Arm and its independent security testing lab partners Brightsight, CAICT, Riscure and UL, along with consultants Prove&Run, today announced PSA Certified to support the widespread deployment of secure IoT solutions based on the Platform Security Architecture (PSA) framework. Through independent security testing, PSA Certified enables IoT solution developers and device makers to establish the security and authenticity of the data collected from a diverse world of IoT devices.
Dirk-Jan Out, CEO, Brightsight said: “Brightsight is pleased to support PSA Certified, which will improve the security of IoT devices and build a higher level of trust in the value chain – this trust is critical for the IoT to succeed. The multi-level approach of the scheme is designed to help the customers get the exact level of security they need, appropriate to the specific use case and threat model.”
PSA Certified is the next step in the Platform Security Architecture (PSA) journey, bringing a tangible measure of device security to the IoT. PSA is a four-stage framework that guides IoT designers through the journey of creating a secure connected device. It goes beyond instructions and principles, with a comprehensive set of downloads, including Threat Models and Security Analyses documentation, hardware and firmware architecture specifications, open source Trusted Firmware (TF-M) and API test kits.
PSA Certified provides a simple and comprehensive approach to security testing. It comprises two elements: a multi-level security robustness scheme and a developer focused API test suite. The security testing is based on third-party lab-based evaluation that builds trust through independent checking of the generic parts of an IoT platform including: PSA Root of Trust (the Root of Trust is the source of integrity and confidentiality), the real-time operating system (RTOS) and the device itself.
Arman Aygen, Head of Strategy and Innovation at UL Identity Management & Security commented, ‘‘With our world being increasingly connected, innovation should not compromise cybersecurity: it should never be something you factor in as an afterthought and needs to be managed throughout the supply chain. PSA Certified offers a non-prescriptive and voluntary framework to demonstrate the security and value of interconnected solutions.”
PSA Certified enables devices makers to get the security required for their use case through three progressive levels of security assurance which are assigned by analyzing the use case threat vectors. For example, a temperature sensor in a field may require different security robustness (level 1) than a sensor in a home environment (level 2) or in an industrial plant (level 3). Following the testing, all PSA Certified devices will have electronically signed report cards (attestation tokens) for determining which level of security has been achieved, allowing businesses and cloud service providers to make risk-based decisions.
“PSA gave the industry a framework for standardizing the design of secure IoT devices, and PSA Certified brings together the leading global independent security testing labs to evaluate the implementation of these principles,” said Paul Williamson, vice president and general manager, Emerging Businesses Group, Arm. “This will enable trust in individual devices, in their data, and in the deployment of these devices at scale in IoT services, as we drive towards a world of a trillion connected devices.”
PSA Certified is already gaining traction with leading silicon and IoT platform providers. Cypress, Express Logic, Microchip, Nordic Semiconductor, Nuvoton, NXP, STMicroelectronics and Silicon Labs have all achieved Level 1 certification.
Nuvoton and OS provider ZAYA have achieved both PSA Certified Level 1 and PSA Functional API Certification, and Arm Mbed OS will provide out of the box compliance with PSA Certified Level 1 and PSA Functional API Certification in its upcoming March 5.12 release.
Further information: Click here