So, first things first, what is Code Signing?
Code signing is a software development process of digitally signing executable code to prove the identity of the software author AND guarantees that the code has not altered or corrupted since it was published. Both these points are extremely important for building trust from your customers and safely distributing your software.
Why is this important for IoT?
As the number of Internet of Things devices and applications continues to grow in 2020, unauthorized software and firmware updates are a major threat vector for IoT cyber-attacks. IoT breaches can have physical consequences that result in loss can also introduce substantial legal liability and erode brand reputation and trust, with immense costs due to certificate recall, breach response, as well as loss of overall revenue.
In short, your software is your product and your product is your brand. If cybercriminals or a rogue employee push out a malicious software update to your customers, they will blame you for failure to protect them rather than the individuals responsible for the malicious update.
With attacks becoming increasingly sophisticated and hard to defend against, they can cost organisations a lot of money each year. According to an Accenture report, the average cost of cybercrime grew by more than $1 million in 2018 to $13 million (about £9.9 million) per organisation. Due to the implications of these costs, people are extremely cautious when it comes to downloading executable files from the internet. It’s worth doing whatever it takes to gain their trust. Online distribution means you can distribute software updates faster. This broadens your potential customer base and there can be considerably savings since there is no software media, packaging or postage costs.
Why should Businesses take action?
Enterprise organizations need a method to trust and verify IoT device updates as these unverified devices are easy entry point for attackers. Any unsigned updates can be tampered in transit, so there is a need to prevent malicious updates being applied to devices.
However, code signing software may no longer be enough to prevent cybercriminals from their work as they now target the theft or misuse of private code signing keys. They use these to either code sign malware or tamper with your software. It’s been reported that over 22M code signing keys have been stolen or forged from legitimate businesses. This should be a concern to ALL software-oriented businesses.
To protect against theft and misuse, companies need to implement a secure code signing process to protect their private code signing keys. Enforcing cryptographic and other certificate policies, limiting access to code signing keys, requiring approvals for each use of private code signing keys, and never allowing a code signing key to leave secured storage, even for a code signing operation, are a few steps that should be taken.
But these crucial security steps can interfere with the develop/build/release/deliver software process, especially in situations where a code signing system isn’t integrated with the development teams’ tools and if it can’t be automated. What’s the result? Development teams bypass security measures, or try to handle it on their own, often incorrectly. This is especially true for IoT.
Today there is a severe lack of integration with existing enterprise systems. Existing code-signing solutions are not integrated with the enterprise IoT workflows and existing IoT code-delivery processes not readily integrated with code-signing workflows. As new IoT Project are created, new solutions are built from scratch for each use-case, which inevitably means expensive bespoke development work.
Here’s an easy and secure way to implement Code Signing
To address the challenges for an effective code signing solution, especially for IoT Enterprise projects, we (Device Authority) have teamed up and integrated with Venafi’s CodeSign Protect solution for the Code signing part and Microsoft (Blob Storage) for the software delivery part, with our KeyScaler platform playing the role of conductor to orchestrate the process.
KeyScaler provides an automated solution to manage the lifecycle of updates that are delivered to a device. Provisioning unique certificates, establishing trust between a device and server, signing code using a pre-configured Certificate Authority with policy-based authorization, and delivering encrypted assets to IoT devices – without requiring any human intervention.
This solution closes the gaps open to exploitation by integrating and using Venafi CodeSign Protect to secure the code signing process throughout the secure update lifecycle.
The Code Signing part can be done in 4 simple steps:
- The Data or Code Owner uploads their unsigned Data to the KeyScaler Platform, which get stored in the Platform database.
- Provided that the Code Signing Policies are all configured in KeyScaler, the unsigned hash of the code is automatically sent to Venafi CodeSign Protect to get Signed
- Venafi CodeSign Protect determines if the request is authorized based on policies that were previously defined for the project. This can include who has access to use the private key, if approvals are needed in order to access the key and if there are restrictions on which computers (build servers, developer’s laptop, etc) can access the key. If authorized, then Venafi CodeSign Protect signs the hash and returns the signed hash back to KeyScaler Platform.
- The Signed software is then automatically uploaded to Azure Blog Storage repository by KeyScaler
For the Secure Update Delivery mechanism KeyScaler has integrated with Microsoft Azure Blog Storage to provide a download link to the devices.
This can be accomplished in 3 simple steps:
- Next time the device checks in to KeyScaler platform, it will Authenticate and check to see if there are any new assets
- The KeyScaler platform will have the new data/code, ‘the asset’ ready to be dispatched, based on policy, to all devices which require the new code/Data it will send this in the form of a URL to the device
- Once the device receives the URL, it will automatically execute on it and fetch the new Venafi ‘Signed’ code/data from Azure Blob storage to be deployed on the device.
Through seamless integration between Venafi CodeSign Protect and Device Authority KeyScaler the solution allows you to secure your code signing and update delivery process for IoT devices and deliver critical requirements for IoT environments:
- Access to secure updates is restricted to authorized devices
- Updates are also specifically encrypted for target devices and are not exposed as unprotected software or firmware downloads
- Secure updates ensure that both the update source and the integrity of the updates themselves are verified, delivering end-to-end protection for device updates
- Policy driven processes deliver scaler through automation
- Native integration rapidly reduces time needed to implement a secure update process for IoT
Want to learn more about Code Signing and Secure Updates for IoT?
Blog by Nirmal Misra, Device Authority and Eddie Glenn, Venafi.