In Episode VIII of Star Wars – The Last Jedi, the First Order uses a device to track the Resistance across hyperspace to execute a surprise attack. Today in the real world, organizations deploy more and more machines including applications and physical devices to conduct critical business operations. Ensuring one can account for the legitimacy of deployed machines is vital. Illegitimate applications and devices can infiltrate organization and cause severe damage. In this blog, and in an accompanying one by Paul Cleary from our technology partner Venafi, we explore the growing importance of machine credentials to thwart cyber-attacks. Here, I focus on the last line of defense needed to securely produce credentials and sign code. For insight into the hidden threats that forgotten machine identities can pose, check Paul’s blog “Machine Identity Wars, Episode IX – The Rise of Skywalker and Cybersecurity.”
Machine credentialing
While connected machines outnumber users across most enterprise systems, to date the identities of machines have not been protected with the same rigor that user identities have received—even when many of these manage critical systems. The good news is that this is changing. Gartner’s 2020 hype cycle for identity and access management shows increased adoption—placing machine identity management high in the technology trigger category.
It is easy to understand user identities. We are all familiar with usernames, PINs, passwords, and tokens. We use these methods to authenticate ourselves and gain access to applications and systems. Machines are no different. As machines increasingly perform operations autonomously, they also must prove “who” they are before they can connect to other machines. Instead of using the authentication methods we users typically employ, they use cryptographic keys and certificates to establish their machine identities. With the number of connected machines continuing to grow, organizations need to adopt automated life cycle management of machine identities.
APT41 Perfects Code Signing Abuse to Escalate Supply Chain Attacks
Code signing
Keys and credentials identify machines and ensure that only legitimate ones, authorized to perform their intended functions, gain access to other machines and systems. However, there is also a vital component we cannot overlook, and that is firmware and software. Without firmware and software, machines can’t do what they are supposed to do, and code is regularly updated to keep them running smoothly. Code updates are part of the application and device lifecycle, often executed automatically in the background with little or no human intervention. While code updates are meant to be part of a continuing improvement program to enhance performance and address security issues, they are increasingly a vector for attacks. Just as the applications and devices themselves need to be authenticated to ensure their legitimacy before connecting to other applications and devices in a system, code updates must also be authenticated to ensure they come from the right source and are not carrying malicious code that can corrupt and spread throughout the system.
Code signing employs certificate-based digital signatures to enable organizations to verify the identity of firmware and software publishers and certify it has not been tampered with since publication. The technology is analogous to a tamper seal on medication. Just as we would not ingest a drug from an unsealed container, we should never update applications and devices with unverified and possibly altered code. Code signing provides a proven cryptographic process for software publishers and in-house developers to protect end users from cybersecurity dangers. Digital signatures enable end users to verify publisher identities while simultaneously validating that the installation package has not been changed since it was signed. As more software and firmware is regularly updated to support an exponentially increasing number of applications and devices, counterfeit code is on the rise and hackers are using stolen code-signing certificates to bypass security appliances and infect systems. Protecting these certificates is therefore critical.
Last line of defense
As the deployment of applications and devices continues to grow, enterprises seek tools to orchestrate machine identities and to sign the code that runs within them. To protect the underpinning cryptographic keys that secure identity credentials and code signing certificates, a robust root of trust is required. The concept of a root of trust is fundamental, keys stored in software can be susceptible to file and memory scraping. When enterprises orchestrate their SSL/TLS certificates and SSH keys, as well as their code signing, mobile, and IoT certificates, it is critical that these be produced with high entropy random number generators, and that they be given high assurance protection throughout their lifecycle. Separating this function from the rest of the system within strong hardware with dual controls, ensure no single individual or entity can subvert established key use policies. Considered to be a best practice among security professionals, this approach can significantly enhance security.
Hardware security modules or HSMs (HSMs) provide Federal Information Protection Standard (FIPS)-compliant certificates and signing keys with maximum entropy, using random number generation. HSMs are specialized, hardened devices designed especially for the purpose of generating and protecting underpinning cryptographic keys.
Using the force
Just as the Jedi were the last line of defense against the First Order, HSMs establish the foundation for securing increasing numbers of machines conducting critical business. Venafi and nCipher have joined forces to help address machine identity and code signing challenges. Venafi Trust Protection Platform and nCipher nShield HSMs,deployed on-premises or as a service, enable leading machine identity providers like CAs, and machine identity consumers like application delivery controllers, web application firewalls, secrets management applications, and network monitoring and analytics software to securely orchestrate machine identity and code signing processes. To learn more, watch a replay of our webinar “Beware the dark side, use trusted machines and HSMs to support critical business” and follow nCipher Security on Facebook, LinkedIn, and Twitter.
Why Do You Need a Control Plane for Machine Identities?
Related posts