AWS IoT - Signed Temperature Sensor Data using Zymkey 4i

Learn how to connect your IoT device to AWS-IoT and how to sign sensor data using Zymkey’s security services. This great github project by Jacky Zheng and Dennis Fong shows how to use the JITR/BYOC services to connect your device to your AWS account and how to sign temperature sensor data:

https://github.com/jackyjzheng/zkSecureAWS/blob/master/README.md

The Zymkey Secured AWS Project
We present an application to connect to Amazon Web Services through a more secure paradigm, using a un-exportable and un-readable private key stored in a hardware security module (HSM) for the Raspberry Pi, Zymkey, to establish an HTTPS connection.

Furthermore our application will demonstrate the storage of encrypted and authenticated sensor data on Amazon’s NoSQL DynamoDB. All data published will be encrypted with an AES-256 key and digitally signed by an ECDSA-prime256v1 key stored on Zymkey. Data will be verified by Zymkey’s corresponding public key through an AWS lambda function before being moved to the database. All incorrectly signed data will be moved to a seperate quarantined database.

Additional features include the storage of data encrypted on the filesystem when internet connection goes down, to be re-published when connection comes back up: data will remain in time-order once republished to the database.

The entire application is setup by one python script. All that is required is for the user to install Zymkey, setup their AWS account and run the script. Furthermore once the script has finished the user is free to publish arbitrary data to AWS IoT securely and can create their own AWS application utilizing the secure pipeline setup.

@Scott_of_Zymbit
Hi,
Firstly very much thanks for this forum, it provides really valuable information for beginners like me to proceed.
I am trying to connect to AWS IoT and followed the instructions as given, but, when I run the main.py file, after it asks location of certificate and key, it throws me an error:
Policy already exists…skipping policy creation…using the policy_arn from ~/.aws/zymkeyconfig
Cannot get the existing policy_arn from ~/.aws/zymkeyconfig… Manually update ~/.aws/zymkeyconfig yourself

FAILURE…exiting script…

I am unable to proceed after this, I am kinda stuck here for last 3 days, when I searched online I was able to get the policy_arn from was and manually entered it in zymkeyconfig file in ~/ .aws folder, but it throws the same error.

I got the policy_arn from
aws --> IAM --> Roles -->Rolename --> IamlambdaModifyrole --> lambdaModifyPolicy --> Policy_arn

I am stuck here with no possible solution coming in my mind, I have already rebooted and reinstalled system multiple times.
any help would be appreciated.
Thanks

I’ll be looking into this issue in the next few days. Stay tuned :slight_smile: