Skip to main content

Hardware security

Kisi hardware is built with tamper-resistant design and secure boot processes.

Physical protection

  • Tamper-proof housing: Chip access requires destroying the device
  • Security screws: Proprietary securing mechanisms
  • Motion detection: Built-in accelerometer detects tampering attempts
  • No debug access: Debug ports permanently disabled at manufacturing

Secure software

  • Signed code: All code cryptographically signed and verified
  • On-chip execution: Critical code runs in hardware-protected environment
  • Encrypted storage: Per-device encryption keys

Connectivity

  • TLS 1.2: Encrypted connections to Kisi Cloud
  • Mutual authentication: Device and server verify each other
  • Certificate validation: Full PKI chain verification

Firmware updates

  • Automatic: Updates applied during off-hours
  • Signed: RSA-signed with HSM-hosted keys
  • Encrypted: AES encryption during transmission
  • Verified: Only verified firmware can execute

Secure boot

  • Hardware root of trust: Boot process anchored in secure hardware
  • Code verification: Each stage verifies the next stage's signature
  • Tamper resistance: Boot process resists hardware tampering

Local communication

  • AES encryption: Local device communication is encrypted
  • Message signing: All local messages cryptographically signed
  • Replay protection: Prevents network replay attacks

Anti-tampering features

Physical protection

  • Tamper-proof design: Chip access requires destroying the device
  • Security screws: Proprietary securing mechanisms
  • Built-in tamper detection: Hardware-level tampering alerts
  • Secure housing: No external access to internal components

Embedded security

  • Secure boot: Encrypted code loading with device verification
  • On-die code execution: Critical code runs in physically secured environment
  • Disabled debug ports: Hardware debugging permanently disabled at manufacturing
  • Per-device encryption: Unique encryption keys for each device
  • AES-GCM-AEAD protection: Local storage encryption and authentication

Secure firmware updates

Update process

  • Automatic scheduling: Updates applied during off-hours to minimize disruption
  • RSA signing: All updates signed with HSM-hosted RSA keys
  • AES encryption: Update packages encrypted during transmission
  • Integrity verification: Code signature validation before installation
  • Near-seamless uptime: Typically less than 10 seconds downtime
  • Regular schedule: Updates deployed approximately every two weeks

Security validation

  • Mutual authentication: TLS 1.2 with mutual authentication for update downloads
  • Secure boot verification: Only verified firmware can execute
  • Rollback protection: Prevents installation of older, potentially vulnerable firmware
  • Update logging: Complete audit trail of all firmware updates

For technical details, see our system architecture documentation.