3 min read

Achieving Software Integrity Through Centralized Code Signing

Achieving Software Integrity Through Centralized Code Signing

The phrase “…Software is eating the world.” was famously used by Marc Andreessen in a WSJ article in 2011.  No one could argue that software has successfully eaten the world today.

In just about every aspect of our lives (private as well as professional), software solutions are replacing the “old way” of doing things. Software applications are everywhere and always accessible via the ubiquitous availability of devices (“things”) and internet connectivity.

One interesting aspect of software is its intangibility – the fact that allows software to be updated, changed, and distributed rapidly and easily. With the push (or the tap) of a button, you can make new software, i.e. new functionality, available to all the users in your ecosystem, the endpoints if you wish.


Commercializing software

Obviously, you as an organization want to monetize your customer using your legit software and services. Also, you want to restrict usage to only those who are currently paying customers. In some use cases, it might even be restricted to certain hardware devices with validated firmware (i.e. software that runs embedded in devices, directly on the microcontroller).

This environment of opposing requirements brings with it some interesting challenges:

  1. Once a subscriber buys into your services by starting to use them, you want to guide their journey and make it as pleasant an experience for them as you possibly can.

  2. Upgrading the services (i.e. using new features) must be easy and elegant, without disrupting the user experience too much.

  3. The system needs to be designed in such a way that only legit updates of the software are allowed to run within your ecosystem.

  4. You need to have security measures in place to protect your software services’ revenue stream from adversaries outside as well as within your own organization.

Now, depending on how well your organization executes points 1. and 2. above, it will eventually get you to market quickly, allow you to build a solid user base, and the more convenient you design your products and services, the more success you will likely have. Points 3. and 4. will make it much harder, as they will likely hinder usability and convenience. Eventually even add overhead to your design cycles, production runs, testing, and eventually, your live systems.


Protecting your business

Yet, there are some critical events that can negatively impact your business, one needs to consider.

Ask yourself this: What will the impact be on my customers if they can’t easily update or subscribe to the next level of service?

What if they find a way to upgrade and circumvent established billing mechanisms? Can they use counterfeit software or devices to access and use your service?

How hard is it for a rogue internal actor to undermine the system and what will impact the revenue stream?

The reputation you worked so hard on establishing, how well is it protected in case of a nefarious attempt to steal your IP?

Some of the mentioned challenges pertaining to software can be addressed by establishing secure software deployment mechanisms for code signing, using best practices of information security design principles. Typically, in designing information security systems, you look at three different areas: Confidentiality, Integrity and Availability (aka as the C-I-A triad).

  • Confidentiality is best addressed by encryption, basically rendering data unusable except for the intended recipient.
  • Integrity can be achieved by applying digital signatures and hashes, the actual signing of the code.
  • Availability needs to make sure that information is available to act upon when required.


Code signing for software integrity

As you can tell, code signing is one element of an overall information security strategy that can help address integrity in highly distributed systems.

It all starts with an element called root-of-trust, where your crypto keys required for code signing are kept. Industry best practice is to use a purposely designed hardware device (Hardware Security Module, or HSM) and manage those keys securely within the trusted environment of your organization. By further deriving keys from this root of trust and distributing those to different business units within your organization, you can create a chain of trust that acts as the basis for your code signing strategy.

A resilient information security architecture, however, requires more than merely the right product in place. Often a misconception happens: “I have installed product XYZ to take care of my information security and now my entire system is secure.” Well, unfortunately, it ain’t that simple – besides choosing an adequate product, one also must take care of establishing (and enforcing) a strong set of policies and the education and training of the people interacting with the systems.

By selecting a powerful code signing tool, educating your teams and carefully designing policies with guiding principles of who can sign and authorize certain software release packages, you can now build a quite resilient overall software distribution system.

Thus, the fact that the world has been eaten by software can actually become an enabler for your business rather than a limiting factor. Strike the right balance between usability and security in distributing your software and firmware updates to stay ahead of the game.


Solution brief - CSG Code Signing