The role of code signing in securing the Internet of Things

Opinion by John Grimm

Some IoT devices have no update capability whatsoever so it's important to focus more on software security; developed using best practices, tested for vulnerabilities, and able to ensure the authenticity and integrity of updates.

The burgeoning Internet of Things (IoT), and the proliferation of connected devices that accompanies it, has introduced a wealth of potential new security vulnerabilities.

Just recently, for example, the Food and Drug Administration in the US advised over 465,000 patients fitted with a particular connected pacemaker to visit their doctors for a firmware update to address vulnerabilities that could potentially lead to the device being exploited by hackers.

Elsewhere, an essentially unpatchable design flaw affecting the controller access network of most modern cars has been identified as a vulnerability that could allow attackers to remotely disable a vehicle's safety features, such as its ABS brakes, power steering and air bags.

The rise and rise of the IoT

From consumers using wearable devices to families buying state-of-the-art connected appliances, and from offices employing smart lighting and HVAC systems to cities installing connected waste disposal solutions, the IoT will reach all areas of society. Analysts predict that spending on the IoT will reach nearly $1.4 trillion (£1,038 billion) by 2021. With this level of investment, and with such a wide-ranging effect on everyone's personal and business lives, security should be a key priority for any business involved in the IoT supply chain.

Unfortunately, it isn't always possible to update the software on IoT devices, add features or address security vulnerabilities as they're discovered. And even when it is, many devices don't offer a secure means of ensuring the authenticity or integrity of software updates, a process during which hackers are able to introduce malware.

Code signing, however, long considered an essential part of good software hygiene, makes it possible to prove the origin and integrity of executable software. A file's creator will use a private signing key to create a digital signature of a hash of that file. By obtaining the associated public key and digital certificate, the software's user is then able to validate that the signature was created as claimed, and that the file hasn't been modified since.

Code signing represents an intelligent method of protecting businesses, their partners and the users of their products from the dangers posed by unauthorised software.

The importance of signing keys

Whenever a data security breach hits the headlines, mention will often be made of encryption keys,

Signing keys can be equally as important, however, although they may not always be as tightly controlled as encryption keys. In some instances, they may be the responsibility of software developers who may not be especially well versed in secure key management practices.

One way of addressing this is by using certified hardware modules (HSMs) to protect signing keys, and to ensure that workflows including the appropriate approvals are incorporated into the overall software release process. Code signing, using well-protected signing keys, is one of the best available defences against the introduction of malware and so will be increasingly important in the development and manufacture of IoT devices.

A lynchpin in secure software delivery

The practice of using code signing as part of a secure software update is well established in enterprise security, but some IoT devices have no update capability whatsoever, much less a secure process. What's more, consumer devices in particular, with impressive features and low prices, are often shipped with default passwords that users are unable to change, potentially opening the door to unwanted administrative logins from remote attackers.

To counter such issues, it's important to focus more on software security; to be certain that it's developed using best practices, tested for vulnerabilities, and that there is a mechanism in place to ensure the authenticity and integrity of any future updates.

The protection of private signing keys is a crucial part of this, given their position as a lynchpin in the secure software delivery process. Employing an HSM, as mentioned above, and putting proper access controls and approvals in place, will not only protect the user of a device, but also the company responsible for its creation. Without this protection in place, a private signing key could be stolen and a perfectly legitimate signature, capable of passing all verification processes, could be placed over an illegitimate malware payload, leading to very unintended consequences.

Hyper-connectivity is transforming the way in which people live, work and play, and staying a step ahead of the cyber-criminals will never be without its challenges. Recently discovered vulnerabilities, such as those found in pacemakers and cars, are just the tip of the iceberg with regard to potential IoT security risks.

With the IoT set to grow at such a rapid rate, now is the time to put basic safety and security measures in place, to ensure connected devices are used as intended, rather than as playthings for criminals. Only by doing so can we continue the advancement of the IoT and truly enjoy its benefits.

Contributed by John Grimm, senior director of IoT security strategy, Thales eSecurity

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event