Email	Print Reprint
	add to:
	Del.icio.us Digg Google Furl	Slashdot Y! MyWeb Blink

With us today is Richard Moulds, a vice president for security firm nCipher.

DDJ: Richard, why is code signing and the time stamping of code important? What is its value?

RM: Code signing identifies the publisher of signed software and verifies that the code has not been tampered with. This gives users the ability to make an informed decision on whether or not to download or run code and therefore provides a powerful mechanism to control the spread of malicious code and reinforce the brand value of legitimate software developers and vendors.

Code signing relies on digital certificates and public key cryptography to securely demonstrate the authenticity and integrity of the code. Digital certificates have finite life and verifying the code's authenticity past the certificate expiry date requires the use of time stamping.

Digitally signing code and time stamping the certificate ensures users can verify the code's authenticity long after the signature's expiration date.

DDJ: At the heart of security systems are cryptographic keys. Why are they so critical?

RM: Critical to the security of every crypto system is maintaining and managing the secrecy of the keys associated with that system. If that key is compromised, the security systems that depend upon that key will collapse. The level of protection applied to generating, storing, distribution and management of keys directly translates to the trust and therefore confidence that can be derived from a digital signature or timestamp.

Increasingly, organizations are looking to adopt a strategic approach to encryption and key management. This drives organizations to look for key management solutions that can span across infrastructure components from email and database applications to digital certificates used in the instance of code signing.

DDJ: Can security really be implemented at the software-only level, or does hardware security buy you extra peace of mind?

RM: Cryptographic keys are not safe when they are stored in software. As long random numbers, they stand out prominently in a scan of the host memory space. Once the key has been identified, stealing it is a relatively simple matter.

For this reason, cryptographic keys must be stored in dedicated hardware, where they are locked away from prying eyes in a tamper proof environment -- effectively a "lock-box" within the server host itself or accessible over a network connection. For banking, e-commerce and governmental operations, hardware protection of cryptographic server keys through the use of Hardware Security Modules (HSM) is already standard practice. Other examples of hardware based cryptographic systems that are geared toward different environments include smart cards for portable applications and trusted platform modules (TPM) in desktop and laptop machines.

DDJ: How is code signing typically performed today?

RM: Software publishers utilize digital certificates to assure users of the software's origin and to verify that the software has not been tampered with since its publication. Microsoft's approach to code signing is embodied in its Authenticode Protocol and associated developer tools coupled with certificate issuance infrastructure of trusted third parties. Authenticode allows developers to include information about themselves and their code using signing tools that are part of the Windows SDK. The use of Authenticode and the trust model underpinning it relies on digital certificates certified by a trusted certificate authority (CA), which in turn relies on the protection and use of private keys to sign and time-stamp the published software. The protection of private keys is essential in securing the code signing process. If the secrecy of these keys were to be compromised, they could be used to fraudulently sign software that can potentially contain malicious code and yet can then masquerade as the legitimate application.

DDJ: What is the value of having a HSM and hardware time stamp server?

RM: Protecting keys within hardware security modules provides physical and logical barriers to attack that do not exist with a software-only security solution. Authenticode code signing keys are bound to a digital certificate that identifies the publisher. Timestamping is an essential component of the Authenticode code signing process. It establishes that the code signing took place at a specific point in time, specifically during the period for which the signing certificate was valid, thus extending the validity of the code past its certificate expiration date. However, such a timestamp will only have value if it can be tied to a recognized and trusted source of time and if the time values are protected from manipulation when in transit from the time authority or when applied to the signed code.

DDJ: Do enterprise developers need to be aware of Authenticode? Is it just for commercially available software?

RM: All software developers that wish to publish their software for the Windows platform must be aware of Authenticode if they expect users to be able to trust the authenticity of their software. Otherwise end users will not be able to determine whether the code is authentic software or runs the risk of containing malware. In turn, publishers need to protect their signing credentials to prevent any abuse of their brand by hackers and rogue developers.

DDJ: Is there a web site that readers can go to for more information on these topics?

RM: One place to start is with whiteppaer nCipher and Microsoft have jointly wrote entitled Deploying Authenticode with Cryptographic Hardware Security for Secure Software Publishing.

RELATED ARTICLES Extending Enterprise Value with Web 2.0 Probe Could Aid Quantum Computing Real Users Really Matter Building Line-of-Business Apps with Silverlight 2 "Autonomous" Helicopters Teach Themselves to Fly		TOP 5 ARTICLES No Top Articles.