Embedded Security Software Architecture

Open Source for IoT Cybersecurity

BGN-ESSA makes it easy for you to implement cybersecurity for your IoT devices. When used in conjunction with BGN Secure Automation Tool (BGN-SAT) it will allow you to implement critical IoT security features in days, not months. Our goal is to remove barriers of limited resources and time to adding cybersecurity to IoT. 

It is available under a GNU Public License version 2, and the BGN- ESSA open source code is available in this GitHub repository.


Download Our Embedded Security Software Architecture Users Guide


Key Features

  • Extend the hardware root of trust so only trusted code will boot and run
  • Encrypt application code and data to protect sensitive information
  • Integrate a software update manager so vulnerabilities can be fixed in the field
  • Reduce development time by integrating security related files into Yocto builds
  • Provide a secure foundation to build additional security controls
  • Combine with BGN-SAT to generate compatible signed and encrypted files
BGN-ESSA Architecture Stack

Code Signing, Encryption, OTA

BGN-ESSA can be used stand-alone or compliments the BGN-SAT to encrypt and sign your Linux root filesystem. It also integrates open-source secure Over-The-Air (OTA) update application software from Mender.io. Mender.io provides highly secure, robust, and easy-to-use OTA update capabilities. Engineers can quickly improve their application’s security functions, enhance productivity with simple integration, and take advantage of cybersecurity industry best practices.

Built on the tenets of BG Networks’ security philosophy, the BGN-ESSA ensures your design is highly secure, processor resource-efficient, easy to implement, and accessible to updates for the lifecycle of your products. In addition, the combination of BGN-SAT and BGN-ESSA provides elements of all six security capabilities of NIST’s IoT Device Cybersecurity Core Baseline.

Technical Specifications

The BGN-ESSA is Linux based and when used in conjunction with the BGN-SAT will support:

  • Hardware root of trust extended to the Linux rootfs and software application layer.
  • Configuration of Linux Device Mapper (DM) cryptographic functions. 
  • Use of AES-XTS and HMAC-SHA256 cryptographic algorithms.
  • Over-the-Air (OTA) software update support based on Mender which include:
    • Client-server authentication using RSA signatures & JSON Web Tokens (JWT)
    • Software updates sent over an encrypted channel (HTTPS)
    • Software updates authenticated using RSA signatures

Latest Insight

We’d Love For You to Try Our Tools

Request a Free Download and Demo of Our Security Automation Tools