Building a Foundation of Trust
The most common IoT hacks take place due to the simplest security measures being missed.
PSA Certified is committed to creating a foundation of trust for all connected devices and making this as easy as possible to prevent these simple IoT attacks taking place. In order to achieve this, the Platform Security Model document, containing 10 goals, was devised to guide security best practice and provide a practical checklist to follow.
PSA Certified takes a holistic view of security, considering both hardware and software security. The 10 security goals are in the DNA of PSA Certified and inform the whole security framework and evaluation scheme.
Every product has unique functional and security requirements however, these goals outline the common requirements that should be implemented into every connected device. The 10 security goals guide security design by covering the security foundations, allowing products and features to be developed on top while also providing a set of requirements the ecosystem can rely on.
Find information about the 10 security goals and how you can easily prove you have shown due diligence in your product design below.
The PSA Certified 10 Security Goals:
To interact with a particular device, a unique identity should be assigned to the device and this identity should be attestable. This identity facilitates trusted interaction with the device for example, exchanging data and managing the device.
Devices should support security lifecycle that depends upon software versions, run-time status, hardware configuration, status of debug ports and the product lifecycle phase. Each security state of the security lifecycle should be attestable and may impact access to the device
Attestation is the evidence of the device’s properties, including the identity and lifecycle security state of the device. The device identification and attestation data should be part of a device verification process using a trusted third party.
To ensure only authorized software can be executed on a device, secure boot and secure loading processes are required. Unauthorized boot code should be detected and prevented. If the software cannot compromise the device, unauthorized software may be allowed.
Secure updates are required in order to provide security or feature updates to devices. Only authentic and legitimate firmware should be updated on the device. Authentication, at the time of download, may be performed however, the execution of the update must be authorized via secure boot.
Preventing rollback to previous software versions is essential to ensure that previous versions of the code can’t be reinstated. Rollback should be possible for recovery purposes only when authorized.
Isolation aims to prevent one service from compromising other services. This is done by isolating trusted services from one another, from less trusted services and from un-trusted services.
Devices should support interaction over isolation boundaries to enable the isolated services to be functional. The interfaces must not allow the system to be compromised. It may be required to keep the data confidential. Interaction should be considered both within the device and between the device and the outside world.
To prevent private data being cloned or revealed outside the trusted service or device, it must be uniquely bound to them. Confidentiality and integrity of private data is typically achieved using keys, which themselves need to be bound to the device and service.
A minimal set of trusted services and cryptographic operations should be implemented as the building blocks of a trusted device. These should support critical functions including security lifecycle, isolation, secure storage, attestation, secure boot, secure loading and binding of data.
Prefer a PDF? Download a one-page summary of the 10 security goals
Communicating Your Product Security
PSA Certified Level 1 assessment provides assurance of adherence to security best practice and alignment to governmental regulations. The assessment questionnaire is derived from the 10 security goals along with threat models and government requirements. Upon successful completion, the certified product is assigned a unique certificate that is added to the list of certified products to communicate across the ecosystem that security best practice has been adhered to.