how to secure access to a update server for .NET Compact Framework 2.0 application

Question

I'm about to create the update system for .NET CF application. It is going to be a manual update system, customer will be able to "check for available updates" and install them. There will be one global update server for about 500-5000 devices. The application will be distributed as a zip compressed folder. The client application will download and unpack this file and override the current folder. There will be no installer for the newly updated application.

I'm thinking about the SSL plus user/password authentication. I've also considered SSL client authentication, but it is not supported in .NET CF version 2.0 which I'm using. The goal I want to achieve is to secure the binaries of my application. The application is distributed along with the device. Without the hardware intervention there is no way to copy the application from the device. Only my application should be able to download the update. I think that the credentials should be hard-codded in the application and should be the same for all customers. The SSL should prevent the sniffing of the transmission and copy the application's binaries.

Any better solutions?

Answer 1

To secure the transmission of the application binary itself, SSL will do the job and prevent sniffing network traffic to obtain the binary.

Using the same credentials for every user is problematic, though. As is often proven in network gear, if there is a master password it will be quickly discovered. It seems like you could use unique UID/password combinations and then disallow ones that get published. Having a single password necessitates replacing all device passwords when the single one is compromised.