Yubico Announces YubiHSM 2 Integration with AWS IoT Greengrass; Delivering Hardware-based Private Key and Secrets Storage
December 2018 by Marc Jacob
Yubico announced that the YubiHSM 2 (hardware security module) is qualified for Amazon Web Services (AWS) Internet of Things (IoT) Greengrass Hardware Security Integration. AWS IoT Greengrass introduced a new feature that will utilize a small subset of the YubiHSM 2 PKCS#11 library, allowing the YubiHSM 2 to perform the crypto operations for AWS IoT Greengrass to use secure hardware to store private keys. AWS IoT Greengrass allows users to securely and locally run compute, messaging, data caching, sync, and machine learning inference capabilities for connected devices.
The YubiHSM 2 delivers some of the highest levels of security for cryptographic digital key generation, storage, and management, supporting an extensive range of enterprise environments and applications, in a cost effective and minimalistic form factor. The new YubiHSM 2 integration with AWS IoT Greengrass introduces hardware root of trust private key storage, adding to the existing AWS IoT Greengrass security model at the edge that includes the use of certificate-based authentication and encryption of data both in rest and in transit.
YubiHSM 2 hardware integration was designed to increase security for AWS IoT Greengrass customers by allowing for hardware-secured and end-to-end encrypted messages to be sent between the AWS IoT Greengrass Core and the cloud, or other AWS IoT Greengrass local devices using the AWS IoT Device SDK. The AWS IoT Greengrass Core software can also use the YubiHSM 2’s hardware-secured private key for the encryption of secrets stored from the cloud-based AWS Secrets Manager.
The YubiHSM 2 defies a conventional design approach to an HSM with Yubico’s signature traits of simplicity and affordability. The ultra-slim nano form factor YubiHSM 2 device is affordable at $650, offering advanced capabilities and benefits at a price within reach for all organizations.
To begin using this new security feature, AWS IoT Greengrass customers can see information about the Yubico YubiHSM 2 through the AWS Partner Device Catalog. Customers will have the option to configure their AWS IoT Greengrass Core to use the private key generated on the YubiHSM secure element to integrate with the AWS IoT Greengrass software utilizing the PKCS#11 crypto standard interface.