Momentum Builds for PSA Certified

Clive Maxfield Clive Maxfield
April 2, 2020 IoT & Automation

In these days of the Internet of Things (IoT), Industrial IoT (IIoT), and Artificial Intelligence of Things (AIoT), in which everything is connected to everything else, either directly or via the cloud, nothing can be assumed to be secure, but everything has to be guaranteed to be secure. The number of devices connecting to the Internet each year is growing at an exponential rate. In fact, Arm expects there to be over 1 trillion connected devices by 2035, and the one thing each of these devices is going to need is security.

To address the issues associated with developing and productizing secure embedded systems and IoT devices, Arm has been instrumental in creating standards, frameworks, tools, design flows, and initiatives that help developers create secure products faster. These include the PSA framework and the PSA Certified initiative.

Introducing the PSA Framework

The Platform Security Architecture (PSA) offers a framework for securing connected devices. It provides a step-by-step guide to building in the right level of device security, reducing risk around data reliability, and allowing businesses to innovate on new ideas to reap the benefits of digital transformation.

The PSA is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open-source firmware reference implementation. The PSA provides a recipe, based on industry best practices, that allows security to be consistently designed in, at both a hardware and firmware level. This helps embedded developers get their designs securely deployed in the field faster.

The PSA was created to help ensure that security is designed into a device from the ground up. The four PSA stages that guide security implementation for each specific use case are as follows:

  • Analyze: This involves the evaluation of assets and assessment of threats to define specific security requirements.
  • Architect: The architecture of the security design is based on identified security requirements.
  • Implement: This features an open source firmware implementation that complies with the specifications from the architecture stage.
  • Certify: This provides assurance that products adhere to security requirements and PSA guidelines through the PSA Certified scheme.

Introducing the PSA Certified Initiative

The reasons for implementing security are well known. We are surrounded by applications that collect, store, and analyze data, both personal and commercial. The cost of a security breach can be crippling, both financially and in terms of reputation. If an individual or a business feels that a device manufacturer or a service supplier cannot be trusted to keep their data secure, they will take their business elsewhere.

The term “PSA Certified” refers to an industry initiative that was founded by Arm and six other industry-leading companies. Most IoT chips and platforms do not get independently tested. This lack of assurance increases the chance of vulnerabilities in devices reaching the market. Independent testing raises the bar on security and sets agreed levels of security assurance and robustness.

PSA Certified: Enabling “right-sized” device security (Image source: PSA Certified.org)

PSA Certified builds trust through an independent certification scheme. It helps the developers of embedded and connected systems meet multi-region IoT security requirements with a simple multi-level evaluation scheme. Putting security at the heart of the product, PSA Certified provides an independent assessment of IoT devices, platform software, and the chip’s Root of Trust (PSA-RoT).

The certification program is built on the foundations of the PSA, which was created to address the need for scalability and consistency across large-scale IoT deployments. PSA Certified offers a full security framework with example threat models, security architecture documents, and an open-source reference implementation of the Root of Trust.

There are currently two levels of PSA Certified (a third level is in development):

PSA Certified Level 1

The foundation of PSA Certified, this level features a questionnaire which is filled in by the partner and checked by a PSA Certified test lab. These questions were derived from analyzing threat models of common IoT products and establishing ten key security goals. The latest release of this questionnaire is aligned and mapped to IoT security standards, government requirements, and emerging law, thereby making it easier for chip makers, software platforms, and device manufacturers to show globally recognized best practice.

PSA Certified Level 2

This follows on from Level 1 by adding 25 days of security evaluation of the Root of Trust (PSA-RoT) in a test lab. Achieving this level of certification represents significant dedication to security, where the chip vendor needs to provide evidence of protecting against scalable, remote software attacks.

PSA Certified Level 1 is applicable to chips, real-time operating systems (RTOSs), and devices. PSA Certified Level 2 increases the robustness testing by focusing on the PSA Root of Trust (PSA-RoT), and is therefore aimed at chip vendors.

PSA Certified Adoption and Building Momentum

Building secure chips and devices for the IoT is non-trivial. The documents, deliverables, and testing scheme of PSA Certified have been designed to make the path easier, quicker, and more affordable for the electronics industry. Chip vendors, RTOS companies, and OEMs who have their products PSA Certified can showcase their solutions on this website and use PSA Certified trademarks and logos.

The momentum behind PSA Certified is growing, with certifications from eight out of the ten top silicon providers at PSA Certified Level 1, including new certifications from Renesas, Unisoc, Winbond, and Nordic Semiconductor.

The PSA Certified initiative has enjoyed an exciting year, resulting from hard work by the full PSA Certified founding members and lead partners. Momentum is increasing as more and more partners join the PSA Certified scheme. The result of PSA Certified is to make the IoT a smarter and more secure place for all.

First Published on Embedded-Computing.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Clive Maxfield

    Tags
    Internet of Things
    Leave a Comment
    Next Post
    Transforming STEM education as a way to tackle the challenges of the 21st century

    Transforming STEM education as a way to tackle the challenges of the 21st century

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in IoT & Automation
    IoT & Automation
    Could the IoT Help End Hunger? Farmers Are Finding Out

    Internet of Things (IoT) gadgets are everywhere. Cars, buildings, roadways, airplanes, home appliances, and other items have tens of billions of sensors, processors, and internet-connected gadgets. IoT devices detect motion, regulate temperature, share and collect data, measure weather, and provide location information, power logistics, and medical research. They also enable self-driving vehicles, to name just

    5 MINUTES READ Continue Reading »
    IoT & Automation
    10 Biggest Opportunities for IoT Innovation in 2021

    IoT is a powerful economic driver. IoT Innovation is actively shaping businesses and consumer trends. Most of the technologies developed before and during the pandemic address the Internet of Things directly or indirectly. From healthcare and retail to automobile and manufacturing, IoT innovations are opening new avenues across industries.  It covers almost every segment of

    8 MINUTES READ Continue Reading »
    IoT & Automation
    10 Things to Consider When Starting an IoT Project

    One of the biggest issues companies face when starting an IoT project is deciding who should be responsible. Should it be the engineering team that is responsible for the core technicalities of the device, or should it be the product management team that is responsible for the end functionalities of the IoT product? Starting on

    8 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.