For Chips That Protect Against Scalable, Remote Software Attacks
PSA Certified Level 2 provides a laboratory evaluation of a PSA Root of Trust (PSA-RoT) to provide evidence that it can protect against scalable software attacks. Evaluation Labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT Protection Profile have been met.
Time-boxed evaluation (ANSSI CSPN style) provides an efficient evaluation at reasonable cost. A fixed evaluation lab effort of 25 days can be done off the critical path from a product development point of view.
Moving from “trust me” to independent lab-based testing and review from the PSA Certified Certification Body provides customers with security assurance suitable for many mass market IoT solutions.
Once a PSA-RoT is certified, multiple companies can use it in different use cases and markets.
PSA Certified Level 2 At a Glance
|Scope||PSA Root of Trust|
|Threats||Seven – detailed in the PSA-RoT Protection Profile|
|Security Functional Requirements||Nine – detailed in the PSA-RoT Protection Profile|
|Evaluation Effort||25 days* – white box evaluation|
Chips can achieve certification of PSA Certified Level 1 and PSA Certified Level 2 at once, because PSA Certified Level 2 assesses both requirements.
*The elapsed calendar time may differ depending on available resources and interactions with the certification body. The 25 days of evaluation efforts includes Security Target review, vulnerability assessment, test plan, testing and write-up of the Evaluation Technical Report.
Attack Methods Assessed
The PSA Certified Level 2 evaluation methodology:
- Inspired by ANSSI CSPN, a practical, time-limited approach to penetration testing
The PSA-RoT Protection Profile focuses on:
- Scalable software attacks (see Attack Method document for details)
- Establishing nine lab-tested security functional requirements are met
For Device Manufacturers Using PSA Certified Level 2 Chips in End Products:
Cryptographic keys stored in the PSA-RoT should be unique per device to prevent creation of a honeypot for physical attacks, including side-channel attacks.
For further information on the attack methods for PSA Certified Level 2 evaluation, contact an evaluation lab.
PSA Certified Level 2 Ready reflects the unique requirements in the security ecosystem. It offers a pre-certification assessment for development systems with significant investment in security and assesses a sub-set of security requirements.
PSA Certified Level 2 Ready speeds the route to more comprehensive PSA Certified Level 2 certification of development systems.