AWS IoT - Signed Temperature Sensor Data using Zymkey 4i


Learn how to connect your IoT device to AWS-IoT and how to sign sensor data using Zymkey’s security services. This great github project by Jacky Zheng and Dennis Fong shows how to use the JITR/BYOC services to connect your device to your AWS account and how to sign temperature sensor data:

The Zymkey Secured AWS Project
We present an application to connect to Amazon Web Services through a more secure paradigm, using a un-exportable and un-readable private key stored in a hardware security module (HSM) for the Raspberry Pi, Zymkey, to establish an HTTPS connection.

Furthermore our application will demonstrate the storage of encrypted and authenticated sensor data on Amazon’s NoSQL DynamoDB. All data published will be encrypted with an AES-256 key and digitally signed by an ECDSA-prime256v1 key stored on Zymkey. Data will be verified by Zymkey’s corresponding public key through an AWS lambda function before being moved to the database. All incorrectly signed data will be moved to a seperate quarantined database.

Additional features include the storage of data encrypted on the filesystem when internet connection goes down, to be re-published when connection comes back up: data will remain in time-order once republished to the database.

The entire application is setup by one python script. All that is required is for the user to install Zymkey, setup their AWS account and run the script. Furthermore once the script has finished the user is free to publish arbitrary data to AWS IoT securely and can create their own AWS application utilizing the secure pipeline setup.