What are the goals of PSA Certified?
PSA Certified aims to:
- Improve the security of IoT devices through independent testing – building trust into the devices and services that rely on them.
- Create a multi-level security certification scheme that is cost effective, fast to market and ready in multiple markets – helping customers get the level of security they need.
- Build a developer ecosystem through consistent, easy to use software interfaces (APIs) to the PSA Root of Trust (PSA-RoT). We refer to this as Functional API Certification.
Who provides PSA Certification?
The PSA Certified scheme is being developed by six companies (the PSA Joint Stakeholder Agreement Members) working together to create a specification for the benefit of the electronics industry: Arm, Brightsight, CAICT, Prove&Run, Riscure & UL.
Why are those companies involved?
Arm created the Platform Security Architecture and have published the technical documents and provided an open source implementation called Trusted Firmware-M (TF-M) that can be found at www.trustedfirmware.org. Prove&Run are experts in creating threat models and highly secure solutions. Brightsight, CAICT, Riscure and UL are world leading test laboratories with great experience of security evaluation.
Why do we need PSA Certification for better security?
Most IoT chips and platforms do not get independently tested. This increases the chance of vulnerabilities in devices reaching the market. Independent testing raises the bar on security and sets agreed levels of security assurance and robustness.
Who should be PSA Certified?
Level 1 certification is relevant to chip vendors, RTOS suppliers and device makers.
Level 2 (Mid) and Level 3 (Substantial) narrows the scope to the PSA-RoT and it is therefore aimed at the chip vendor.
How do I become PSA Certified Level 1, Level 2 or Level 3?
Please download the resources on this website or contact a PSA JSA member to discuss the process details. Test Labs can advise on the evaluation methodology.
- Level 1 is a questionnaire based on the PSA Security Model goals and is assessed by the test labs in a short interview.
- Level 2 uses time-limited, white box penetration testing by the lab against an agreed PSA-RoT Protection Profile, evaluation methodology and attack methods list.
- Level 3 is in development and will be released later in 2019.
Documents such as the Level 1 Document & Declare questionnaire and the Level 2 Protection Profile are available for download from psacertified.org
Who should get PSA Functional API Certification?
- Chip vendors who want to show the functionality of their PSA-ROT using the PSA Developer APIs.
- RTOS vendors who add PSA Developer APIs and want to demonstrate they have a compliant solution.
- OEMs who want to check their security ROT is using standard PSA Developer APIs.
Chip vendors and RTOS suppliers should pass Functional API Certification before going on to do PSA Certified security certification.
How will PSA Certified help secure Internet of Things (IoT) devices?
A secure IoT system needs to have security designed-in. The Root of Trust (RoT) is at the heart of a System on Chip (SoC) providing security functions to the rest of the system. Arm has worked with others to create a security architecture (Platform Security Architecture), open source code and software interfaces (APIs) that the chip vendors can use to build in a PSA-RoT. PSA Certified provides independent lab-based assurance of the PSA-RoT and ensures that the device that uses it is built to sound security model goals.
One of the goals of PSA Certified is to make the security level of the IoT device (Level 1, Level 2 or Level 3) easily detectable by businesses that wish to know.
What makes PSA Certified different from other checklist approaches?
All three PSA Certified levels are provided via independent test labs rather than developers self-certifying.
Level 1 is based on a Document and Declare critical security questionnaire with laboratory review, the others use penetration testing in the lab on the PSA-RoT. The Level 1 questions derive from detailed, systematic work on the PSA Security Model (SM) and multiple published IoT threat models (English Language Protection Profiles).
All PSA systems use the Entity Attestation Token which is a type of cryptographically signed report card where the device makes signed claims. This mechanism can be used to identify the hardware version and therefore the PSA-RoT that has been certified.
What problem does PSA Certified solve for the electronics industry?
Too many IoT devices are not independently tested before they reach consumers and businesses. This makes it much more likely that vulnerabilities get through to mass production. PSA Certified is aimed at the IoT market where the scale of the industry demands that testing be quick, efficient and effective without being bureaucratic.
What is a PSA-RoT?
A PSA Root of Trust (PSA-RoT) is the trust anchor in a chip for a system that is connecting to cloud-based services. It provides trusted security functions such as crypto, secure storage and attestation, that the rest of the system relies on. The PSA-RoT is a source of confidentiality (it can keep secrets such as crypto keys) and integrity (you can rely on this system being unaltered from its intended state). The PSA-RoT protection profile identifies seven threats that the PSA-RoT should defend against at Level 2 and nine security functions of a PSA-RoT for the test lab to check.
What benefits does a PSA-ROT bring to an IoT device?
The PSA-RoT has been designed as a fundamental security building block for IoT devices that can provide essential security services. By providing an open source reference implementation, APIs and freely published architectural documents the vision is for the PSA-RoT to become a standard feature of IOT chips and systems.
- Chip vendors are able to demonstrate the security features of the chip to OEMs and have them valued by the ecosystem.
- RTOS vendors are able to integrate the PSA Developer APIs and then easily port security features across chips.
- OEMs are able to select the appropriate level of security and have common security features and APIs across chipsets.
- Service providers are able to easily identify the security level of the connected device and be able to make risk-based judgements.
Why certify a PSA-RoT?
Security testing by independent experts builds trust for the value chain. PSA Certified has a multi-level scheme providing a “Good, better, substantial” rating that is easy to understand and allows device makers to select an appropriate level of security for their application.
The certification level achieved can be “claimed” by the device in a signed report card known as an attestation token and checked on this website.
What do PSA Certified Level 1 / Level 2 / Level 3 mean?
PSA Certified Level 1 – Checks that the high-level security goals from the security model and generic security requirements from the IoT threat models have been met. Level 1 is at the scope of the SoC/ Platform and has three questionnaire sections for the chip vendor, RTOS provider and the device maker. The test lab checks the questionnaire in an interview process to establish that the questions have been understood and the answers are appropriate and sufficient.
Level 1 is proposed as a necessary security foundation for all IoT devices to demonstrate that security model goals have been met. A chip vendor who has passed level 1 can continue to…
PSA Certified Level 2 – tests the PSA-RoT and its nine security functions contained in the Protection Profile. Level 2 requires the PSA-RoT to be white box penetration tested by the lab for a fixed time period. The evaluation methodology is inspired by ANSII CSPN. The type of threats in scope for Level 2 are software attacks and lightweight hardware attacks. Level 2 builds on Level 1 and demonstrates that the PSA-RoT has a mid-level of security robustness and assurance against typical software or light-weight hardware attacks. PSA Certified Level 2 would be a suitable choice for demonstrating that these security functions have been independently evaluated in a test-lab. Level 2 is designed to be a mainstream IoT assurance level suitable for devices that do not have to resist advanced hardware or physical threats.
PSA Certified Level 3 – is in development. It will focus on assurance for devices needing a substantial level of protection from software and hardware attacks.
What is PSA functional API certification?
To build interoperability between solutions we need software interfaces to the PSA-RoT security component. Functional API certification (also known as API Compliance) tests that the software interfaces are present and functioning as expected. Functional API certification runs a test suite (or test kit) on a software implementation. Evidence of PSA Functional API certification is needed for security certification using PSA Certified by chip vendors or OS suppliers.
Who are the PSA Joint Stakeholder Members?
The founding members of PSA JSA are Arm, Brightsight, CAICT, Prove&Run, Riscure, UL. The group includes four of the world’s best known test labs with global facilities. Find out more.
How do I get involved?
Please contact a test lab about getting your solution PSA Certified. The labs contact details can be found here.
Can PSA Certified be used on any processor architecture?
Yes, any processor in a suitably designed chip can be PSA certified.
Can PSA Certified be used with other device or platform level certification schemes?
Yes, we actively encourage other device level or platform level certification schemes to build on top of PSA Certified (which focuses on the PSA-RoT.)