Bosch Building Technologies

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 

    Is the BVMS software installation file reliable and secure (Safe SW delivery)?

    Rate this article:
    100% helpful (1/1)

    Question

     

    Is the BVMS software installation file reliable and secure (Safe software delivery)?

     

    Answer

     

    Software delivery


    Bosch software is distributed via the Bosch website, but can also be re-distributed by Bosch partners. It is important for the system-installer to check if the installation file he or she has received, matches exactly with the output of the engineering process. There are several risks that, in the distribution path, changes are made to the installation file.
    Keyloggers or other spyware could be added to the installation, or in theory video surveillance footage could be routed to external resources.

     

    1 Risks


    The digital distribution path of the software installation file looks as follows:


    1. Installation (zip) file is generated as output of the engineering process.

    • The sources are fully protected and there no to little risk of modifications of the installation file in this phase.

    2. Installation file is uploaded to the Bosch Security Systems website.

    • The installation file is distributed within Bosch Security Systems without external exposure. There is no to little risk of modification of the installation file in this phase.

    3. The installation file is downloaded from the Bosch Security Systems website to a "distributor".

    • The installation file is distributed over the internet. Due to the point-to-point connection there is little to medium risk of modification of the installation file in this phase.

    4. The installation file is distributed from the distributor to the system-installer.

    • The installation file is temporarily stored. Depending on the accessibility of the this temporary storage there is a medium (internal) to high (public) risk of modification of the installation file in this phase.

    5. The installation file is downloaded from the Bosch Security Systems website to a system-installer.

    • The installation file is distributed over the internet. Due to the point-to-point connection there is little to medium risk of modification of the installation file in this phase.

    Central_Support_0-1637850955596.png

     

    2 Solution


    Downloading the installation file from the website directly does not guarantee the software is delivered as it has been generated by the engineering team. This section explains what concepts are used to check the installation file.

     

    2.1 Checksum and Hashes


    Based on a hash, or checksum, the integrity of information can be verified.
    A hash algorithm is used to generate a fixed length key which relates directly to a unique word, or in this case, an installation file. Hashing is a one way function, there is no way to go back from the hashed value to the original value.

     

    Central_Support_1-1637850999949.png

    As a result, every time the word "Fox" is inserted into the hash function, the output will be exactly the same (DFCD3454).
    Using the installation file as an example, the same concept is applied: when the file is processed, a hash value is calculated. When the file is modified, the calculated hash value will also change. When the original (stored) hash value
    and the calculated, current, hash value, are compared, they will not match. This will mean the original installation file is modified.

     

    3 Verifying the download


    This section describes how to verify if the installation file matches the expected output. The 7ZIP, open source, file compression utility includes the functionality to check the integrity of a file.

    Open the software installation zip, which can be downloaded from the Bosch Security Systems website, in 7ZIP. Click "File", "CRC", "*".

    Central_Support_2-1637851045034.png

    The results can be compared with the checksum displayed on the Bosch download store, and relates to the "SHA1 checksum for data".

    Is the BVMS software installation file reliable and secure (Safe SW delivery).png

     

    3.1 BVMS 7.5


    As an example: the result for the BVMS 7.5 installation file (Software_Setup_7.5.0.432_all_28203530379.zip) is displayed below.

    ---------------------------
    7-Zip
    ---------------------------
    Folders: 36

    Files: 201
    Size: 2903784133 bytes (2769 MB)
    CRC32 checksum for data: 43CB44A5
    CRC32 checksum for data and names: 827EAA3F
    CRC64 checksum for data: 248DED357F75E492
    CRC64 checksum for data and names: 9CA3603E1BD6A7E9
    SHA256 checksum for data: 660C90899D1078D86CD5C52ED9D8777DAB2923D998CA3E389F94B03E5C82787B
    SHA256 checksum for data and names: FE59F07FCF2318A9E390633C98308E2608FE6B5103DE55C752B56FB08C2AA737
    SHA1 checksum for data: E35D7879667B0675C0DEDFBCC607261B2438D20A
    SHA1 checksum for data and names: 83F6022D2B576340E7E11B6BFEE5D5A2AB085BB8
    BLAKE2sp checksum for data: 5BF1499C2C0DA25253928C16BC643AC6DA978C03D1D8BE79042BF7FE4E41AB0D
    BLAKE2sp checksum for data and names: 0E6D7C02601E3F9F7B329EBC2413D6AEB9C040835BABAB1804C0C4FFFEC65B64
    ---------------------------
    OK
    ---------------------------

    Version history
    Revision #:
    3 of 3
    Last update:
    a week ago
    Updated by:
     
    Labels (6)
    Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist