Achieving Software Integrity Through Centralized Code Signing

by Johannes “Jo” Lintzen on 26. March 2019

The phrase “…Software is eating the world.” was famously used by Marc Andreessen in a WSJ article in 2011. It is now 2019 and one could argue that software has successfully eaten the world.

In just about every aspect of our lives (private as well as professional), software solutions are replacing the “old way” of doing things. Software apps are everywhere and always accessible via the ubiquitous availability of devices (“things”) and internet connectivity.

One interesting aspect of software is its intangibility – the fact that allows software to be updated, changed and distributed rapidly and easily. With the push (or the tap) of a button you can make new software, i.e. new functionality, available to all the users in your ecosystem, the endpoints if you wish.

Commercializing software

Obviously, you as an organization want to monetize on your customer using your legit software and services. Also, you want to restrict usage only to those who are currently paying customers. In some use cases it might even be restricted to certain hardware devices with validated firmware (i.e. software which runs embedded in devices, directly on the micro controller).

This environment of opposing requirements brings with it some interesting challenges:

  1. Once a subscriber buys into your services by starting to use them, you want to guide their journey and make it as pleasant an experience for them as you possibly can.

  2. Upgrading the services (i.e. the use of more software) needs to be simple and elegant, without much disruption for the users.

  3. The system needs to be designed in such a way that only legit updates of the software are allowed to run within your ecosystem.

  4. You need to have mechanisms in place to protect your software services’ revenue stream from adversaries outside as well as within your own organization.

Now, depending on how well your organization executes points 1. and 2. above, it will eventually get you to market quickly, allow you to build a solid user base and the more convenient you design your products and services the more success you will likely have. Point 3. and 4. will make it much harder, as likely they will hinder usability and convenience. Eventually even add an overhead to your design cycles, production runs, testing and eventually your live systems.

Protecting your business

Yet, there are some critical events that can negatively impact your business, one needs to consider.

Ask yourself this: What will the impact be on my customers if they can’t easily update or subscribe to the next level of service?

What if they do find a way to upgrade, circumventing established billing mechanisms? Can they use counterfeit software or devices to access and use your service?

How hard is it for a rogue internal actor to undermine the system and what’s the impact on the revenue stream going to be?

The reputation you worked so hard on establishing, how well is it protected in case of a nefarious attempt of stealing your IP?

Some of the mentioned challenges as they pertain to software can be addressed by establishing secure mechanisms for code signing, using best practices of information security design principles. Typically, in designing information security systems you look at three different areas: Confidentiality, Integrity and Availability (aka as the C-I-A triad).

  • Confidentiality is best addressed by encryption, basically rendering data unusable except for the intended recipient.
  • Integrity can be achieved by applying digital signatures and hashes, the actual signing of the code.
  • Availability needs to make sure that information is available to act upon when required.

Code signing for software integrity

As you can tell, code signing is one element of an overall information security strategy can help address integrity in highly distributed systems.

It all starts with an element called root-of-trust: This is where your crypto keys required for code signing are kept. Industry best practice is to use a purposely designed hardware device (Hardware Security Module, or HSM) and manage those keys securely within the trusted environment of your organization. By further deriving keys from this root of trust and distributing those to different business units within your organization you can create a chain of trust that acts as the basis for your code signing strategy.

A resilient information security architecture however requires more than merely the right product being in place. Often a misconception happens: “I have installed product XYZ to take care of my information security and now my entire system is secure.” Well, unfortunately it ain’t that simple – besides choosing an adequate product one also must take care of establishing (and enforcing) a strong set of policies and the education and training of the people interacting with the systems.

By selecting a powerful code signing tool, educating your teams and carefully designing policies with guiding principles of who can sign and authorize certain software release packages, you can now build a quite resilient overall software distribution system.

Thus, the fact that the world has been eaten by software can indeed become an enabler for your business rather than a limiting factor. Strike the right balance between usability and security in distributing your software and firmware updates to stay ahead of the game.

New Call-to-action

Other Related Articles: # CSG # code signing

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.