How Can I Protect My Raspberry Pi?

By connecting the Single Board Computer to the Internet, you actually run the risk of compromising your Raspberry Pi or RBPi to different types of attacks from malicious persons. However, as several advantages of an Internet connection far outweigh such risks from attackers, there is merit in looking for ways to mitigate them. Spain Hardware from Madrid is venturing on a Kick Starter project to enable hardware protection for the RBPi.

When your RBPi requires secure communication, you can rely on the PiSec module, from Spain Hardware, to provide the necessary assistance. PiSec, being a protecting module, uses its own hardware to protect and encrypt all the inputs and outputs on the RBPi. PiSec protects the RBPi from all angles – SD card, USB, and Ethernet, offering a strong hardware base security that includes Elliptic curves and AES-256 XTS.

PiSec, based on a True Random Number Generator, works by generating safe and strong encryption keys and certificates. Internally, PiSec uses a protected file system that it protects with an internal certificate making it impervious to unauthorized access. The processor on board the PiSec module makes use of Elliptic Curve Cryptography to reduce its own overhead and speed up the process of verification.

PiSec provides protection complying with certificates such as the AES 256-bit XTS Military Grade Encryption and X.509. Repeated attempts after a predefined number of unsuccessful attempts to gain access to the RBPi results in the PiSec automatically blocking access. This helps in preventing DoS or Denial-of-Service and brute force attacks.

Typically, you can use your RBPi right out of its box, including its Ethernet connection, the USB ports, and its SD card. You can use the SBC to collect, store, and transfer data, but the RBPi handles all this using clear text, which anyone can intercept and read. You can use your tiny but powerful computer in several ways, for instance, as a standalone PC as a storage system, data logger, and standalone server, a device to control complex systems/machines, or used with licensed software. In all these cases, it will certainly hurt your business if your data is exposed and someone sniffs the actuator or the sensor communication lines and steals your telemetry.

There are several ways to achieve security through software generated keys and certificates. However, relying on a hardware solution is a far better solution, as most of such software solutions do not use a true random generated number. PiSec offers this strong protection security to the entire RBPi, including all devices on its SPI bus, without overloading the processor of the RBPi, nor collapsing its OS. Being a hardware solution, it is simple enough to plug the PiSec on your RBPi, without any necessity of a learning curve or any previous experience on security.

Features of the PiSec include a TRNG or true random number generator. It obtains the random seed from on-board white noise generators that are FIPS and AIS 31 compliant, and with a very high entropy level. TRNG is crucial to creating strong secure keys and certificates.