Docker this week announced new security enhancements at DockerCon EU in Barcelona, Spain, including hardware signing of container images — an industry first — through a partnership withYubico.
Docker Content Trust offers hardware signing through support for Yubico’s YubiKey.
The YubiKey 4 lets Docker users digitally sign code during initial development and through subsequent updates, ensuring the integrity of Dockerized apps throughout the application pipeline, Yubico said.
The hardware signing capability is available in Docker Experimental and Notary 0.1.
“This is a great set of announcements that moves the state of Docker forward,” said Al Hilwa, a research program director atIDC.
Enterprises are moving toward using containers, and, as enterprise adoption takes hold, security “becomes the most pressing area for the container ecosystem to handle,” he told LinuxInsider.
This set of technologies targets “the various spots in the developer life cycle where issues have been raised about container security,” Hilwa continued. One example is root access for the Docker Daemon process, “which now has isolated access from the user processes.”
Docker’s making “a concerted effort to deal with the multiple aspects of Docker security to bring the state of containers closer to that of virtual machines in terms of security,” he said.
What YubiKey Brings to the Table
Docker “approached us a few months ago wanting to use code signing with user verification touch,” said Yubico CEO Stina Ehrensvard. “This is about code signing.”
The partnership creates a digital encrypted signature so that only authorized entities can make changes to files, and any unauthorized changes made indicate the file can’t be trusted, said Rob Enderle, principal analyst at the Enderle Group.
Failing to secure code can be costly. Back in 2012, Adobe had to revoke a code-signing certificate for all code signed after July 10 of that year and had to issue updates signed using a new digital certificate for all affected products: Adobe Muse, Adobe Story AIR, and Acrobat.com desktop services running on Windows and Mac.
YubiKey users digitally sign code using a private root key stored on the device, which can then be used to create other cryptographic keys to sign code and verify its integrity.
“We recommend all our users have a backup YubiKey,” Ehrensvard told LinuxInsider. “I have four YubiKeys — one for my keychain, two for my two laptops, and one in my drawer at home so I won’t be locked out.”
Warm Bodies Needed
User verification touch requires that a live human being use the YubiKey.
“When you touch the device, it doesn’t just verify the code, it validates that a human body’s behind the computer,” Ehrensvard explained. “Sustainable attacks come from remote attackers, not someone taking your key or entering your password.”
Yubico built a touch sensor into the YubiKey and, as long as a human is touching it, the key will work.
The YubiKey 4 includes several security technologies, and it might include near field communication next year, Ehrensvard indicated.
How the Partnership Boosts Security
“It’s incredibly difficult to fake a key,” Enderle told LinuxInsider.
In the event of the original key holder being taken out of action through accident, injury, leaving the company or any other situation, the code only can be accessed by others who have their own unique keys, thus ensuring accountability can be traced back to the key holder who made any changes, he said.
The weakness of the key approach is that it moves the attack to the key holder, and attempts may be made to gain control of the key, Enderle said.
“If a key holder’s tricked into sharing a key and this isn’t identified, code written may not be checked, and a hack’s even more likely to remain unidentified,” he cautioned.
Key holders who lose their keys have to get new keys authorized and have authorization for the lost key removed, Enderle pointed out. Anything done using the lost key would have to be rechecked because it would no longer be trusted.