Software Code Signing
Publish trusted software images and updates for systems and devices using a secure and trusted solution. The KT Secure software code signing service is ideal for manufacturers of embedded chips and Electronic Control Units (ECUs) such as those used in motor vehicles, as well as IoT devices.
The Challenge
Software publishers need a way to ensure that software images and updates provided by them can be validated to prevent malicious hackers impersonating the publisher and distributing malware and illegitimate software, compromising their systems.
The distribution of trusted software is vital for the security of remote devices and systems which rely on regular software updates to ensure that the latest features and security updates are available to users.
Untrusted and unverified software images and updates can adversely affect the integrity of a remote system, compromising its security and potentially its safety and operation. With the majority of updates being distributed over public networks and the Internet, devices need a way of verifying the identity of the sender and the authenticity of the updates.
“We selected KT Secure for their industry-leading expertise in digital signing solutions.”
Procurement Manager, Large Automobile Manufacturer
Our Solutions
KT Secure offers a Secure Code Signing service that enables the software end users or the systems on which the software is installed to verify that software images and updates are from a legitimate source. The solution is intended for companies looking to distribute digitally signed software updates to remote devices or systems, such as TV box sets and IoT devices.
- Secure mechanism for updating software on remote systems and devices.
- Proven solution for automobile ECU software signing updates and software publishing to IoT devices.
- KT Secure manage the end-to-end integration.
- Integrates with Hardware Security Modules (HSMs) on-premise or in the cloud.
- Easy to sign software updates via the KT Secure REST API or SOAP interface. Updates can also be manually uploaded to the KT Secure Portal.
- Digital code signing is language independent – works with any programming language using the compiled Binary files.
- Variety of code signing methods available – including Symmetric and Asymmetric Signing, or certificate-based signing.
- All communication with KT Secure is encrypted and authenticated with client certificates.
A bespoke digital software code signing solution to meet your requirements
Code signing can be based on the exchange of public-private key pairs with your customers (implementing either symmetric or asymmetric signing) or using Certificates. The actual implementation of signing is straightforward with one of two options.
- Option 1: upload your software package to the KT Secure Portal for signing. The KT Secure portal will generate and sign a secure hash value using your cryptographic keys. This hash value can be distributed with the software package allowing its authenticity and security to be assured.
- Option 2: generate a hash value, which can be uploaded to the KT Secure Portal or provided via our REST API. The KT Secure service will validate and return a secure hash, signed with your cryptographic keys, which can be published with the software package to verify its authenticity.
KT Secure works with a number of vendors to manage and implement digital signing, including Hardware Security Modules (HSM). An HSM can be located within your enterprise network or the cloud providing you full control over the protection of your cryptographic keys.
Case Study
KT Secure implemented a bespoke solution to provide ECU software updates “Over the Air” for a leading UK automobile manufacturer. KT Secure integrated a bespoke, hosted package signing solution with on-premise Hardware Security Module (HSM) infrastructure, allowing the manufacturer to leverage the KT Secure signing solution while maintaining ownership of cryptographic keys. In addition, PKI infrastructure designed and implemented by KT Secure was used to embed digital certificates on vehicles and in software update packages, providing a robust mechanism for verifying the authenticity of vehicle software updates to vehicle components such as ECUs. The KT Secure solution gives the automobile manufacturer the assurance they need that the software update process cannot be compromised.
About KT Secure
Founded in 2009 as Knight Trading UK Limited, KT Secure’s mission is to provide proven and productive Cyber Security services backed by a passionate team. The co-founders and key members of the company are industry experts with a combined experience of more than 100 years in the information security domain. An approved supplier to premium automotive manufacturers, global telecoms and financial service providers, KT Secure’s head office is in Marylebone, London.