NXP Semiconductors has long been a valued PSA Certified partner, in fact, at the launch of the scheme, at PSA Certified Level 1. We are pleased to hear that they’ve recently been awarded PSA Certified Level 2 for their LPC55S1x MCU family, which felt like a timely excuse to catch up with them on all things embedded security. Keep reading to hear more from Durgesh Pattamatta, as he shares why security is so important to NXP and what he thinks is ahead of us in the future.
Thanks for joining us Durgesh, we wanted to start with something that probably feels like an obvious question: why is security important for connected devices?
Security is rapidly becoming a baseline requirement for all embedded devices. In particular, for connected devices, solid security is a must-have since these intrinsically have a larger attack surface and are exposed to remote, scalable attacks. Because devices are connected, they can serve as a low-cost gateway to attack larger nodes. Any security breach could impact other connected equipment or the network itself. This threat is expanding with the increased use of IoT devices and it’s important for all of our connected things to be secure, no matter how small or how seemingly harmless.
As security is so key, what are the ways NXP is supporting customers to create and ship secure devices?
NXP devices are designed with security in mind from the beginning. From concept and throughout its lifecycle, security is inherent. We are deploying security capabilities to all our products while trying to simplify the correct configuration, set-up and usage of security capabilities. We also focus on architectural consistency across product families such that customers have an easier time building secure products at various price, capability and performance points.
We follow both PSA Certified and Security Evaluation Scheme for IoT Platforms (SESIP) certification, which provides a framework for creating devices with sound security principles. NXP certifies products against these schemes so that customers can build their Industrial and IoT devices with trust in the core SoC following the same security principles.
What do your customers care about? What are their key considerations?
NXP customers care about getting secure products to market fast. Getting this right also means protecting their intellectual property and building a trusted brand. Security legislation is also an evolving consideration. Compliance with emerging security standards, GDPR for example, regarding personal data protection is also a key customer concern.
Another key consideration is implementing the right amount of security – maybe more, but definitely not less – at the lowest possible cost. This is not an easy equation to solve, but aligning to known industry standards helps to simplify the decision.
NXP have been long supporters of PSA Certified, tell us a bit about what PSA Certified enables for your business?
Standardization as well as certification are especially important for security. PSA Certified is important because it offers another level of assurance, but it’s also an important avenue for customer education. Bringing the latest information to users about IoT security standards and requirements, and information relevant to our own certification is valuable.
We also see PSA Certified as an important source of information about the different ecosystems and as an open resource, it’s a way to stay on top of relevant technologies that will further support the IoT development. Being PSA Certified shows our Root of Trust (RoT) is implemented correctly to help resist known software attacks.
The LPC55S1x MCU family is new to NXP’s PSA Certified line up – tell us a bit about the product?
NXP’s LPC55S1x MCU family expands the general-purpose Cortex-M33-based MCU series, offering significant advantages for developers, including ease of use and quicker time to market. By having PSA Certified Level 2 certification, the LPC55S1X is subjected to penetration testing by a professional lab and certified by Arm. This device also received SESIP Level 2 certification. This doesn’t happen by ticking off a checklist, but through security-centric design from start to finish.
This approach also results in a more efficient security design that allows smaller memory devices without compromising security.
What unique use cases does the LPC55S1x MCU family unlock?
Our products are used in a variety of industries, but we see them being adopted for a lot of home, building, city and industrial applications, including mission-critical projects like monitoring rising water levels to protect citizens. In connected home health care applications, for example, consumers expect that their product is trustworthy with the right level of embedded security to keep their information protected and private. Security is important in these applications because connected home devices are available to consumers who need to be able to trust the devices they purchase. Each time a high-profile attack or data breach occurs, consumer trust takes a hit and needs to be rebuilt. Stronger security will reduce these incidents and accelerate the adoption of smart, connected devices.
Other security risks include exploiting IoT devices to mine cryptocurrency and ransomware attacks. Collectively, these threats underscore the need for security legislation – this is a problem that will be solved as an industry versus individual companies.
What does the future look like for your industry?
We anticipate more governments will be enforcing more legislation. This will create pressure on device manufacturers because initially there will be an adjustment to adhering to rigid requirements for connecting to devices. Gaming companies, for example, will put conditions on what peripherals can connect to their consoles. It’s going to be important for even the smallest devices to be compliant.
We see a growing trend of adding features into embedded devices and SoCs, and security is moving particularly fast. This is driven by the day-to-day convenience that IoT devices bring to our lives. It’s important that while we continue to add and enhance security features, starting with the SoC, we also make it easier to deploy without impeding on the product functionality and ease of use.
Security is part of NXP’s DNA. It’s woven into our culture and it’s integral to our way of working.
Special thanks to Durgesh Pattamatta from NXP for joining us for this Q&A, congratulations for achieving PSA Certified Level 2. If you’d like to hear more from NXP check out the video above, it covers more about their secure-by-design methodology and how PSA Certified augments their portfolio.