Close Search

Securing the future of IoT with PSA Certified™

Article by David Maidment - Director Security Ecosystem, Arm

Arm has joined with leading security laboratories and silicon vendors to bring the promise of trusted IoT devices one step closer. PSA Certified™ enables IoT solution builders to establish the security and authenticity of the data collected from a diverse world of IoT devices.

Free test suites will also unlock the hardware security of the latest silicon platforms to software and OS developers. Functional API certification will make it easier to build secure applications from established and secure software building blocks.

At Embedded World 2019, the next step for the PSA project, PSA Certified is being announced by Arm and its partners, Brightsight, CAICT, Prove&Run, Riscure and UL to secure the future of IoT devices.  The Platform Security Architecture Joint Stakeholders Agreement (PSA JSA) members work will help achieve trust in resource constrained IoT devices through independent security testing that works at IoT scale.  PSA Certified builds on the previously published works of the PSA architecture documents and PSA open source project TF-M.

The PSA JSA members have aligned the expertise of industry-leading test houses, consultants and the world’s leading embedded processor architecture to accelerate innovative IoT testing on advanced system-on-chips (SoCs) helping device makers, service providers and consumers get the level of security they need.  The PSA JSA was formed to address the challenges in creating secure IoT devices by making testing of the generic parts of the system efficient and cost effective for the electronics industry.  By providing testing of these common foundations other application specific testing can be easily added later.  PSA JSA provides greater operational efficiency for the electronics industry as seen by the lead partners who are showcasing their PSA Certified solutions on www.psacertified.org

Building a developer ecosystem

Additionally, Arm is announcing PSA Functional API Certification to make it easier and quicker to develop secure devices.  The PSA Developer APIs provide a simple and consistent interface to a set of hardware based security functions.  Free test suites are announced today to enable chip vendors, OS providers and device makers a quick and easy way to ensure software commonality and an effective ecosystem.

Prior to PSA Certified, most IoT devices did not have independent security testing before they reach the hands of consumers, businesses or hackers.  Without this crucial step of testing it is all too common for security vulnerabilities to end up in commercial products that are then exploited.  Traditionally, SoCs had very fragmented security solutions which were difficult and costly to test.  The embedded electronics industry is transitioning to Platform Security Architecture which provides a set of consistent threat models, architecture documents and development solutions.  PSA Certified will make it easier and quicker to test PSA based devices across semiconductor SoCs from multiple companies and fix one of the biggest issues facing the electronics industry – the insecurity of IoT.

Consumer and business benefits

In addition to providing a focal point for security testing, consumers and businesses will benefit by the creation of PSA Certified.  As the number of chips, OSes and devices being tested with PSA Certified accelerates buying IoT devices will be more assured and running cloud services will be better protected as successful IoT deployment requires trust in the devices and the data they provide.  All PSA Certified devices will be able to provide electronically signed report cards (attestation tokens) that can be used to determine which level of security has been achieved, allowing businesses and cloud service providers to make risk based decisions.

Lead Partners

In addition to Arm, Prove&Run and four of the world’s leading test houses creating PSA Certified, lead partners are announcing their first PSA Certified products which can be found on www.psacertified.org

About PSA Certified  – Building trust in IoT through testing

PSA Certified is an industry led initiative to improve the security of IoT devices by enabling testing of the System-on-Chip (SoC).  It has been designed for chips that use Platform Security Architecture to create trusted functionality on the platform.

The security testing is based on independent lab-based evaluation that builds trust through independent checking of the generic parts of an IoT platform including: Root of Trust (PSA-RoT), RTOS and device.  It has been designed as a multi-level scheme to help device makers and businesses get the level of security they need for their use case.  PSA devices can provide automated evidence of the security level they have achieved enabling cloud side risk management.

PSA Certified has three progessive levels of assurance and robustness

 

Please find out more and get involved by accessing resources on www.psacertified.org.  Together we can build a more secure IoT future.