2018-11-08 Signed, Sealed, Delivered! Code Signing Makes Software Yours Guest blog by Thales eSecurity In “Signed, Sealed, Delivered,” Stevie Wonder sings “You’ve got the future in your hand — signed, sealed, delivered, I’m yours.” That is not much different from what happens with software and firmware code signing today. Whether it is a software upgrade for a program, a mobile application, or firmware for a device, code is signed, sealed, and delivered, and you are left with the future in your hands! Code signing is increasingly common and critically important. It ensures provenance, authenticity, and integrity. However, because it happens in the background – frequently automatically in the middle of the night — you likely don’t even know when it occurs. The process is analogous to a tamper seal on our medications. We certainly would not take our medicine if the seal on the bottle was broken. So why would we allow our applications and devices to install a software update, if we cannot verify the update’s provenance, authenticity, and integrity? In this blog, and in one by my PrimeKey cohort Malin Ridelius, we explore the need for trust throughout the software distribution chain. In the following, I focus on how to ensure that software and firmware updates do not become conduits for attacks, as updates become commonplace, and discuss the cryptographic mechanisms that need to be in place to protect underpinning signing keys. Read Malin’s blog “Avoid Managing a Myriad of Code Signing Solutions” to get the complete picture of this important topic. Why Is Code Signing Important? Today, more software and firmware is updated more often to support an exponentially increasing set of applications and devices that make up the growing Internet of Things (IoT) ecosystem. Gartner projects over 20.8 billion devices will be connected to the Internet by 20201, and “IoT-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations observed at least one IoT-based attack in the past three years.” And, “By 2021, regulatory compliance will become the prime influencer for IoT security uptake.”2 Counterfeit code is also on the rise. For example, according to ZDNet, “Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims.”3 And the SSL Store’s Blog tells us that Chinese hackers used a legitimate company’s compromised digital certificate to sign its driver.4 So in this context, code signing is critical to keep your IoT and the data it generates safe. 1https://esa.un.org/unpd/wpp/Publications/Files/WPP2017_DataBooklet.pdf 2https://www.gartner.com/newsroom/id/3869181 3https://www.zdnet.com/article/hackers-are-selling-legitimate-code-signing-certificates-to-evade-malware-detection/ 4https://www.thesslstore.com/blog/chinese-malware-compromised-digital-certificate/ Public Key Infrastructure (PKI) PKIs include hardware, software, policies, procedures, and processes that provide a mechanism to securely manage digital identities, including the identity of software. PKIs employ asymmetric cryptography, a key pair, to sign and validate the authenticity and integrity of code. PKIs hold the private keys used for signing, and issue the associated certificates and public key needed to validate the code. PKIs provide the framework to manage the issuance of identities used to identify and validate software. PKIs are critical to the secure operation of the IoT. According to our 2018 Global PKI Trends Study (issued in tandem with the Ponemon Institute), the IoT is the primary driver for new PKI deployments.5 The private signing keys, however, are the Achilles heel of the solution. If compromised, they can be used to sign what would appear to be legitimate certificates, enabling distribution of counterfeit code, and putting at risk the entire system. Best Practices A root of trust is therefore needed to safeguard signing keys. Hardware security modules or HSMs provide a recognized, proven, and auditable way to secure critical cryptographic signing keys. Enterprises deploy their PKI code signing solutions with HSMs, to protect underpinning signing keys within a dedicated and certified security boundary that is separate from the rest of the IT environment. The use of HSMs is considered a best practice in PKI management6, and it is often required to meet government and industry regulatory requirements. The Way Forward PKI solutions offered by Thales technology partner PrimeKey provide the technology needed to protect the code signing processesand secure software distribution. Thales HSM-enhanced security offerings strengthen these deployments and provide added operational, security, and compliance benefits. The future is in your hands. When it comes to software and firmware, make sure it is signed and sealed, before taking delivery and making it yours! To learn more about code signing solutions and the importance of a root of trust, visit Thales and PrimeKey, and click here to sign up for our joint webcast “Trust and Responsibility Throughout your Software Distribution Chain.” Be sure to read Malin’s post! And if you need to reach me, you can find me on Twitter @asenjoJuan. 5https://www.thalesesecurity.com/2018/pki-trends-study 6https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices Sign up for the webinar here Author: Juan C. Asenjo Juan is the Senior Solutions and Partner Marketing Manager at Thales eSecurity.