Digital signing process automation and optimization

Digital signing process automation and optimization

Ohjelmiston digitaalinen allekirjoitus on välttämätön osa luotettujen ohjelmistojen julkaisuprosessia. Digitaalinen allekirjoitus nojautuu julkisen avaimen infrastruktuuriin ja sen tehtävänä on varmistaa, että julkaistu ohjelmisto on peräisin autenttisesta lähteestä. Lisäksi sen avulla voidaan varmi...

Full description

Bibliographic Details
Main Author: Hytönen, Heikki
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2020
Subjects:
digital signature
Tietotekniikka
Mathematical Information Technology
602
Linux
Android
tietoturva
kryptografia
salaus
verkkohyökkäykset
signeeraus
ohjelmistotuotanto
kyberturvallisuus
data security
cryptography
encryption
cyber attacks
signing
software engineering
cyber security
Online Access: https://jyx.jyu.fi/handle/123456789/69173
_version_ 1826225707117707264
author Hytönen, Heikki
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Hytönen, Heikki Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Hytönen, Heikki Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Hytönen, Heikki
datasource_str_mv jyx
description Ohjelmiston digitaalinen allekirjoitus on välttämätön osa luotettujen ohjelmistojen julkaisuprosessia. Digitaalinen allekirjoitus nojautuu julkisen avaimen infrastruktuuriin ja sen tehtävänä on varmistaa, että julkaistu ohjelmisto on peräisin autenttisesta lähteestä. Lisäksi sen avulla voidaan varmistua julkaistun ohjelmiston integriteetistä. Sähköisen allekirjoituksen kriittisin osa on julkaisijan yksityiset avaimet, joiden joutuminen vääriin käsiin mahdollistaa vihamielisen tahon esiintymisen luotettavana osapuolena ja haitallisiin tarkoituksiin muutettujen ohjelmistojen levittämisen tätä hyödyntäen. Julkaisijan yksityisten avainten suojeleminen aiheuttaa usein allekirjoitusprosessiin manuaalisesti suoritettavan vaiheen. Tämä saattaa aiheuttaa haasteita muun muassa julkaisuaikatauluun, koska allekirjoitusprosessi joudutaan pitämään erillään jatkuvan integraation piiristä. Lisäksi allekirjoitusprosessi saattaa henkilöityä, jolloin riittävän turvatason omaavan henkilön on oltava käytettävissä julkaisuhetkellä suorittamassa manuaalinen allekirjoitusvaihe. Tässä pro gradu -tutkielmassa suunnitellaan ja kehitetään digitaalisen allekirjoitusprosessin infrastruktuuri ja toimintalogiikka, minkä avulla digitaalisesta allekirjoitusprosessista saadaan mahdollisimman automaattinen liittämällä se osaksi jatkuvaa integraatiota siten, että tietoturvataso säilyy vähintäänkin aiemman manuaalisen ratkaisun tasolla. Tutkielman toimeksiantaja on eräs tietoturva-alaan erikoistunut yritys. Toimeksiannon tavoitteena on nykyisen manuaalisesti suoritettavan digitaalisen allekirjoitusprosessin automatisointi sekä sen optimointi ja dokumentointi. Pääpaino tutkimuksessa ja ratkaisuissa kohdistuu kyseisen yrityksen Android-pohjaisten projektien käyttämiin allekirjoitusprosesseihin. Digital signing of software is mandatory part of trusted software releasing process. Digital signing relies on public key infrastructure and its purpose is to ensure the software release is originated from authentic source and to verify the integrity of the software release. Most critical part of the digital signing process is the publisher's private keys, which in wrong hands enable malicious party to impersonate as a trusted software publisher and make it possible for them to counterfeit and distribute harmful software releases. Strict protection of publisher's private keys usually generates manual step in the signing process and this may lead to challenges for example in the release schedule because the signing process must be kept apart from the continuous integration environment. Manual signing might also lead to personification, which means that the persons having proper security clearance must be available to execute the signing at the time of releasing. The objective of this master’s thesis is to design and provide solutions to implement digital signing process infrastructure and business logic which can be used to automate the signing process by integrating it to the existing continuous integration process in a way that the information security stays at least on the same level as in the current solution. The thesis is an assignment from a company specialized in information security and the target of the assignment is to automate, optimize and document the current manual signing process. Main focus of the study and solutions are targeted to the digital signing process of Android-based projects of the case company.
first_indexed 2024-09-11T08:50:25Z
format Pro gradu
fullrecord [{"key": "dc.contributor.advisor", "value": "Viinikainen, Ari", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Hyt\u00f6nen, Heikki", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2020-05-25T08:10:22Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2020-05-25T08:10:22Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2020", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/69173", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Ohjelmiston digitaalinen allekirjoitus on v\u00e4ltt\u00e4m\u00e4t\u00f6n osa luotettujen ohjelmistojen julkaisuprosessia. Digitaalinen allekirjoitus nojautuu julkisen avaimen infrastruktuuriin ja sen teht\u00e4v\u00e4n\u00e4 on varmistaa, ett\u00e4 julkaistu ohjelmisto on per\u00e4isin autenttisesta l\u00e4hteest\u00e4. Lis\u00e4ksi sen avulla voidaan varmistua julkaistun ohjelmiston integriteetist\u00e4. S\u00e4hk\u00f6isen allekirjoituksen kriittisin osa on julkaisijan yksityiset avaimet, joiden joutuminen v\u00e4\u00e4riin k\u00e4siin mahdollistaa vihamielisen tahon esiintymisen luotettavana osapuolena ja haitallisiin tarkoituksiin muutettujen ohjelmistojen levitt\u00e4misen t\u00e4t\u00e4 hy\u00f6dynt\u00e4en. Julkaisijan yksityisten avainten suojeleminen aiheuttaa usein allekirjoitusprosessiin manuaalisesti suoritettavan vaiheen. T\u00e4m\u00e4 saattaa aiheuttaa haasteita muun muassa julkaisuaikatauluun, koska allekirjoitusprosessi joudutaan pit\u00e4m\u00e4\u00e4n erill\u00e4\u00e4n jatkuvan integraation piirist\u00e4. Lis\u00e4ksi allekirjoitusprosessi saattaa henkil\u00f6ity\u00e4, jolloin riitt\u00e4v\u00e4n turvatason omaavan henkil\u00f6n on oltava k\u00e4ytett\u00e4viss\u00e4 julkaisuhetkell\u00e4 suorittamassa manuaalinen allekirjoitusvaihe.\n\nT\u00e4ss\u00e4 pro gradu -tutkielmassa suunnitellaan ja kehitet\u00e4\u00e4n digitaalisen allekirjoitusprosessin infrastruktuuri ja toimintalogiikka, mink\u00e4 avulla digitaalisesta allekirjoitusprosessista saadaan mahdollisimman automaattinen liitt\u00e4m\u00e4ll\u00e4 se osaksi jatkuvaa integraatiota siten, ett\u00e4 tietoturvataso s\u00e4ilyy v\u00e4hint\u00e4\u00e4nkin aiemman manuaalisen ratkaisun tasolla. Tutkielman toimeksiantaja on er\u00e4s tietoturva-alaan erikoistunut yritys. Toimeksiannon tavoitteena on nykyisen manuaalisesti suoritettavan digitaalisen allekirjoitusprosessin automatisointi sek\u00e4 sen optimointi ja dokumentointi. P\u00e4\u00e4paino tutkimuksessa ja ratkaisuissa kohdistuu kyseisen yrityksen Android-pohjaisten projektien k\u00e4ytt\u00e4miin allekirjoitusprosesseihin.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Digital signing of software is mandatory part of trusted software releasing process. Digital signing relies on public key infrastructure and its purpose is to ensure the software release is originated from authentic source and to verify the integrity of the software release. Most critical part of the digital signing process is the publisher's private keys, which in wrong hands enable malicious party to impersonate as a trusted software publisher and make it possible for them to counterfeit and distribute harmful software releases. Strict protection of publisher's private keys usually generates manual step in the signing process and this may lead to challenges for example in the release schedule because the signing process must be kept apart from the continuous integration environment. Manual signing might also lead to personification, which means that the persons having proper security clearance must be available to execute the signing at the time of releasing.\n\nThe objective of this master\u2019s thesis is to design and provide solutions to implement digital signing process infrastructure and business logic which can be used to automate the signing process by integrating it to the existing continuous integration process in a way that the information security stays at least on the same level as in the current solution. The thesis is an assignment from a company specialized in information security and the target of the assignment is to automate, optimize and document the current manual signing process. Main focus of the study and solutions are targeted to the digital signing process of Android-based projects of the case company.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2020-05-25T08:10:22Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2020-05-25T08:10:22Z (GMT). No. of bitstreams: 0\n Previous issue date: 2020", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "90", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "digital signature", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Digital signing process automation and optimization", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202005253426", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Linux", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Android", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kryptografia", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "salaus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "signeeraus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ohjelmistotuotanto", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Linux", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Android", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cryptography", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "encryption", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber attacks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "signing", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "software engineering", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyv\u00e4skyl\u00e4 University Library (https://kirjasto.jyu.fi/en/workspaces/facilities).", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston arkistoty\u00f6semalta. Ks. https://kirjasto.jyu.fi/fi/tyoskentelytilat/laitteet-ja-tilat..", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_69173
language eng
last_indexed 2025-02-18T10:56:28Z
main_date 2020-01-01T00:00:00Z
main_date_str 2020
publishDate 2020
record_format qdc
source_str_mv jyx
spellingShingle Hytönen, Heikki Digital signing process automation and optimization digital signature Tietotekniikka Mathematical Information Technology 602 Linux Android tietoturva kryptografia salaus verkkohyökkäykset signeeraus ohjelmistotuotanto kyberturvallisuus data security cryptography encryption cyber attacks signing software engineering cyber security
title Digital signing process automation and optimization
title_full Digital signing process automation and optimization
title_fullStr Digital signing process automation and optimization Digital signing process automation and optimization
title_full_unstemmed Digital signing process automation and optimization Digital signing process automation and optimization
title_short Digital signing process automation and optimization
title_sort digital signing process automation and optimization
title_txtP Digital signing process automation and optimization
topic digital signature Tietotekniikka Mathematical Information Technology 602 Linux Android tietoturva kryptografia salaus verkkohyökkäykset signeeraus ohjelmistotuotanto kyberturvallisuus data security cryptography encryption cyber attacks signing software engineering cyber security
topic_facet 602 Android Linux Mathematical Information Technology Tietotekniikka cryptography cyber attacks cyber security data security digital signature encryption kryptografia kyberturvallisuus ohjelmistotuotanto salaus signeeraus signing software engineering tietoturva verkkohyökkäykset
url https://jyx.jyu.fi/handle/123456789/69173 http://www.urn.fi/URN:NBN:fi:jyu-202005253426
work_keys_str_mv AT hytönenheikki digitalsigningprocessautomationandoptimization

Similar Items