Following a successful public demonstration at the 88th Internet Engineering Task Force (IETF) meeting November 2013, ISC’s Open Home Gateway Forum team has submitted its code for package signing and validation to the OpenWrt project. ISC is now disbanding the Open Home Gateway Forum since this code has been completed.
Comcast and ISC created the Open Home Gateway Forum (OHGF) to address problems in managing large numbers of home gateway devices. The Open Home Gateway Forum (OHGF) team created and demonstrated enhancements to OpenWrt that enabled a robust process for remote configuration and software upgrade. This could allow an ISP to securely update home gateway devices, and might be leveraged more broadly by OpenWrt to provide automatic software updates. This is important since so much customer premise equipment never receives a software update, creating significant future security vulnerabilities. This new feature can mitigate the risk of software never being updated, which has recently been in the news in an article by Bruce Schneier and in a malware attack affecting Internet devices.
The remote configuration and update process uses cryptographic signatures and checksum verification to ensure the integrity of the update source as well as the validity of the software downloaded. These extra security measures protect the home gateway from downloading or installing software delivered by or tampered with by any unauthorized party.
As the largest cable Internet Provider in North America, Comcast has a vested interest in solving this problem. One way they have chosen to address it by funding the development of a transparent open source solution.
OpenWrt is a highly extensible GNU/Linux distribution that runs on over 80 different manufacturer’s embedded systems. OpenWrt is an open source project, meaning that the source code is freely available, and they welcome contributions from contributors anywhere in the world. Many of the millions of home gateways connected to the Internet run software based on OpenWrt. Improvements made in OpenWrt can have a wide-ranging impact.
“We are part of a community working together to address a global Internet problem,” stated Gregers Petersen, OpenWrt Relationship Manager. “We welcome the support of, and collaboration with, ISC and Comcast. The open source model is once again proving to be the best way to tackle the really tough technical problems that affect us all.”
“OpenWrt is a vibrant open source project and their software is used by many of our Xfinity Internet customers as well as countless other Internet users,” said Jason Livingood, Vice President of Internet & Communications Engineering at Comcast. “We are happy that ISC was able to develop a unique way of secure remote configuration and update, since regular and automatic software updates are a critical part of ensuring the ongoing security of Internet-connected consumer devices.”
After working with the OHGF team, OpenWrt is continuing to add support for detecting and recovering from interrupted installs and is working on a way to safely do home gateway kernel upgrades. For more information about OpenWrt, or to contribute or download the software distribution, see http://www.openwrt.org.