YubiHSM 2 Now Qualified for AWS IoT Greengrass Hardware Security Integration

December 3, 2018 4 minute read

We are excited to announce that Amazon Web Service (AWS) Internet of Things (IoT) Greengrass users can now use Yubico’s hardware security module, the YubiHSM 2, Yubico’s ultra-portable hardware security module, for secure key storage. AWS IoT Greengrass software provides local compute, messaging, and data caching for the IoT devices, enabling users to run IoT applications across the AWS cloud and local devices.

IoT is on the rise

The Internet of Things (2018) research report from Business Insider Intelligence predicts that there will be more than 55 billion IoT devices by 2025, up from about 9 billion in 2017. While reaping many advantages like increased efficiency and productivity, this rapid growth in adoption provides a new playground for malicious actors creating real challenges for security and privacy.

Connecting everything to the cloud creates the potential for a single point of failure, which is why protecting access to servers is of paramount importance. A prime threat to access is storing root keys for servers in software. Root keys stored in software can be stolen, accidentally distributed, or misused, and can potentially lead to catastrophic security breaches.

AWS IoT Greengrass supports a hardware root of trust

AWS IoT Greengrass enables customers to leverage a hardware root of trust, such as the YubiHSM 2, for private key storage, and end-to-end encryption for messages sent between AWS IoT Greengrass Core and the AWS cloud, as well as between the AWS IoT Greengrass Core and compatible local devices. This provides AWS IoT Greengrass customers with the option to configure their AWS IoT Greengrass Core to use the private keys generated and stored on the YubiHSM 2.

“Security and compliance are primary considerations for customers as they begin their respective cloud journeys. Organizations need true cloud visibility, which is the foundation of security and controls. The integration of YubiHSM 2 with AWS IoT Greengrass is a great example of a way for customers to have greater visibility into local compute, messaging, and data caching for the Internet of Things (IoT), ” said Troy Bertram, General Manager, Worldwide Public Sector Business Development, AWS. “The integration of YubiHSM 2 with AWS IoT Greengrass provides AWS customers with another avenue to maintain the strong hardware-backed security for cryptographic digital key generation, storage, and management.”

The YubiHSM 2 helps protect your keys

Since our initial launch of the YubiHSM 2 last year, many of our customers have approached us looking for a way to protect keys on servers. Complaints of traditional rack-mounted and card-based HSMs offering limited applicability at a significantly higher cost have led customers to our innovative alternative hardware security module. The YubiHSM 2 provides strong hardware-backed security for cryptographic digital key generation, storage, and management. The nano-sized YubiHSM 2 fits inside a server’s USB port and does not require additional hardware, significantly bringing down costs and simplifying the deployment process.

We’re excited for the collaboration with AWS IoT Greengrass. This announcement follows our recent release of our open source software development kit (SDK) for the YubiHSM 2. Now, more developers can rapidly integrate the YubiHSM 2’s capabilities into apps across a wider array of architectures and platforms. The YubiHSM 2 SDK enables developers to build products that communicate seamlessly with the YubiHSM 2 through the industry standard PKCS#11, and extend a range of high security functions and use cases for the greater protection of cryptographic keys.

The open source YubiHSM 2 SDK highlights Yubico’s commitment to transparency and trust. We continue to encourage the developer and security communities to join us in our mission to make strong hardware-backed security more accessible to organizations of all sizes.

Learn more about this new feature, and how AWS IoT Greengrass works with the YubiHSM 2. Want to integrate Yubico technology into your solution? Start here.

Share this article:

Recommended content


What SolarWinds taught us about the importance of a secure code signing system

Last year’s SolarWinds attack was caused by intruders who managed to inject Sunspot malware into the software supply chain. The hackers exploited a breach in the SolarWinds code signing system, which allowed them to fraudulently distribute malicious code as legitimate updates to installations across the world. While this attack taught the industry many lessons, one ...


YubiKey firmware update: YubiKey 5 Series with firmware 5.4

As of today, Yubico will start shipping the YubiKey 5 Series with firmware 5.4. This new firmware release will enable easier integration with Credential Management System (CMS) solutions, secure remote provisioning of YubiKeys, and expanded methods for PIV management.  Key benefits of the YubiKey Firmware Update for the YubiKey 5 Series with 5.4 firmware include: ...


A Yubico first...introducing the YubiHSM 2 FIPS

Compliance mandates require many of our customers in regulated industries or in high-risk environments to prove adequate levels of protection for their data, no matter where it lives or travels. This is why today we’ve not only launched the YubiKey 5 FIPS Series but also the smallest FIPS-validated hardware security module (HSM) in the world, ...


YubiHSM2 product brief

YubiHSM 2 ensures uncompromised cryptographic hardware security for applications, servers and computing devices.