Yubico unveiled that the YubiHSM 2 (hardware security module) is qualified for Amazon Web Services (AWS) Internet of Things (IoT) Greengrass Hardware Security Integration. AWS IoT Greengrass introduced a new feature that will utilize a subset of the YubiHSM 2 PKCS#11 library, allowing the YubiHSM 2 to perform the crypto operations for AWS IoT Greengrass to use secure hardware to store private keys.
AWS IoT Greengrass allows users to run compute, messaging, data caching, sync, and machine learning inference capabilities for connected devices.
The YubiHSM 2 delivers security for cryptographic digital key generation, storage, and management, supporting a range of enterprise environments and applications, in a cost effective and minimalistic form factor. The new YubiHSM 2 integration with AWS IoT Greengrass introduces hardware root of trust private key storage, adding to the existing AWS IoT Greengrass security model at the edge that includes the use of certificate-based authentication and encryption of data both in rest and in transit.
YubiHSM 2 hardware integration was designed to increase security for AWS IoT Greengrass customers by allowing for hardware-secured and end-to-end encrypted messages to be sent between the AWS IoT Greengrass Core and the cloud, or other AWS IoT Greengrass local devices using the AWS IoT Device SDK. The AWS IoT Greengrass Core software can also use the YubiHSM 2’s hardware-secured private key for the encryption of secrets stored from the cloud-based AWS Secrets Manager.
“Since the launch of YubiHSM last year, we have seen many exciting deployments that have explored the use of the YubiHSM 2 for improving security within IoT environments,” said Jerrod Chong, SVP of Product, Yubico. “AWS adding support for external hardware-backed secure devices within the AWS IoT Greengrass platform is another great use case for YubiHSM.”
To begin using this new security feature, AWS IoT Greengrass customers can see information about the Yubico YubiHSM 2 through the AWS Partner Device Catalog. Customers will have the option to configure their AWS IoT Greengrass Core to use the private key generated on the YubiHSM secure element to integrate with the AWS IoT Greengrass software utilizing the PKCS#11 crypto standard interface.