OTA updates for IoT devices
Swissbit becomes partner of Mender
Swissbit is now an official partner of Northern.tech, which has developed the open source-based over-the-air (OTA) update software platform Mender for IoT devices.
Mender provides robust, secure and customizable OTA software updates and has delivered OTA software updates to more than one million devices worldwide over nearly a decade. Swissbit's iShield HSM hardware security module provides a security component that ensures the authenticity and integrity of OTA software updates in a zero-trust network architecture. Users can use iShield HSM to realize the level of security recommended by Mender, where private keys and the certificate of the respective IoT device are not stored on the device itself. Instead, the information needed for identification and authentication is cryptographically encrypted in the Secure Element of iShield HSM. The suitability and compatibility of iShield HSM as a hardware security anchor for Mender OTA updates will be signaled by the "Works with Mender" label in the future.
"The security of IoT devices - existing and new - is critical to keeping our connected world safe," commented Trond Hermansen, Head of Mender Partnerships at Northern.tech. "Integrating additional security measures such as iShield HSM enables Swissbit and Northern.tech to offer a best-of-breed solution for the secure management of IoT devices."
OTA software updates are now an essential part of IoT environments, which are also being pushed by standards such as IEC 62443. They not only simplify the management and maintenance of systems, but also play a key role in ensuring the performance and security of IoT devices throughout the product lifecycle. In this way, vulnerabilities can be closed through regular updates. IoT devices are thus also protected against threats in the future. This makes it even more important to ensure the integrity of the software update itself and prevent unauthorized or older software versions from being applied, for example.
This is where iShield HSM from Swissbit comes into play. Once a so-called root of trust has been established with the hardware security module, Mender provides a chain of trust in the next step by signing software updates and increasing security by encrypting the new software both at rest and during transmission. Thanks to standard USB interface, iShield HSM can be optimally used as a retrofit and upgrade system to bring older IoT devices such as gateways or controllers to a modern security level.
"As an established solution recognized in the IoT developer community, Mender enables easy access and seamless implementation of OTA technology that allows companies to improve the security, reliability and performance of their IoT devices," said Claus Gründel, General Manager Embedded IoT Solutions at Swissbit. "Our iShield HSM hardware security module fits perfectly into this approach, offering the highest security for OTA updates and easy plug-and-play integration. Our collaboration underscores our shared commitment to providing the best possible protection for IoT devices."
iShield HSM is based on an industrial-grade USB memory stick produced by Swissbit in its own factory in Berlin, with a compact and robust metal housing. The module supports PKCS#11 and PKCS#15 cryptography standards and is compatible with the open source OpenSC software stack. The secure element used (CC EAL6+) is embedded in the hardware using chip-on-board technology. iShield HSM is qualified for AWS IoT Greengrass, but can also be used as a security anchor in other IoT environments if required.
