We increasingly trust important parts of our business and lives to software-enabled (cyber-physical) systems or services, such as increasingly connected cars, smart energy distribution grids, or electronic payment infrastructures.
The potential for abuse cannot be understated. Criminal groups use malicious software to steal and monitor data, to capture intellectual property, to extort money. Blocking malicious software has to happen at every level – one should not assume that “it won’t get as far as that”. Cryptographically secure “over-the-air” software update procedures are required, as they ensure code arrives at the point of use, intact and unaltered. It is fundamentally important, however, to allow the operating system to know the provenance of its code libraries, and to reject or disable unrecognized software when it is detected. This way assets and information are protected.
The most common technique used to guarantee the provenance of software is known as the digital signature, or more specifically, code signing. Code signing is important, both
In order to prevent compromise, the private key is kept in a well-controlled environment by the software publisher, e.g. in an HSM. For cyber-physical systems, the public key is injected upon initial manufacturing and deployed with the device. When a piece of software is ready for deployment, it is digitally signed with the publisher’s private code signing key and the signature is distributed along with the software. Any receiving party can now verify the integrity and the authenticity of the software, by means of the matching public key and the provided digital signature. Cyber-physical systems – the ‘thing’ in the Internet of Things – should reject any code whereof the digital signature cannot be positively verified.
Code signing is a powerful tool to assure system integrity and to prevent tampering. To be effective, it is critically important that unauthorized parties have no access to the (private) code signing key of a software publisher. A software publishing company must treat this key as restrictively as access to their financial accounts. In case of a suspected leakage of this certificate, it should be immediately revoked and refreshed. Old code can no longer be trusted in and must be re-signed in such case – which in the case of embedded devices may not be practical at all. All of this can have tremendous impact on a company’s reputation and economic situation. Utimaco HSMs are particularly well suited for this purpose as they come with RSA and ECDSA signing capabilities, both out of the box, and for all practical key sizes and curves.
Quantum computers will defeat the security features of code signing, as they will be able to break the asymmetric cryptographic algorithms used today for signing code, i.e. RSA and ECDSA. Especially for long-lived devices which are deployed today or in the near future, and will stay in the field for several years like in-car entertainment systems and onboard units, or IOT devices like smart meters, it is of utmost importance to introduce post-quantum cryptography before the advent of quantum computers, to ensure continuous software authenticity and integrity protection.