Starting in 2006, Windows has mandated that all software running at the kernel level must have a digital signature. This is due to the ever-increasing threat of malware invading computers. Digital signatures allow customers to know where their software came from. Allowing peace of mind knowing that the software is from a reputable source. Knowing this, manufacturers are turning towards secure cryptographic keys and digital certificates to uniquely identify them as the manufacturer.
However, often keys are stored unsecurely and are at risk of a breach. The leading cause of breach of company’s cryptographic keys is caused by the keys being left in a vulnerable state, some of these states are:
- Keys stored on servers in the clear with only password protection (key loggers and other tools can be used to defeat the password);
- Keys stored in a manner where they can be misplaced or lost;
- Encrypted keys and related information stored on servers that when compromised can lead to decrypting the key;
- Use of private keys in server/software crypto operations that expose the unencrypted keys during these operations;
These vulnerabilities, when exploited can lead to a loss of said keys and unscrupulous people can then parade themselves around pretending to be your company often to release code that:
- Turns customers devices into bots for large scale DDos attacks
- Collects important user data (passwords, credit card information, etc)
- Corrupts, or interfere with customers computers, affection functionality.
These and other attacks can have a significant detrimental effect on code developers and their customers, tarnishing brand reputation and impacting the bottom line.
Cryptographic key best practices dictate that a “clear text” private key should never be exposed; and if transferred, it must be encrypted. This means that key creation, storage, and use should take place in a secure environment, and use should be restricted to authorized personnel, or a quorum of authorized personnel.
These best practices can be achieved by introducing a highly secure and reliable Hardware Security Module (HSM), like the Engage BlackVault HSM into the key management process. An HSM is a specialized hardware device where keys are generated, stored, and used in a secure cryptographic boundary.
Unlike traditional HSMs, the BlackVault HSM incorporates a touch screen color display for ease of use and provides an integrated smart card reader, and secure Ethernet / USB ports. It’s also much more effective than software only solutions due to physical and logical barriers to attack, including deleting keys if tamper is detected. The BlackVault HSM, unlike USB and smart card tokens, provides multi-factor and Quorum authentication and supports network attached environments. It’s long battery life also allows for easy transport and offline storage in a secure room or safe.
The BlackVault HSM performs all cryptographic operations inside of a silicon-based FIPS Level 3 tamper reactive boundary, and private keys are never exposed. In addition, if there is an environmental, electrical, or physical breach; the cryptographic keys will be deleted (“zeroized”). Prior to back up, private keys are encrypted and the cryptographic material can be distributed across multiple smart cards for additional security.
The BlackVault HSM key generation and code signing capabilities are augmented with a powerful cryptographic engine that generates all the RSA and Elliptical Curve key types and sizes required for code signing. Along with that, the BlackVault HSM can also generate AES keys, as well as a variety of hash algorithms (SHA2, SHA1, MD5/MD2, etc.). Hardware generated entropy ensures truly random numbers are used in cryptographic operations.
The BlackVault HSM can also prevent code from being signed without approval from designated members of the DevOps team (QA, development, product management, etc.). Using the Quorum feature, each signatory is assigned a smart card and PIN. The code can’t be released (signed) until all required signatories are authenticated by inserting their smart card into the BlackVault HSM and entering their corresponding pin (multi-factor authentication).
The signing functionality of the BlackVault HSM not only allows for the signing of whole executables, but also is capable of signing hashes of any file type. Allowing multiple teams using different development environments, a singular solution for signing.
Using the BlackVault to digitally sign drivers ensures:
- Private signing keys are secured with best practices FIPS Level 3 certified technology;
- Crypto operations with the Private Key are performed in a FIPS Level 3 silicon cryptographic boundary;
- Code signing and other sensitive operations require “M of N” quorum approval;
- Keys can be securely backed up on a flash drive, or a BlackVault clone;
- The risk of key theft or loss is removed;
- HSM authentication can’t be compromised from intermediary software or devices due to the BlackVault’s integrated multi-factor single trust path authentication.