Hardening the Attack Surface at the Edge
AWS re:Invent. Learn how to improve edge security with hardware security modules
“If you can only improve one aspect of the attack surface in an edge system, then do this…..
NEVER HAVE PRIVATE KEYS IN MAIN MEMORY”
Tim Mattison, Global Tech Lead, IoT Partners, Amazon Web Services
Key Takeaways from Session
- Store keys and credentials in a hardware root of trust
- Secure flash DOES NOT usually protect a system from software exploits since the flash is decrypted for them
- OTA – many homebrew OTA systems out there that aren’t hardened
- Code repo and integration systems – control who commits and has access.
- AWS Greengrass HSI (Hardware Security Integrations) provide a ready to go security solution.
Learn more about Zymbit security modules