The First Silicon Certified to Protect Devices from Complex Hardware and Software Attacks
As cybersecurity regulations start to emerge, it’s becoming clear that you can’t ignore security in any market. This has caused a perception change with security in the last few years, moving from companies being concerned about securing the pipe between the different devices, to companies becoming more focused on the end nodes. This shift has changed the way devices are being designed, as device manufacturers now care not just about the connecting between endpoints, but also care about the keys and other security credentials in the devices themselves.
Leading silicon, software, and solutions company, Silicon Labs, is strengthening its approach to security to protect its customers from the increasingly sophisticated attacks on Internet of Things (IoT) devices. It has become the first company in the world to be awarded PSA Certified Level 3 status, which it received for its implementation of Secure Vault™ technology. Silicon Labs say that their award-winning suite of state-of-the-art security features helps to protect connected products against remote scalable software attacks and attempts to compromise the hardware. In turn, that reduces the risk to the device makers, consumers, organizations, and industries that are relying on its technology.
The continued growth of the IoT depends on trusting that devices are authentic and secure when they join ecosystems. Security certifications like PSA Certified Level 3 give IoT device makers and end users the assurances they need to know their IoT applications are protecting their secret identities used for authentication and prevent counterfeit or rogue devices from entering their supply chain, which can cause irreparable harm to brands and revenue.
Semiconductors Vendors Need to Predict the Future
The shift in the market means that semiconductor vendors have more IoT security considerations than ever become. As Mike Dow (Senior Product Manager for IoT Security at Silicon Labs) explains: “from a semiconductor perspective, it’s not just about cryptography. It’s about having a security subsystem where you get assets, that you’re actually protecting in the silicon.” The increased hacks and increased regulation has lead to ODMs and OEMs having an increased appreciation of security credentials, Mike explains “At scale, customers are starting to ask for secure boot. I’m not sure they all understand what that means, but they know the term and they know the concept: I need to be able to trust my device because my device, the first thing that boots in my system is going to have to check other things.”
But of course, due to the time delta between creating a silicon product and that product being in the market is quite large. This means that Silicon Labs not only need to deliver what their customers are asking for today, they also need to be able to predict the future. Mike adds: “The sophistication of the attacks just grows over time and we on the silicon side must be ahead of the game because it takes three years to bake it in. So, we’ve got to look even beyond our customer’s requirements because essentially once our customers say they want it, we already must have the silicon done. My world is looking five years out. We need to know what the customer wants before they know they want it.”
Silicon Labs Security Philosophy
During our podcast recording, Mike Dow gave us a little insight into some of the key believes that Silicon Labs have about their security philosophy:
- Updatable security subsystems: “We have this philosophy that over time, even a security subsystem that we think we’ve made perfect, there may be new curves that need to be added to the subsystem. We believe that we need to be able to update our security subsystem over the air and not just the application code, but the security subsystem itself. So that’s an important thing you’ve got to build in.”
- Update policies are very important: “Update policies are coming through in all the regulations. Governments are acknowledging that security needs to be updated over time. In the past, our update policy on our software was short-term, but that is changing as requirements are going to require you to update the device.”
- Passionate about certification: “Certification I’m passionate about, but we need to be careful and innovative about how we roll it out. Some previous certifications I carried out in the payment card industry (PCI) took over a year and a half to achieve, and that’s not going to scale for IoT. One of things we need to be aware of is inheritance. We’ve got to allow certification inheritance. So, if I do a PSA Certified Level 2 or PSA Certified Level 3, any customer that uses that chip should be able to inherit that goodness, that certification should come with it.”
Listen to the podcast below to learn more about Silicon Labs, their PSA Certified journey and where they are focussing their security efforts.
Podcast: Predicting the Future of IoT security with Silicon Labs
Mike Dow, Senior Product Manager for IoT Security at Silicon Labs, provides the silicon vendor perspective on this episode of the #beyondthenow IoT security podcast. Mike and David examine the importance of chip security, the role of silicon vendors and the Root of Trust in IoT security, and the importance of looking to the future when designing products to meet customer requirements.
At the heart of Silicon Labs’ approach is an immutable hardware Root of Trust (RoT), which provides a foundation of security that device makers can build on. That means you do not have to be a security expert to build robust security into your device. In the podcast, Mike Dow explained a little more about the role of the Root of Trust and Secure Boot in securing devices: “One of the first considerations when thinking about security is make sure that the brains of the device, which is typically the microcontroller, is secure. To do that, you need to ensure that when that device boots and comes ‘alive’ you can instantly trust that the code that’s running. This is where secure boot comes in – in technical language you are making sure that the first piece of code that runs needs to be immutable.”
In the past, the understanding of the Root of Trust and Secure Boot were not well understood in the ecosystem. However, Mike explains“At scale, customers are starting to ask for secure boot. I’m not sure they all understand what that means, but they know the term and they know the concept: I need to be able to trust my device because my device, the first thing that boots in my system is going to have to check other things. So, they’re starting to ask for a secure boot.”
Want to Learn More About the Root of Trust?
This handy video explains more about the A Root of Trust (RoT). It is the part of a processor where all secure operations are performed, it has hardware protection and is separate from the non-secure processing environment which can be accessed more widely. Examples of secure operations in the RoT could include secure key storage, cryptography and attestation. A RoT is crucial to ensuring a device’s integrity and crucial to ensuring the integrity and security state of that device can be determined by any other device or service it connects to.