D-Link Story Demonstrates Another Case for Enhancing the Protecting of Private Keys
This month’s news on D-Link’s code signing private keys being publicly published highlights just how important it is to ensure safeguards are in place for protecting private keys.
D-Link, a Taiwanese networking company, known for making wireless routers, network switches, and home security cameras accidentally published one of its code signing private keys in a firmware download and it was discovered by a user of Tweakers, a Dutch news outlet.
Fox IT , a security company told Threatpost “The mistake was probably made by whoever packed the source code for publishing. The Code Signing Certificate was only present in one of the outsource code packages with a specific versions” The version above and below the specific package did not contain the folder in which the code signing certificates resided. A simple mistake of folder exclusion as far as I could see”
Security Risk of Keys Being Unprotected
This isn’t the first time someone has accidentally leaked their private keys or poorly protected their keys and had them stolen. When a Code Signing Certificate’s private key is not properly protected an attacker can use it to fraudulently sign an application containing malicious code and viruses, thus appearing to be from a trustworthy source because it’s signed using a legitimate (stolen) certificate.
Many software developers are not sufficiently protecting the environments where they store their Code Signing Certificates and private keys, most simply reside locally on a developer’s machine and do not have proper safeguards in place to protect the keys on the local machine.
Steps to Protecting your Private Keys
The securest method to keeping private keys secure is to store them on a securely-stored cryptographic hardware device such as a
Hardware Security Module (HSM)
These types of devices are less vulnerable to compromise and include multi-factor authentication requiring additional authentication (i.e., pin code), should the device become lost or stolen.
Moving Certificates to a Secure Hardware Device
Most CAs including GlobalSign offer the ability to install standard Code Signing Certificates on various types of Hardware. Additionally, software developers can purchase Extended Validation (EV) Code Signing Certificates which are issued by default on secure cryptographic USB tokens provided directly by the CA, hence providing enhanced security by default.
Storing a Code Signing Certificate on a cryptographic token makes it much harder for a malicious party to copy or steal the private signing key and use it to distribute malicious software under the identity of the actual certificate holder.
Security Benefits of EV Code Signing Certificates
Certificate is stored on cryptographic USB token (FIPS 140-2 Level 2 compliant)
Token requires multi-factor authentication via password protection. Furthermore, you can set the number of failed password attempts before the token automatically locks and deletes the content
Key generation occurs within the token and cannot be exportable
EV Code Signing Certificates are a great option for any software developer looking to enhance the security of their code and may not have the need to utilize a dedicated Hardware Security Module (HSM). There are various other benefits of EV Code Signing Certificates which include immediate reputation from Microsoft SmartScreen program and enhanced validation requirements.