In Episode VIII of Star Wars – The Last Jedi, the First Order uses a device to track the Resistance across hyperspace to execute a surprise attack. Today in the real world, organizations deploy more and more machines including applications and physical devices to conduct critical business operations. Ensuring one can account for the legitimacy of deployed machines is vital. Illegitimate applications and devices can infiltrate organizations and cause severe damage. In this blog, and in an accompanying one by Paul Cleary from our technology partner Venafi, we explore the growing importance of machine credentials to thwart cyber-attacks. Here, I focus on the last line of defense needed to securely produce credentials and sign code. For insight into the hidden threats that forgotten machine identities can pose, check Paul’s blog “Machine Identity Wars, Episode IX – The Rise of Skywalker.”
While connected machines outnumber users across most enterprise systems, to date the identities of machines have not been protected with the same rigor that user identities have received, even when many manage critical systems. The good news is that this is changing. Gartner’s 2020 Hype Cycle for identity and access management shows increased market expectation for machine identity management.
It is easy to understand user identities. We are all familiar with usernames, PINs, passwords, and tokens. We use these methods to authenticate ourselves and gain access to applications and systems. Machines are no different. As machines increasingly perform operations autonomously, they also must prove “who” they are before they can connect to other machines. Instead of using the authentication methods users typically employ, they use cryptographic keys and certificates to establish their machine identities. With the number of connected machines continuing to grow, organizations need to adopt automated life cycle management of machine identities.
Keys and credentials identify machines and ensure that only legitimate ones, authorized to perform their intended functions, gain access to other machines and systems. However, there are also vital components we cannot overlook, firmware and software. Without firmware and software, machines can’t do what they are supposed to do. Code is regularly updated to keep machines running smoothly. Code updates are part of the application and device lifecycle, often executed automatically in the background with little or no human intervention. While code updates are meant to be part of continuing improvements to enhance performance and address security issues, these updates are increasingly a vector for attacks. Just as the applications and devices themselves need to be authenticated to ensure legitimacy before connecting to other applications and devices in a system, code updates must also be authenticated. Authentication of code updates is necessary to ensure they come from the right source and are not carrying malicious code that can corrupt and spread throughout the system.
Code signing employs certificate-based digital signatures to enable organizations to verify the identity of firmware and software publishers and certify the code has not been tampered with since publication. The technology is analogous to a tamper seal on medication. Just as we would not ingest a drug from an unsealed container, we should never update applications and devices with unverified and possibly altered code. Code signing provides a proven cryptographic process for software publishers and in-house developers to protect end users from cybersecurity dangers. Digital signatures enable end users to verify publisher identities while simultaneously validating that the installation package has not been changed since it was signed. As more software and firmware is regularly updated to support an exponentially increasing number of applications and devices, counterfeit code is on the rise. Hackers are using stolen code-signing certificates to bypass security appliances and infect systems. Protecting these certificates is therefore critical.
Last line of defense
To protect the underpinning cryptographic keys that secure identity credentials and code signing certificates, a robust root of trust is required. As the deployment of applications and devices continues to grow, enterprises seek tools to orchestrate machine identities and to sign the code that runs within applications and devices. The concept of a root of trust is fundamental, keys stored in software can be susceptible to file and memory scraping. When enterprises orchestrate their SSL/TLS certificates and SSH keys, as well as their code signing, mobile, and IoT certificates, it is critical that these be produced with high entropy random number generators, and that they be given high assurance protection throughout their lifecycle. Separating this function from the rest of the system within strong hardware with dual controls, ensures no single individual or entity can subvert established key use policies. Considered to be a best practice among security professionals, this approach significantly enhances security.
Hardware security modules (HSMs) provide Federal Information Protection Standard (FIPS)-compliant certificates and signing keys with maximum entropy, using random number generation. HSMs are specialized, hardened devices designed especially for the purpose of generating and protecting underpinning cryptographic keys.
Using the force
Just as the Jedi were the last line of defense against the First Order, HSMs establish the foundation for securing increasing numbers of machines conducting critical business. Entrust has joined forces with Venafi to help address machine identity and code signing challenges. Read our new solution brief for details. Entrust nShield HSMs, deployed on-premises or as a service, and Venafi Trust Protection Platform enable leading machine identity providers like CAs and machine identity consumers like application delivery controllers, web application firewalls, secrets management applications, and network monitoring and analytics software, to securely orchestrate machine identity and code signing processes.
To learn more, watch our webinar Beware the dark side, use trusted machines and HSMs to support critical business