main

Amender for Mender

Posted

The notorious IOT-oriented open access software just got a physical upgrade. A Zero Trust Architecture as a declared policy regarding software and hardware alike. Already labelled with a “Works with Mender” staple, this splendid Cybersecurity-centered solution acts as an anchor for Mender OTA’s updates processes. As wireless, over the air, software updates become ever more essential for IoT systems’ optimal performance and security over the product’s entire lifecycle- you can bet you’ll need a boost in the physical aspect of things. With great power, comes great responsibility.

Defender, for the connected. The iShield HSM memory hardware security module, designed and made by memory refiner SWISSBIT, has received the “Works with Mender” label. This is due to a blossoming partnership between Northern.tech, the minds behind the open source Over-The-Air (OTA) updates software service Mender for Internet of Things (IoT) devices and appliances, and the former. With this “best of both worlds” combo, i.e.  of software and hardware security-centered solutions, the authenticity and integrity of the standard IoT device’s OTA firmware and software updates are at the peak of their respected fields. Furthermore, as Zero-Trust Architecture (ZTA) acts as a leading virtue of the solution’s integration process- the identification and authentication processes are cryptographically encrypted within the solution itself.

As IoT security is more essential than before, this deployable and highly reliable memory solution is perfectly suited for the job of protecting your everyday IoT hardware use. Hardened and approved by rigorous standardization, such as IEC 62443, OTA software updates had simplified the management and maintenance of systems and significantly contributed to ensuring the performance and security of IoT devices throughout the entire product’s lifecycle. Thus, protecting the integrity of this vital process is key in order to prevent unauthorized or harmful performance.

This vital role falls to the hardened hardware by SWISSBIT. The iShield HSM solution protects and serves the software update chain. Basically it is all built on trust. Once a root of trust has been established with the hardware security module, Mender ensures a chain of trust by providing software update signing and increased security through encrypting the new software both in hibernation mode and during transfer.

General manager IoT solutions at SWISSBIT, Claus Gründel, addressed the powerful security combo: “As an established and recognized solution within the IoT developer community, Mender provides easy access and seamless implementation of the OTA technology, enabling companies to enhance the security, reliability, and performance of their IoT devices”, and further elaborated that “Our hardware security module, iShield HSM, aligns perfectly with this approach as it offers the highest level of security for OTA updates and offers easy plug-and-play integration. Through our collaboration, we emphasize our shared commitment to providing the best possible protection for IoT devices”.

The USB interface of this super solution is nothing out of the ordinary, as it has been based on your “typical” Swissbit industrial-grade USB memory stick but that’s part of it’s charm. iShield HSM can be optimally used as a retrofit and upgrade solution to bring older IoT devices, such as gateways or controllers, up to speed regarding contemporary security requirements as it provides plug-and-play operability. Packed with a compact and robust metal housing, The secure element within (CC EAL6+) is embedded in the hardware using chip-on-board technology. Not to mention that this module supports the PKCS#11 and PKCS#15 cryptography standards and is compatible with the OpenSC open-source software stack.

Head of Mender Partnerships at Northern.tech, Trond Hermansen, remarked that “Integrating additional security measures like iShield HSM allows Swissbit and Northern.tech to offer a best-of-breed solution to securely manage IoT devices.”

Want to feel protected?