YubiHSM 2 Secures EasyMile’s Worldwide CA Ecosystem

About the organization

EasyMile develops software solutions for autonomous vehicles, mainly for vehicles used to transport people and goods. Founded in 2014, EasyMile is headquartered in Toulouse France, and has an international presence, principally in the USA, Japan, and Australia. EasyMile customers are universities and corporate campuses, city centers, airports,and factories worldwide. The company is growing rapidly with 200+ employees, and has a vision of doubling its workforce in the medium term.

The challenge

EasyMile obligates itself to maximum security standards for the fleet of autonomous vehicles it manages, and follows industry best-security-practices.

EasyMile uses a PKI infrastructure based on X.509 Certificate Authority infrastructure to secure its ecosystem of autonomous vehicles. Practices focus on the authentication of differing assets and components, the integrity of the software deployed, and more.

Having a stated requirement to ensure the highest levels of security and having the will to always improve, EasyMile embarked on a project of hardening its PKI infrastructure. A prerequisite of PKI infrastructure hardening mandated storing private keys of the PKI certification authorities in HSM-enabled hardware.

The solution

Already users of Yubico’s YubiKeys for securing administrator accounts, EasyMile explored Yubico YubiHSM 2 to secure their X.509 CA infrastructure. HSMs from traditional manufactures focus on high end use cases to meet high traffic and signature requirements, making them expensive, difficult to port, and complex to deploy. EasyMile chose to test the YubiHSM 2 for their requirements and it met their needs. EasyMile made a decision to standardize on YubiHSM 2 to protect their Certificate Authorities’ private keys as it offers:

1. An approach based on open standards
2. API compatibility with OpenSSL APIs and infrastructure
3. A good ratio between cost and security rendered.
4. Rapid and inexpensive integration and deployment time
5. Simple administration and ease of use
6. Open Source libraries and SDKs offering a higher level of confidence
7. A label of trust from a renowned company in the field

The results

Having completed the implementation of YubiHSM 2 in a relatively short period of time, EasyMile succeeded in obtaining the expected results very quickly and increased the perceived level of confidence of its security certificate ecosystem.

Given the robustness of the solution and the very rapid returns on investment, EasyMile is currently exploring the means of extending the use of YubiHSM and YubiKeys for expanded use cases, focusing on both internal and external uses.