Providing Substantial Assurance for IoT Chips

PSA Certified Level 3 is designed for silicon vendors who want independent evaluation of their PSA Root of Trust (PSA-RoT) implementation. It offers demonstrable proof to their customers that their product has been independently tested and offers substantial assurance and robustness. It also gives confidence to OEMs and ODMs that the chip can provide protection from hardware and software attacks.

How Does PSA Certified Level 3 Work?

The process starts with silicon vendors creating a hardware Root of Trust (PSA-RoT) which makes use of built-in security functions such as: secure boot, secure storage, cryptographic services and attestation. Your chosen PSA Certified evaluation laboratory will evaluate your implementation of the PSA-RoT using vulnerability analysis and penetration testing, in order to establish if the PSA Certified Level 3 Protection Profile requirements have been met.

The test laboratory will use 35 days of white box evaluation to carry out vulnerability analysis and then penetration tests of the chip’s PSA-RoT.

Proven Substantial Protection from Software and Hardware Attacks

PSA Certified Level 3 offers increased robustness for OEMs building applications with high-value assets.

Establish Trust Based on Independent Third-party Evaluation

Build trust with customers through unbiased and independent evaluation of products.

Offering Flexibility with a Choice of Evaluation Methodology

We believe that choice is important, which is why we offer two protection profiles: SESIP or CSPN style.

PSA Certified Level 3 At a Glance

AudienceSilicon vendors
ScopePSA Root of Trust
ThreatsT.ROGUE_CODE
T.FIRMWARE_ABUSE
T.UPDATE_ABUSE
T.STORAGE
T.DEBUG
T.WEAK_CRYPTO
T.IMPERSONATION
T.PHYSICAL
T.SIDE_CHANNEL
Security Functional RequirementsCSPN
F.INITIALIZATION
F.SOFTWARE_ISOLATION
F.SECURE_STORAGE
F.FIRMWARE_UPDATE
F.SECURE_STATE
F.CRYPTO
F.ATTESTATION
F.AUDIT
F.DEBUG
F.PHYSICAL

SESIP
Verification of Platform Identity
Verification of Platform Instance Identity
Attestation of Platform Genuineness
Secure Initialization of Platform
Attestation of Platform State
Secure Update of Platform
Physical Attacker Resistance
Software Attacker Resistance: Isolation of Platform (between SPE and NSPE)
Cryptographic Operation
Secure Encrypted Storage
Cryptographic KeyStore
Cryptographic Random Number Generation
Evaluation Effort35 days* white box evaluation

*The elapsed calendar time may differ depending on available resources and interactions with the certification body. The 35 days of evaluation efforts include Security Target review, vulnerability assessment, test plan, testing and write-up of the Evaluation Technical Report.

Why Should I Choose PSA Certified Level 3 over PSA Certified Level 2?

PSA Certified Level 2 demonstrates protection from scalable software attacks with an evaluation that includes 25 man-days of effort.

PSA Certified Level 3 includes more attack types, more sophisticated side channel and perturbation attacks as well as physical attacks. It therefore has a longer evaluation period, 35 man-days.

A PSA Certified Level 3 chip is well suited for devices that:

Learn how we define ‘substantial’ and the key differences from PSA Certified Level 2

Evaluation Methodology Choice for PSA Certified Level 3

At PSA Certified we recognise that choice is key. To reduce certification fragmentation and make it easier to adopt security certification we’re offering an additional evaluation methodology, which makes PSA Certified more extensible in other markets.

Silicon vendors choosing to carry out PSA Certified Level 3 testing can choose between one of two equivalent evaluation methodologies providing the same level of assurance: either the PSA Certified Level 3 Lightweight Protection Profile (informal CSPN style) or the PSA Certified Level 3 GlobalPlatform SESIP Profile (more formal style).

Although written in different styles, they are designed to require the same features and the same level of security. Both should result in the test house performing the same testing. Both methodologies are assessed by the same team at the certification body, and both lead to the same PSA Certified certificate. Both documents outline the security requirements that will be evaluated by the evaluation lab.

For your first certification, the CSPN route is possibly simpler as you do not need to use formal language. If you want to use your certificate in composition as part of a larger certification then you may want to choose the SESIP route.

The Process

  1. Choose your protection profile
  2. Take the appropriate protection profile and fill it in with the details of your product to create a security target.
  3. Send the security target and any supporting documents to the evaluation lab.
  4. The evaluation lab will then develop a test plan which they will share with you. This will set out what tests they will perform to verify that the chip meet s the required security level. As it is impossible to test every possibly attack path within the time limit – the evaluation lab will use their skill and knowledge to select tests that they believe are most likely to discover faults. The test plan will list the number of devices and any tooling that you need to provide them with to complete the tests.
  5. The evaluation lab shares the test plan with the certification body who verify it is sufficient.
  6. If the testing is successful –the evaluation lab writes up a report and submits it to the certification body TrustCB.
  7. TrustCB read the report and verify that it has sufficient detail to confirm that the test plan was followed and this proves that the device meets the required level of security. In this case they will issue a certificate.
  8. Showcase the advanced security capabilities of your product by being listed in the Certified Products section of the PSA Certified website.