Your Guide to Selecting an Appropriately Robust IoT Chip

Skip to content

For development teams embarking on the design of a secure product the choice of a PSA Certified chip is a smart move. By choosing an already certified chip you are taking advantage of a product that has been through the PSA Certified process, so it has been certified by an independent security lab to comply with the requirements of PSA Certified. PSA Certified was developed by world-leading security experts, who used their knowledge to develop a framework and certification scheme that helps to protect products against the most common IoT security hacks.

PSA Certified provides multi-level assurance for silicon with increasing robustness focusing on the PSA Root of Trust.

Multi-Level Security Assurance

PSA Certified was designed with three different assurance levels: PSA Certified Level 1 shows adherence to best security practices and applies to chips, system software, and end devices. PSA Certified Level 2 and PSA Certified Level 3 offer a higher level of assurance by conducting white box penetration testing on a chip’s Root of Trust (RoT), to provide evidence of compliance to the PSA Certified protection profiles. The great news for developers is that end products certified to PSA Certified Level 1 can also be mapped to show compliance with NIST 8259A, ETSI 303 645, and Californian State Law SB-327 regulations.

PSA Certified has made life easier for developers to create secure products by allowing them to select chips and system software that have already been PSA Certified. Selecting pre-certified silicon and system software provides the easiest route to certification for end-product developers. Developers have the option to select from chips certified at all three levels, so the question is often, what level do I need?

Start your PSA Certified journey by completing a threat model to determine what level of robustness your product requires

How To Select the Right Chip

Before choosing a chip, the developer needs to identify the types of attacks a device may be exposed to and what the consequences of those attacks might be. The results of this threat modelling will help determine which level of robustness the product requires, as each level of PSA Certified silicon certification addresses a different level of threat. PSA Certified Level 1 assesses security best practice principles through the PSA Certified Level 1 questionnaire, which is then reviewed by an independent security lab. PSA Certified Level 2 is focused on scalable software attacks and addresses threats like malicious firmware updates and protection of device secrets. This assures protection against threats such as malicious update. PSA Certified Level 3 extends the scope of PSA Certified Level 2 to include physical attacks like clock or power glitch attacks to extract secrets such as private keys

To take this a step further let’s look at a few hypothetical scenarios.

PSA Certified Level 1 indicates that a chip has been implemented with security best practice.

PSA Certified Level 1 Chip

For those devices where the consequences of an attack are low, or the value of the asset is modest, the product developer may find the selection of a PSA Certified Level 1 chip is appropriate. These chips implement best practice security and provide cost-effective solutions for designs, while still meeting the security requirements of NIST 8259A and ETSI 303 645. Products designed with PSA Certified Level 1 chips can also leverage those certifications when completing their end-product PSA Certified Level 1 device certification.

PSA Certified Level 2 indicates that a chip can help protect against scalable software attacks and addresses threats like malicious firmware updates and protection of device secrets

PSA Certified Level 2 Chip

For our next scenario, I have chosen a wi-fi-connected home appliance. We will begin by looking at the typical threats this type of product might encounter. Malicious code is a common attack vector for many connected devices. An attacker may try to spoof the server and a device that does not implement secure updates could accept this code and give the attacker control of the device. A different attacker might try a remote attack on the device connectivity to exploit a vulnerability on the communication stack, in order to penetrate the device and extract secrets like keys, certificates, or wi-fi passwords. Next, we must consider the consequences of an attack. This might seem trivial, you might ask “who cares if an attacker hacks my connected refrigerator and finds out I forgot to buy milk”? Well, if that attacker uses your compromised appliance to penetrate your home network the consequences could be significant. A malicious hacker could also tamper with the cooling controls and damage this expensive item, so the consequences of a scalable software attack are potentially real and significant. Physical attacks on an appliance installed in a private home are, in this case, of an extremely low probability and would indicate a security problem of a different sort. For this example, we conclude that a PSA Certified Level 2 chip is the appropriate choice.

As well as helping to protect against scalable software attacks, PSA Certified Level 3 chips also help mitigate physical attacks such as clock or power glitch attacks.

PSA Certified Level 3 Chip

Now let’s look at a connected door lock. This device is exposed to the same scalable software attacks as our hypothetical connected appliance. However, the consequences of an attack on a connected door lock are much more serious. From compromising the local network to allowing unauthorized access to the protected space. Unlike our first example, most connected locks could be subjected to physical attacks since they are located in public spaces which must be considered in the threat modeling. This naturally leads to the conclusion that the appropriate solution for this application is a PSA Certified Level 3 chip. If we consider the business risk for a connected lock system, it is potentially huge: Your business’s reputation could be ruined, civil liability if someone’s safety were compromised and the cost of replacing deployed units makes the cost of not meticulously designing in security from the onset a nonstarter. Learn more about the difference between PSA Certified Level 2 and PSA Certified Level 3.

Of course, every product development has its own unique requirements. We at PSA Certified have provided some reference threat models that are editable and freely available. For assistance in creating custom threat models, all our PSA Certified JSA members offer security consulting services.

Join the PSA Certified Ecosystem

It is the designer’s responsibility to make the right choices in a connected product design and ensure that security is built into the foundation of the product. If the product is designed without adhering to best security practices, it is seldom possible to rectify this after the product has been deployed. The great news is that PSA Certified and its growing ecosystem of certified silicon is making it easier for product developers to identify and implement solutions with sufficient robustness. Helping you design in right-size security from the beginning of product development, driving down cost and speeding time-to-market.  

PSA Certified Ecosystem