The demand for trust in today’s uber-connected digital society is unprecedented. Consumers of software require guaranteed proof that the application they are using is legitimate. Secure code signing validates the author of the software and proves that the code has not been altered or tampered with after it was signed. Trusted code signing certificates are used to verify authenticity, but what is preserving the integrity of those certificates?
Code signing certificates can be sold or used to create signed malware. Developers must take extreme care in protecting private keys mapped to code signing certificates to avoid complications. A streamlined, secure code signing process safeguards your business and provides inherent trust to your software consumers.
Why Securing Code Signing Certificates Matter
For the Enterprise
- Protection from breach. Signing certificates are valuable assets to hackers. Having an organization’s signing certificates allows a hacker to create trusted versions of malware that appear to have been created by the authentic development organization.
- Operating system requirements. Development teams are often required to sign software to support the installation. Operating systems like Windows will warn users if software or drivers are not signed.
- Globally disperse development team operations. Today’s development teams are widely comprised of members located in globally dispersed offices. When a remote team needs to sign developed software, the easy solution is to purchase a trusted signing certificate. Once implemented, the regional development team may leave the code signing certificate on a disparate PC or laptop, introducing risk. Placing the certificate in such location leaves it within easy reach of a hacker or to be forgotten. Both scenarios pose risk of breach or outage.
Why Securing Code Signing Certificates Matter
For the Internet of Things (IoT)
- CAN-bus insecurities. Many large machines such as light- duty vehicles have underlying communication busses that are inherently insecure. Vehicles primarily utilize a bus technology called CAN-bus. This communication bus was developed at a time when there was no notion of securing such communication networks – as such the bus is still unsecure today. Changing the bus in favor of a more secure communication network technology such as TCP/IP base communications is largely recognized by the automotive industry as long overdue. However, the cost to the industry to switch that technology will be in the trillions of dollars.
- Code-Signed Firmware to secure ECUs. Code-signed firmware and software keep malicious code from being loaded onto vehicle electronic control units (ECU) unless the code is cryptographically trusted with a verifiable trust chain. Given the fact that the underlying communication cannot be secured, the automotive industry has turned to utilizing cryptographically signed secure firmware and software (code- signed) to deploy on the vehicle ECUs. The now famous 2014 Jeep Hack changed the firmware on the Jeep’s CAN-bus to take over and remotely control the vehicle in motion.
- There are many examples of industrial systems that are similar to CAN-bus that both use an insecure communications bus system and also want to take advantage of the business opportunities that IoT technologies provide.
- Examples of insecure, well-entrenched bus systems:
- CAN-bus. Automotive, Trucking, Heavy Equipment, Rail, Busses
- BAC-Net. Building, HVAC, Refrigeration, Lighting
- Industrial control and SCADA
- Utility systems and SCADA
- Industrial Control system