Swissbit is now an official partner of Northern.tech, the company behind Mender, the open-source over-the-air (OTA) update software platform for IoT devices. With its iShield HSM hardware security module, Swissbit offers a security component that ensures the authenticity and integrity of OTA firmware and software updates in terms of a zero-trust network architecture. Users can realise Mender’s recommended level of security with iShield HSM, where private keys and the certificate of the respective IoT device are not stored on the device itself. Instead, the information needed for identification and authentication is cryptographically encrypted in the Secure Element of iShield HSM. To certify the suitability and compatibility of iShield HSM as a hardware security anchor for Mender OTA updates, iShield HSM has received the “Works with Mender” label. Mender is a product of Northern.tech, the leading provider of device lifecycle management, and is firmly established in the embedded and IoT device markets.
“The security of IoT devices – both legacy and new – is paramount to ensuring our connected world remains safe,” stated Trond Hermansen, Head of Mender Partnerships at Northern.tech. “Integrating additional security measures like iShield HSM allows Swissbit and Northern.tech to offer a best-of-breed solution to securely manage IoT devices.”
OTA software updates have become essential for IoT environments, which are also being enforced by standards such as IEC 62443. They simplify the management and maintenance of systems and significantly contribute to ensuring the performance and security of IoT devices throughout the entire product lifecycle. Vulnerabilities can be closed by regular updates so that IoT devices are protected against future threats. It is, therefore, even more important to ensure the integrity of the software update itself and to prevent unauthorised or older software versions from being applied, for example.
This is where iShield HSM from Swissbit comes in. Once a root of trust has been established with the hardware security module, Mender ensures a chain of trust by providing software update signing and increased security through encrypting the new software both in hibernation mode and during transfer. Thanks to a standard USB interface, iShield HSM can be optimally used as a retrofit and upgrade solution to bring older IoT devices, such as gateways or controllers, up to today’s security requirements.
“We are very excited about the strategic partnership with Northern.tech. As an established and recognised solution within the IoT developer community, Mender provides easy access and seamless implementation of the OTA technology, enabling companies to enhance the security, reliability, and performance of their IoT devices,” commented Claus Gründel, General Manager Embedded IoT Solutions at Swissbit. “Our hardware security module, iShield HSM, aligns perfectly with this approach as it offers the highest level of security for OTA updates and offers easy plug-and-play integration. Through our collaboration, we emphasise our shared commitment to providing the best possible protection for IoT devices.”
Versatile security anchor
iShield HSM is based on an industrial-grade USB memory stick produced by Swissbit in its own factory in Berlin, with a compact and robust metal housing. The module supports the PKCS#11 and PKCS#15 cryptography standards and is compatible with the OpenSC open-source software stack. The secure element used (CC EAL6+) is embedded in the hardware using chip-on-board technology. iShield HSM is qualified for AWS IoT Greengrass but can also be used as a security anchor in other IoT environments if required.