The latest router generation of the mbNET series has been designed from the ground up with the goal of providing maximum security. As reference, the standard „IEC 62443“ was used.
The foundation for secure boot is the so-called „trusted chain“ of the boot process. This ensures that only trusted applications can be started by the system, which ranges from secure booting to digitally signed firmware. Only if verified by a corresponding certificate, the firmware on the device can be accessed. It verifies bootloader, kernel, applications and file system. The highest level of security is provided by the hardware-based root of trust, located in a read-only memory (ROM).
One important security aspect is the information security of the router‘s data. The hardware-based secure element represents the safe for passwords, certificates and keys. All data stored whithin this element are completely protected from manipulation and reconnaissance. As an additional safety item, when it comes to data storage, a unique encrypted key is created, whiche secures another encrypted data container. Such an encrypted container can also be used for the auxiliary memory via SD card or USB.
The main focus when developing the new firmware was on „Security by Design“. This includes the assessment of all employed components, especially in regard to their use. All safety-relevant settings come in pre-built, so that they offer the highest possible cybersecurity level, while at the same time maintaining an optimal balance when it comes to usability and convenience. The security concept‘s final touch is the employ of the latest Linux kernel and the implementation of the Linux security concept „MAC“, which describes a system-based, rule-based access control strategy.
If you want to know more, feel free to download the document "mbNET with hardware version HW02 + Firmware V 6.0.0 - NEW features and changes" here: