Autodesk Design Review 2010 Snake Oil Alert

From a new features overview of Autodesk Design Review 2010 comes the following snake oil claim:

Digital Signatures
To help secure your data, you can now digitally sign DWFx files.

As I’ve explained before, digital signatures do not provide data security; they simply authenticate the person that applied the signature. Digital signatures are a welcome feature with many potential uses, but data security is not one of them.

Design File Locking and Snake Oil Security

The increased sharing of electronic CAD data (ala BIM) holds a lot of promise, but it also exposes companies and individuals to additional liability and risk. This additional risk is coming into focus more and more as actual cases of costly legal battles confront engineers and architects.

The June 2008 AUGI wishlist results contain “Design File Locking” as the top wish by a substantial margin, and Shaan Hurley lists it as number 3 in the AU 2008 AutoCAD wish list. Clearly, interest in file and IP security has been growing steadily.

As demand for IP security grows, there are sure to be snake oil security vendors trying to cash in on it. I received a spam email a few days ago from SafeNet, Inc. promising “a cost-effective and easy to integrate solution that provides reliable and effective security through the use of digital signatures.” Whenever I see such statements with a long string of buzzwords, my snake oil alarm goes on alert. Digital signatures are for authentication and establishing trust — they cannot and do not provide “reliable and effective security”, although I suppose they could be used by a system that does.

In the last year or two, a number of companies have claimed to market software that “secures” AutoCAD DWG files. When I see such a claim, it invariably refers to software that creates an anonymous unequally scaled MINSERT entity. These can be created or “exploded” with a few lines of AutoLISP code. Frequently these companies claim to “encrypt” the drawing, which may sound sexy, but is an outright lie. If this is a level of “security” that meets your needs, at least use one of the many free versions posted throughout the internet (DETER.VLX from DotSoft is one I know of).

There are solutions, but they always require changes in the workflow process that involve difficult tradeoffs and careful evaluation of what is technically feasible and practical versus the costs of implementing the changes. There is no such thing as installing a single piece of software to instantly solve the problem. If you are looking for ways to protect intellectual property in your drawing files, don’t be fooled by snake oil security vendors.

Disclaimer: One of my hats is the president of CADLock, Inc., makers of CADVault for AutoCAD.

Digital Signatures: Practical Guidelines

We use digital signatures every time we visit a secure web site. Visiting a secure web site involves an authentication process that includes verifying the identity of the server by ensuring that its digital certificate, or “server certificate”, is signed by a trusted certificate authority. This verification process might involve verifying an entire chain of certificates from the actual server certificate up through one or more intermediate certificate authorities and ending with a trusted root certificate authority. This all takes place quickly and automatically before the web page is displayed in your web browser because the web browser includes built in logic to do this work without any user interaction. More importantly, the web browser warns us when the server certificate is expired or invalid.

The biggest obstacle when using digital certificates in a CAD environment today is not creating them, but easily and automatically verifying them at the receiving end. Even in a completely digital distribution system where everybody works from the CAD model, the various software tools we use to view and work with the model do not handle digital signature verification automatically in a standardized way. As long as downstream consumers of CAD data cannot easily and automatically ensure the trustworthiness of digital data, they will continue to rely on handwritten signatures on paper.

A second obstacle to the use of digital signatures is the difficulty in accepting that digitally signed data is only trustworthy while it remains in digital format, and therefore the digital file is the “record” document. There is substantial social inertia that must be overcome before a digital document can gain the same amount of trust as a paper document. Engineers and architects must deal with the specter of previously hidden meta data in their CAD models becoming part of their signed document, thereby exposing them to new liabilities that don’t exist with paper drawings. Construction supervisors must learn to refer to the CAD model instead of relying on hardcopy blueprints when resolving disputes or establishing responsibility for errors. Here I think it should be noted that the use of a digitally signed model does not preclude the creation of hardcopy blueprints. Those can be created and “wet stamped” separately at the same time the CAD model is signed digitally; or they can be created in the field for reference without any signature at all.

AutoCAD has supported digital signatures for several years, but using the built in functionality is limited to only individual DWG files, lacks support for co-signing (more than one person signing), and forces the signed document to remain in the proprietary DWG format or lose its signature. These problems can be worked around by using third party tools, but doing so requires recipients to use the same tools.

Over the past few years, many government plan review bodies have amended laws and administrative rules to accommodate digital signatures as part of the plan review process. Without standardization, however, organizations still struggle to effect the necessary changes in their workflow. A lack of uniformity in terminology from one set of regulations to another adds to the confusion. If you are involved in amending or creating rules or regulations that enable the use of digital signatures, you should use generic and well defined terms of art in the regulations, but supplement these with practical guidelines that mention specific technologies, software tools, and file formats that will meet the legal requirements and that you are capable of working with.

If you are an architect, engineer, or CAD manager working to implement digital signatures into your firm’s workflow, there are some concrete steps you can take to make the task easier. Start by segregating your distribution network into “digital-only” and “hardcopy” classes of downstream users. Begin the transition with the digital-only part of the network (perhaps only the plan reviewing authority, for example). Next, decide which file format to use for your digital “documents”. Rather than signing CAD files, many companies start by signing 2D output files such as PDF, DWFx, or XPS. These files are essentially digital versions of the hardcopy documents, so they are more familiar to a wider audience and avoid some of the liability issues of exposing formerly hidden metadata that lives within the CAD model files.

You’ll need to obtain a digital ID and establish internal policies for storing and accessing the digital ID so that only the owner of the digital ID ever has access to the private key. Windows includes a built in certificate manager that you can use to view and manage your digital IDs. To start the certificate manager, run the certmgr.msc management console by entering its name in the Start -> Run command window. Your digital certificate will be installed in your personal certificates folder along with a link to the private key stored in the Windows secure key repository. Make a backup of the digital ID by exporting it to a password protected PFX file. Once a backup is made, the private key should be marked as not exportable to further secure it.

If you want to create digitally signed AutoCAD DWG files, you can use the digital signature feature of AutoCAD to sign a drawing file either while saving it or after it is saved. You should also consider subscribing to a commercial time service (see What time is it?) to ensure that your signatures are accompanied by a reliable time stamp in case your digital ID becomes compromised at some point in the future. Third party tools like CADVault for AutoCAD even make it possible for different people to sign different parts of the CAD model, but such advanced functionality is not needed in most cases.

If you use different CAD software that does not support digital signatures natively, or if you choose to sign only the secondary files produced by exporting your CAD model to a different format, then you will need to use either tools specific to that format or third party tools that work with files of any format. Adobe Acrobat (PDF) and Microsoft’s free XPS Viewer both provide integrated digital signature tools that use the same digital IDs that you would use in AutoCAD, Internet Explorer, or Outlook/Windows Mail, and both applications are easy for recipients to obtain and use.

Another popular tool for managing digital IDs and signing files is an open source tool called GnuPG. GnuPG utilizes encryption and key storage standards called OpenPGP. OpenPGP is not compatible with the X.509 standard used by Windows and many other encryption tools, however it is an attractive alternative when cost or closed source tools are a prohibitive barrier. There are many other digital signature resources available on the internet for those wanting more information, or needing specialized tools.

Unfortunately, no matter what software tools or file formats you use, today’s CAD software and document viewers still do not provide the user experience that web browsers do when it comes to digital signatures. These problems can be overcome by end users, but ultimately they need to be addressed by the makers of the software tools we use. Software for handling digital data will need better user interfaces that allow users to easily specify which digital signatures should be trusted for which purposes, and provide requisite warnings when a document should not be trusted. I am confident that these improvements will come in the future, especially as more companies begin to use digital signatures in their workflow and demand for better digital signature support rises.

If you already use digital signatures with your CAD related documents, I would like to hear about it. Please leave a comment about your experiences, whether good or bad!