OTA updates for IoT devices: Mender adds Swissbit as a key security partner

iShield HSM from Swissbit makes over-the-air (OTA) software updates even more secure, receiving the "Works with Mender" label

by gabi

The iShield HSM hardware security module receives the “Works with Mender” label. – Image source: Swissbit

Swissbit is now an official partner of Northern.tech, the company behind Mender, the open-source over-the-air (OTA) update software platform for IoT devices. With its iShield HSM hardware security module, Swissbit offers a security component that ensures the authenticity and integrity of OTA firmware and software updates in terms of a zero-trust network architecture. Users can realize Mender’s recommended level of security with iShield HSM, where private keys and the certificate of the respective IoT device are not stored on the device itself. Instead, the information needed for identification and authentication is cryptographically encrypted in the Secure Element of iShield HSM. To certify the suitability and compatibility of iShield HSM as a hardware security anchor for Mender OTA updates, iShield HSM has received the “Works with Mender” label. Mender is a product of Northern.tech, the leading provider of device lifecycle management, and is firmly established in the embedded and IoT device markets.

“The security of IoT devices – both legacy and new – is paramount to ensuring our connected world remains safe,” stated Trond Hermansen, Head of Mender Partnerships at Northern.tech. “Integrating additional security measures like iShield HSM allows Swissbit and Northern.tech to offer a best-of-breed solution to securely manage IoT devices.”

Mender is the leading provider of a robust, secure, and customizable end-to-end over-the-air (OTA) software update manager for IoT devices. – Image source: Mender

OTA software updates have become essential for IoT environments, which are also being enforced by standards such as IEC 62443. They simplify the management and maintenance of systems and significantly contribute to ensuring the performance and security of IoT devices throughout the entire product lifecycle. Vulnerabilities can be closed by regular updates so that IoT devices are protected against future threats. It is, therefore, even more important to ensure the integrity of the software update itself and to prevent unauthorized or older software versions from being applied, for example.

„Works with Mender”-Label – Image source: Mender

This is where iShield HSM from Swissbit comes in. Once a root of trust has been established with the hardware security module, Mender ensures a chain of trust by providing software update signing and increased security through encrypting the new software both in hibernation mode and during transfer. Thanks to a standard USB interface, iShield HSM can be optimally used as a retrofit and upgrade solution to bring older IoT devices, such as gateways or controllers, up to today’s security requirements.

“We are very excited about the strategic partnership with Northern.tech. As an established and recognized solution within the IoT developer community, Mender provides easy access and seamless implementation of the OTA technology, enabling companies to enhance the security, reliability, and performance of their IoT devices,” commented Claus Gründel, General Manager Embedded IoT Solutions at Swissbit. “Our hardware security module, iShield HSM, aligns perfectly with this approach as it offers the highest level of security for OTA updates and offers easy plug-and-play integration. Through our collaboration, we emphasize our shared commitment to providing the best possible protection for IoT devices.”

Versatile security anchor

iShield HSM is based on an industrial-grade USB memory stick produced by Swissbit in its own factory in Berlin, with a compact and robust metal housing. The module supports the PKCS#11 and PKCS#15 cryptography standards and is compatible with the OpenSC open-source software stack. The secure element used (CC EAL6+) is embedded in the hardware using chip-on-board technology. iShield HSM is qualified for AWS IoT Greengrass but can also be used as a security anchor in other IoT environments if required.

About Northern.tech

Northern.tech is the leader in device lifecycle management with a mission to secure the world’s connected devices. Established in 2008, Northern.tech showcases a long history of enterprise technology management before IIoT and IoT became buzzwords. Northern.tech is the company behind CFEngine, the pioneer in server configuration management, to automate large-scale IT operations and compliance.

In 2015, Northern.tech released the first version of Mender.io, the market leader in over-the-air (OTA) software update management. Mender offers robust, secure, and customizable OTA software updates for smart devices. Powering OTA software updates for more than a million devices worldwide over nearly a decade, Mender boasts a proven track record with Fortune 1000 clients, including Panasonic, Lyft, Volkswagen, Siemens, Thales, and ZF Group.

Learn more about device lifecycle management for devices.

Swissbit

Related Articles

Leave a Comment