How PSA Certified APIs Help Reduce IoT Development Costs

Skip to content

With the introduction of PSA Certified, Arm and the PSA Certified co-founded have established a security baseline for embedded devices. Its concepts, threat models, and APIs can be reused between IoT products (such as smart home devices). This is especially beneficial for related products with different capabilities, such as different product lines. Key examples are crypto implementations in hardware, software, or both. In PSA Certified, cryptography is covered by the PSA Certified Crypto API. It can be leveraged across multiple products in a product line, and across product lines; from powerful application processors down to Arm Cortex-M microcontrollers with as little as 64 KB flash and 8 KB RAM.

Oberon PSA Crypto is a crypto library optimized for low-power, resource-constrained microcontrollers. It is the first product to commercially support the PSA Certified Crypto API, its PAKE extension and the companion crypto driver API from Arm. It is also the first crypto library that passed the PSA Certified Crypto compliance program and received the corresponding certificate. Crypto hardware accelerators can be freely mixed and matched with Oberon’s fast, constant-time, pc-secure and table-free crypto software that provides better side-channel resistance than typical software crypto implementations. A common IoT cipher suite can fit in less than 20 kB flash memory, even if no hardware acceleration is available. PSA Certified APIs enabled Nordic Semiconductor to focus resources on a single standardized crypto API, regardless of the underlying hardware capabilities. Nordic customers also benefit from a consistent crypto API for streamlining their IoT product security efforts.

Oberon microsystems understands embedded and we are proud to integrate their high-quality solutions in our devices. Nordic partnered with Oberon in the development of Oberon PSA Crypto, an implementation of the PSA Crypto API which enables cryptographic hardware acceleration to be complemented by Oberon software crypto where hardware crypto is not available. Their PSA certified Oberon PSA Crypto is used for nRF52, nRF53 and nRF91 series devices available in nRF Connect SDK, today, and is continuously improved in close cooperation with Oberon microsystems.

Bjørn Tore Taraldsen Principal Engineering Manager, Software Platform Group, Nordic Semiconductor