Code signing is here to stay as all organizations that plan to distribute code or other data over the Internet risk corruption and tampering. In the Internet of Things, where installations can vary from just a few devices to millions of devices, controls are needed to make sure that the connected devices remain secure, that only valid software or firmware updates are received, and that only authorized software can execute on the device.
Electronic signatures, i.e. code signing, provide a solution for identifying and securing the origin and the integrity of code, firmware, distribution packages, etc. It can assure that originals, new versions or updates in production are secure and that they haven’t been modified or tampered with during transmission or on the device. In short, code signing provides a way for devices and people to verify that applications, firmware and software are from a trusted source.
Where are you today? How is code signing implemented in your organization?
1. I have a manual or semi manual process for acquiring code signing certificates from a trusted provider, and I sign files with client-based tools from, for example, Microsoft. The code signing key is stored in a file or used from a USB token on the build machine.
2. I have multiple code signing installations that have been built to best fit the needs of the receptive products/business units. Code signing keys are stored in files. Some business units use hardware security modules (HSM), but many do not. We now have compliance requirements that code signing needs to be done in a secure, auditable way.
3. We do not use code signing at all. Our firmware is only installed in the factory, or by technicians during service. There is no automatic or over-the-air firmware update capabilities.
4. We have a central code signing solution, which is managed by a security team. The solution uses an HSM and is audited for compliance with international government and industry standards.
Regardless of your answers above, we recommend you think a second time about 1) what the implications would be for you, your customers, and your customers’ customers, if malicious code was distributed instead of your own and 2) how you could simplify and efficiently use code signing in your organization, and how that would save precious time and resources.
We have met many companies who are in the same situation. They have been using code signing for a while and their implementations have evolved over time. In many cases, manual processes have moved to semi-manual, and home-grown solutions have been built to support the automated test and build processes. This leads to situations wherein companies are managing a myriad of distributed code signing installations, different tools from different vendors, and different processes and procedures, resulting in limited traceability and mixed levels of security and control. On top of this, the build processes are advancing and becoming completely automated, making it harder to keep up with the different code signing tools. In the end, continuous control and traceability of who signed what with what key has become impossible. If you’re struggling with your code signing, you are not alone.
You need to be compliant with industry best practices which require secure update mechanisms and hardware security modules. Customers are starting to demand more security controls from your side.
As a software supplier, what do you need to do? In general, there are a few steps we recommend for a secure and efficient solution.
- You need to continue to protect your code’s integrity and your reputation. It is unfortunately often very easy to imagine what harmful code could achieve even in devices many believe to be “safe” from threats.
- You need to make sure you have a solution that streamlines your code signing independently of the number of products, the number of developers, or the number of geographical sites you have. You don’t want your security solution to stand in the way of expansion and growth.
- For code signing to be truly effective, you need to have a solution that easily integrates into your development process and that your developers actually use. Without it you risk an end result without control and true alignment with your security policy.
To learn more about code signing and how it can benefit your organization, view our webinar "Trust and Responsibility Throughout your Software Distribution Chain”. We’ll discuss existing code signing processes and how a central code signing solution using HSMs can achieve automation, cost-effectiveness and security for all your code signing needs. I also encourage you to read the Juan Asenjo’s blog “Signed, Sealed, Delivered! Code Signing Makes Software Yours”. In it, you’ll discover how to use HSMs as the root of trust for your code signing operations.