Hardware security
Kisi hardware is built with tamper-resistant design and secure boot processes.
Physical protection
- Tamper-proof housing: Chip access requires destroying the device
- Security screws: Proprietary securing mechanisms
- Motion detection: Built-in accelerometer detects tampering attempts
- No debug access: Debug ports permanently disabled at manufacturing
Secure software
- Signed code: All code cryptographically signed and verified
- On-chip execution: Critical code runs in hardware-protected environment
- Encrypted storage: Per-device encryption keys
Connectivity
- TLS 1.2: Encrypted connections to Kisi Cloud
- Mutual authentication: Device and server verify each other
- Certificate validation: Full PKI chain verification
Firmware updates
- Automatic: Updates applied during off-hours
- Signed: RSA-signed with HSM-hosted keys
- Encrypted: AES encryption during transmission
- Verified: Only verified firmware can execute
Secure boot
- Hardware root of trust: Boot process anchored in secure hardware
- Code verification: Each stage verifies the next stage's signature
- Tamper resistance: Boot process resists hardware tampering
Local communication
- AES encryption: Local device communication is encrypted
- Message signing: All local messages cryptographically signed
- Replay protection: Prevents network replay attacks
Anti-tampering features
Physical protection
- Tamper-proof design: Chip access requires destroying the device
- Security screws: Proprietary securing mechanisms
- Built-in tamper detection: Hardware-level tampering alerts
- Secure housing: No external access to internal components
Embedded security
- Secure boot: Encrypted code loading with device verification
- On-die code execution: Critical code runs in physically secured environment
- Disabled debug ports: Hardware debugging permanently disabled at manufacturing
- Per-device encryption: Unique encryption keys for each device
- AES-GCM-AEAD protection: Local storage encryption and authentication
Secure firmware updates
Update process
- Automatic scheduling: Updates applied during off-hours to minimize disruption
- RSA signing: All updates signed with HSM-hosted RSA keys
- AES encryption: Update packages encrypted during transmission
- Integrity verification: Code signature validation before installation
- Near-seamless uptime: Typically less than 10 seconds downtime
- Regular schedule: Updates deployed approximately every two weeks
Security validation
- Mutual authentication: TLS 1.2 with mutual authentication for update downloads
- Secure boot verification: Only verified firmware can execute
- Rollback protection: Prevents installation of older, potentially vulnerable firmware
- Update logging: Complete audit trail of all firmware updates
For technical details, see our system architecture documentation.