Before public-key cryptography can be used for authentication in long-lived Internet of Things (IoT) devices, an important initial setup is performed even before the devices leave the manufacturing facility: a trusted root public key must be embedded in the device. This is just one step in the creation of a hardware root of trust which is the foundation for trusted software operations and is part of the secure boot process.
The root public key is also essential for code signing. Systems rely on the root public key to validate that software/firmware over-the-air updates (SOTA/FOTA) are coming from a trusted source, such as the manufacturer, without modification or tampering by an attacker. Code signing provides your customers with the peace of mind that what the software they're installing is authentic, verified code that will not harm their system.
A root public key embedded today using existing algorithms can be compromised in the future by a quantum computer-enabled adversary. In some cases, updating the root public key must be done manually and onsite which poses the following issues:
Protect against losing control over long-lived IoT devices in the quantum age by integrating quantum-safe signatures into your code signing process today.
Quantum-safe algorithms like Hierarchical Signature Scheme (HSS) and eXtended Merkle Signature Scheme (XMSS), have a small public key size and comparable performance to ECC-based signature schemes. Also, stateful hash-based signature schemes can efficiently run on existing hardware and are well suited for resource-constrained devices.
ISARA (along with our partners) has the technology to future-proof code signing with quantum-safe algorithms today. We've partnered with leading HSM manufacturers to create a space- and speed-optimized implementation of stateful hash-based signatures, available via the ISARA Radiate™ Quantum-safe Toolkit.
The ISARA Radiate Quantum-safe Toolkit includes:
Hardware Security Module (HSM) manufacturers, Code Signing Service Providers, and Chipset Manufacturers can benefit from integrating quantum-safe capabilities today to better serve their forward-looking, security-conscious customers.
Get in touch with us to learn how.