Embedded Security Software Architecture
Open Source for IoT Cybersecurity
BG Networks’ Embedded Security Software Architecture (BGN-ESSA) is a collection of Yocto Linux scripts, recipes, and configurations that enhance cybersecurity for IoT devices, extend a hardware root of trust and integrate an OTA software update manager.
BGN-ESSA makes it easy for you to implement cybersecurity for your IoT devices. When used in conjunction with BGN Secure Automation Tool (BGN-SAT) it will allow you to implement critical IoT security features in days, not months. Our goal is to remove barriers of limited resources and time to adding cybersecurity to IoT.
It is available under a GNU Public License version 2, and the BGN- ESSA open source code is available in this GitHub repository.
- Extend the hardware root of trust so only trusted code will boot and run
- Encrypt application code and data to protect sensitive information
- Integrate a software update manager so vulnerabilities can be fixed in the field
- Reduce development time by integrating security related files into Yocto builds
- Provide a secure foundation to build additional security controls
- Combine with BGN-SAT to generate compatible signed and encrypted files
Code Signing, Encryption, OTA
BGN-ESSA can be used stand-alone or compliments the BGN-SAT to encrypt and sign your Linux root filesystem. It also integrates open-source secure Over-The-Air (OTA) update application software from Mender.io. Mender.io provides highly secure, robust, and easy-to-use OTA update capabilities. Engineers can quickly improve their application’s security functions, enhance productivity with simple integration, and take advantage of cybersecurity industry best practices.
Built on the tenets of BG Networks’ security philosophy, the BGN-ESSA ensures your design is highly secure, processor resource-efficient, easy to implement, and accessible to updates for the lifecycle of your products. In addition, the combination of BGN-SAT and BGN-ESSA provides elements of all six security capabilities of NIST’s IoT Device Cybersecurity Core Baseline.
The BGN-ESSA is Linux based and when used in conjunction with the BGN-SAT will support:
- Hardware root of trust extended to the Linux rootfs and software application layer.
- Configuration of Linux Device Mapper (DM) cryptographic functions.
- Use of AES-XTS and HMAC-SHA256 cryptographic algorithms.
- Over-the-Air (OTA) software update support based on Mender which include:
- Client-server authentication using RSA signatures & JSON Web Tokens (JWT)
- Software updates sent over an encrypted channel (HTTPS)
- Software updates authenticated using RSA signatures
- 8 Cybersecurity Steps When Designing an IoT Device: A ChecklistWhat is on your IoT Cybersecurity checklist? This question was posed by the folks at The Device Chronicle which led to a very interesting dialog. Below is a summary of… Read More »8 Cybersecurity Steps When Designing an IoT Device: A Checklist
We’d Love For You to Try Our Tools
Request a Free Download and Demo of Our Security Automation Tools