PiSec - The secure Raspberry Pi shield
PiSec - The secure Raspberry Pi shield
Protect your Raspberry Pi from all angles -Ethernet, USB, SD card-. Strong hardware base security. Elliptic curves & AES-256 XTS
Protect your Raspberry Pi from all angles -Ethernet, USB, SD card-. Strong hardware base security. Elliptic curves & AES-256 XTS Read more
PiSec - BEST security solution to your Rasbpberry Pi.
PiSec offers, right out of the box, all you need to secure your Raspberry Pi, from the Ethernet connection to the SD Card..
You can use your RBPi to collect, store, and transfer data, but these bytes are always handled in clear text.
There are several scenarios where you can use this small & powerful computer:
- Standalone PC as a storage system.
- Standalone PC as a data logger.
- Standalone PC with licensed software.
- Embedded device to control complex machines/systems. Standalone server.
Very powerful and flexible, indeed! But …
- What happens if someone steals your NAS disks, your SD card, or your USB drive?
- What happens if someone sniffs the sensors' or actuators' communication lines and steals your telemetry?
Can you afford to expose your data? Or …
- Worst-case scenario: since RBPi is easily available, all your products can be replicated by your competitor.
- Even worse: what if a system mimics one of your authorized machines? (Man in the Middle attack).
… Can you afford to lose your business?
We want strong security, so we cannot rely on software-generated keys/certificates because they do not use true random generated numbers. At the same time, this strong protection system must not overload RBPi's processor, nor collapse its OS.
We're proud to introduce PiSec, the best security solution to your Rasbpberry Pi (and all devices with a SPI bus).
Reduced development costs and faster time to market!
PiSec features:PiSec features:
- A True Random Number Generator (TRNG). The random seed is obtained from white noise generatos with a very high entropy level (FIPS & AIS 31 compliant). Remeber that true random generated numbers are crucial to create strong secure keys, and therefore, certifcates.
- A Hardware key generator which store them internally (inside the chip).
- A certificate generator which generates the certificates, based on the keys mentioned above.
- A secure file system that uses an internal certificate to prevent unauthorised access.
- API/Tools to encrypt/decrypt USB, Ethernet, I2C, etc., by using internal certificates.
- API/Tools to check application certificates against the local ones to prevent unauthorised use.
- PiSec features:A True Random Number Generator (TRNG). The random seed is obtained from white noise generatos with a very high entropy level (FIPS & AIS 31 compliant). Remeber that true random generated numbers are crucial to create strong secure keys, and therefore, certifcates.
- Reliable and Secure Platform
- True Random Number Generator
- Certification Authority (CA).
- Data is encrypted inside the processor (hardware).
- The keys never get out of the chip.
- This reinforces security and makes external attacks very difficult.
- You can set up groups of authorised PiSecs. This way, only those PiSecs can decrypt the files.
- PiSec uses Elliptic Curve Cryptography. It reduces the processor load and speeds up the key verification process.
- PiSec uses AES 256 – XTS Once connected,
- PiSec is automatically detected with a single command.
- TRUESIGN - Verification and sign process with X.509 certificates.
- SECURITAS - X.509 certificates generator.
- FIDES - Key verification process with Elliptic Curve Cryptography (ECC).
- Encrypted and secure storage, both within USB devices and PiSec's SD card.
- After a predefined failed access trials, PiSec automatically get blocked to prevents force brute and DOS attacks.
- After a predefined idle time, PiSec's encrypted file system is unmounted automatically.
Goals and project calendar
To complete PiSec v1.0’s development according to the above-mentioned features and capabilities, we will need to raise 35.000€.
We want to go one step further and include three additional functionalities that will make PiSec a more interesting and powerful device for your IoT applications: WiFi, Bluetooth and Real Time Clock on board . This would be PiSec v2.0.
To afford the development of these extra features, we will need an extra 15.000€. Thus, if we reach 50.000€ with your support, we will start developing and producing PiSec v2.0 and you will get this powerful module including secure WiFi and Bluetooth communications instead of the initial PiSec v1.0.
Our final goal is to obtain FIPS security certification for PiSec, but this is a long, close to 8 months, and expensive process which requires an extra 50.000€. Thus, if we reach 100.000€ with your support, we will start the FIPS certification process.
Risks and challenges
In any development project, there may arise difficulties which can cause the project to be delayed or even forcefully to cancelled. However, in EGEON Technologies we are fully confident that we will successfully finish PiSec’s development.
This is not just an optimistic view of our capabilities. The knowledge and professional experience of our team members prove that. Our team has more than 20 years of experience in developing and manufacturing hardware with special emphasis on the design of secure systems, such as Cryptotoken – the only USB storage device approved by the Spanish government. Our involvement in the design of the secure HDD on board of the Airbus A330 MRTT, or the communication devices installed in several international airports’ control towers are also worth mentioning.
Nevertheless, it may happen that we bump into some obstacles such as delays in the software development, the detection of vulnerabilities in the OS and in other software tools we use, or, in case we reach the 100k goal, delays/incidents in the FIPS certification process (in this last case, goal reached, the first units could be delivered before the completion of the certification process, and therefore not certified).
In any case, none of these incidents will stop PiSec’s development because, as already mentioned, they are part of the market strategy of EGEON Technology.Learn about accountability on Kickstarter
- (40 days)