1

I made a project with a Pi as a remote machine and a GUI on a server. They communicate via http-requests, I was wondering what a "good" way would be to provide automated software updates for my Software on the Pi.

So far my plan is to let the Pi know there is an update available on its routine requests(JSON), execute a shell script on the Pi which loads the update from the server, unpacks it on the Pi and changes the paths in the config to the new versions Folder, then restart and voila.

My question is: What do I have to consider security sided. Is there allready a standard procedure for this (Pypi is no option)? Any other suggestions?

Thanks

nyx00
  • 33
  • 8

1 Answers1

1

The basis for online security with this kind of thing is generally public key infrastructure. Most of us are somewhat familiar with this from HTTPS. The key elements are:

  • Encryption: Not so much because the content is top secret, but because the next bit is ineffective without it.
  • Authentication: A means of ensuring that the provider of the update is you and not someone trying to hack the device.

The latter part is done with a certificate based "chain of trust". Certificates use asymmetrical cryptography like SSH does to ensure that a cert used to authenticate an identity cannot be used by anyone but the possessor of a corresponding private key.

At the top of the chain is a certificate authority which signs other certificates used in the chain. If the Pi itself doesn't need to be authenticated -- because you don't care if some interloper asks for an update -- then only your update server needs one. Otherwise they both do.

On the WWW chains of trust are established by a cartel of certificate authorities who will sell you a cert if you have a domain and want to be trusted as a public HTTPS server (and/or mail server, or whatever).1. However, you don't have to do that and can instead generate your own CA certificate and use that as the basis of trust for your own PKI. This is often done with small virtual private networks (VPNs), which is actually what you could use to save yourself having to write software or even use encryption directly, since VPNs provide an encrypted private network over the internet.

Otherwise, the idea is that you provide the CA cert to both sides as a basis of trust. By default SSL/TLS implementations use cert chains installed on the system (e.g., in Raspbian look in /etc/ssl/certs). You can add your to that, not for the system as a whole but for a single piece of software, or you can replace that, such that only your cert chains are trustworthy -- which is what you should do if there is no good reason for the Pi to be trusting encrypted inet servers in general.

So those are the broad strokes. Generating certificates is not that hard, openssl has tools for this as does java (keytool) and GnuTLS (certtool). They all do pretty much the same thing, although there are a number of formats for this and they may not handle them all. You don't say what language you are using, but the place to start would be the SSL/TLS API most commonly used in that context.

  1. There is also a system intended to help secure the web by providing people with free certificates, Let's encrypt, and front ends for it such as Certbot. This may be slightly more work, but it will save you paying for one.
goldilocks
  • 60,325
  • 17
  • 117
  • 234