Security has been a key issue for developers around the globe, especially those in the cryptocurrency and blockchain realms. They are constantly engaged in a battle against hackers to prevent data breaches of confidential user information. The widespread rise of IoT devices makes for easy targets for attackers. Any device connected to the internet and the Ethereum blockchain could potentially be attacked and have all tokens drained from the wallet. In light of this dire situation, Oaken and Zymbit announced a partnership in May 2018 for developing security solutions which could be embedded alongside IoT devices.
Zymbit and Oaken
Zymbit develops hardware security modules for IoT devices. The sixth generation of its security device provides a security enclave for Ethereum wallets. This will provide security to devices connected to the internet, even those that cannot be firewalled. Oaken Innovations, on the other hand, has built secure blockchain software for all IoT devices that utilize the Ethereum Virtual Machine (EVM), making the partnership between Zymbit and Oaken quite significant in terms of security solutions for Ethereum users.
Phil Strong, CEO of Zymbit Inc., expressed enthusiasm about the partnership, noting the company’s excitement about collaborating with Oaken “to bring to market a much needed hardware security module that delivers cyber physical security to EVM blockchain enabled IoT devices.” Strong also mentioned Oaken’s impressive track record, which includes awards and major clients like Toyota.
Oaken Innovations CEO John Gerryts is also happy about the collaboration, stating:
“We’re excited to partner with Zymbit to develop an Ethereum ready security module that will enhance our offerings in the automotive and consumer IoT space. With Zymbit’s gen six cyber physical security module, we and other developers will be able to secure blockchain wallet keys and signed transactions on edge devices, like automobiles, delivering best in class security for our blockchain software products.”
Zymbit Security Module 6
Zymbit’s Security Module 6 (SM6), via support from Oaken Innovations, is EVM compatible. Compatibility with the EVM means that Oaken Innovations and other developers can “produce secure blockchain software for IoT devices that live in the wild, beyond the security of the firewall.”
The Security Module 6 has an enhanced crypto engine with an elliptic curve cryptography scheme. The module includes an sec256K1 encryption engine for signing and key generation, multi-factor device identity, and multiple sensors to detect physical damage to the unit. What is most important for IoT devices, however, is that all of this is accomplished while consuming an insignificant amount of energy as the SM6 boasts an ultra low power ARM Cortex M0 security controller along with an ATECC608A microchip.
Every Zymbit security module has a “hardware-rooted key store and companion encryption engine.” Using ATECC508A or ATECC608A MicroChip security chips, key stores are protected from host computer attacks. Additionally, the design results in “a more robust and flexible method for device identity and physical security.”
It features an edge connector, module, and RF cage to enhance physical security. It also includes a power monitor with on board supercap and two independent digital perimeter loops. It is easy to develop for the SM6 as it has one connector for all signals. It is available as a plug and play unit with the API available for most popular programming languages, including Python, C, and C++.
The hardware maker further stated, “Zymbit’s embedded security API will be extended to enable blockchain software developers to easily generate wallets, store private keys, and sign transactions, all without exposing private key materials or credentials to the application software.”
Zymbit’s SM6 security modules work with a host of single board computers, including the famous Raspberry Pi, BeagleBone, Odroid, and iMX6 platforms. It provides developers with a plug-in enclave to secure IP and other digital assets. It attaches itself to computers in order to secure private keys of the associated digital currency wallet.
Zymkey boasts multi-factor device id and authentication, data encryption and signing, key storage and generation, physical tamper detection, and secure element root of trust. It is available in three options: USB stick, I2C module, and a SMT chip. Zymkey enables remote attestation of host device hardware configuration. It creates a unique ID using multiple device specific measurements. These cryptographically derived ID tokens are never exposed. It employs ECDSA, ECDH, AES-256, SHA-256 cryptography standards, along with an AES-256 encrypt/decrypt data service, which integrates TLS client side certificates.
“Zymbit security modules provide two perimeter detect circuits which, if broken, signal a breach in the physical perimeter of the host device. Such an event can be used to flag a breach, lock up or permanently destroy keys,” said the company.
Zymkey monitors the outer environment to detect physical damages to the unit. It has a power quality detector to detect anomalies like brown out events. It also comes equipped with an optional accelerometer to report shock and orientation changes along with another optional perimeter integrity circuit to detect breaks in the loop or mesh. The unit has been programmed to signal any other anomaly it encounters.
It also has an optional battery-backed real-time clock to support off grid applications. It has an 18-36 month operation life and an RTC clock which is available to client applications. The kit uses an ultra low power consumption model. The ARM Cortex 40 microcontroller helps the Zymkey deliver long term performance even from a single battery. It also provides multiple layers of hardware security which isolates and supervises each service.
Zymkey 5 for Raspberry Pi
The soon to be launched Zymkey 5 boasts a Micro ECC engine with sec256k1 support and has 32 key slots. The unit can be easily integrated with the Raspberry Pi, as of release. It uses a superset of the Zymkey 4i security module and the Microchip ATECC608A secure element along with an ultra low power ARM Cortex M0 security controller.