Device Security and Data Encryption

Nodia integrates enterprise-grade security across the entire compute stack. From hardware-verified boot sequences to zero-knowledge execution proofs, every node operates with built-in protections that secure data, workloads, and user trust.

---

Secure Boot & TPM 2.0

• Secure Boot ensures that only cryptographically signed firmware can execute on the device.

• TPM 2.0 (Trusted Platform Module) securely stores keys and verifies system integrity during every boot cycle.

---

AES-256 End-to-End Encryption

• All task inputs and outputs are encrypted directly on the device using AES-256 before network transmission.

• Keys rotate on a per-task basis, isolating each job to prevent leakage or replay attacks.

• Devices never retain sensitive data beyond runtime unless explicitly configured with persistent local caching.

---

zk-SNARK Proofs

• Each node produces a zero-knowledge proof after completing a task—verifying correctness without revealing data or execution logic.

• Proofs are generated directly on-device and verified within seconds.

• This mechanism ensures provable trust without compromising privacy.

---

Network Hardening

• All devices operate on an outbound-only network model, reducing attack surface.

• Communications use standard secure ports:

  • HTTP: 80

  • HTTPS: 443

  • gRPC: 50051

• Firewall rules and protocol updates are delivered via regular OTA (over-the-air) updates.

---

Physical Tamper Resistance

• Atlas devices feature a chassis intrusion sensor that logs any unauthorized case access.

• All Nodia hardware includes:

  • Unique device serial numbers

  • Cryptographically sealed hardware identities using HSM-backed signatures

• These protections prevent counterfeit hardware from joining the mesh.