionality from a version control system, and also with respect to the privacy protection.…”

Section: Solutionsmentioning

confidence: 99%

“…As a matter of fact, the management of metadata in version control system can imply some security risk, even if one uses solutions as Git-crypt or Git-encrypt [86]. In addition, key exchange is not an easy process and it is still an issue to be solved in coherence with usability criteria [84].…”

Section: Limitationsmentioning

confidence: 99%

Combining Usability and Privacy Protection in Free-Access Public Cloud Storage Servers: Review of the Main Threats and Challenges

Sanchez-Gomez,

Diaz,

Arroyo

2016

Preprint

View full text Add to dashboard Cite

The 21st century belongs to the world of computing, specially as a result of the so-called cloud computing. This technology enables ubiquitous information management and thus people can access all their data from any place and at any time. In this landscape, the emergence of cloud storage has had an important role in the last five years. Nowadays, several free-access public cloud storage services make it possible for users to have a free backup of their assets and to manage and share them, representing a low-cost opportunity for Small and Medium Companies (SME). However, the adoption of cloud storage involves data outsourcing, so a user does not have the guarantee about the way her data will be processed and protected. Therefore, it seems necessary to endow public cloud storage with a set of means to protect users' confidentiality and privacy, to assess data integrity and to guarantee a proper backup of information assets. Along this paper we discuss the main challenges to achieve such a goal, underlining the set of functionalities already implemented in the most popular public cloud storage services.

show abstract

Analysis of Implementations to Secure Git for Use as an Encrypted Distributed Version Control System

Cited by 10 publications

References 5 publications

Decentralized Attestation and Distribution of Information Using Blockchains and Multi-Protocol Storage

Decentralized Attestation and Distribution of Information Using Blockchains and Multi-Protocol Storage

le-git-imate

Combining Usability and Privacy Protection in Free-Access Public Cloud Storage Servers: Review of the Main Threats and Challenges

Contact Info

Product

Resources

About