Binary Transparency Overview

Transparency is instrumental in building user trust in the security of our products.

Binary Transparency uses verifiable logs to deliver transparency at scale which improves discoverability and verifiability in the software supply chain. This approach is proven with Certificate Transparency, where over 5 Billion certificates have been verifiably logged since 2013. All modern browsers have required Certificate Transparency for newly-generated TLS certificates since June 2016.

Binary Transparency helps provide discoverability of binaries by storing metadata about them in an append-only verifiable log that is considered to be the source of truth for all published binaries. In this way, all published binaries are provably associated with their corresponding entries in the log.

For Binary Transparency a verifiable log:

  • holds a representation of a binary image if and only if it is published,
  • is append-only, and
  • is the source of truth of authentic binaries.

The design of Binary Transparency is based on the Claimant Model. This enables device owners (believers) to verify that their image is legitimate (claim), as defined by Google (claimant). In this instance, we're using a trust-but-verify strategy: device owners can run a verifier to check that the image they obtained appears in the verifiable log prior to flashing it onto their device.

Verification

Verification is done at 2 levels: consistency of the log and claim verification. You need a witness to verify consistency of the tree, to guarantee that it grows in append-only fashion and nodes have not been modified after they are created. Claim verification ensures that an image is legitimate.

Claim Verification (Inclusion Proof)

To verify the claims made, a verifier needs access to a log server. For example, the verifier will request a proof that the downloaded factory image is present in the log; this is known as an inclusion proof.

Current Transparent Binaries

Terminology

For specific definitions and context of the technical terms around Binary Transparency, see the Glossary.