Lab based penetration testing of IoT chips with a PSA-RoT security component
Level 2 introduces lab based evaluation of a trusted domain in a chip called the PSA Root of Trust (PSA-RoT). It has been designed for systems that need to protect against common IoT threats of remote software attacks and lightweight hardware attacks. The PSA-RoT developer is typically a chip developer and this enables the time spent in the test lab to be off the critical path for product development. Providing independent assurance through lab-based testing and certification can help silicon partners prove that they have a secure solution suitable for mass market IoT applications. A good starting point is to download the PSA-RoT Protection Profile from the resources page and talk to a test lab.
PSA Certified Level 2 can be used as a common security foundation for other evaluation schemes or security testing. This means that the chip vendor can certify their PSA-RoT once and multiple OEMs in different markets can use this to reduce their testing and evaluation at the device level.
PSA Certified Level 2 at a glance:
- Audience: Chip vendors
- Scope: PSA-RoT
- Threats: 7 – Software attacks and lightweight hardware attacks
- Security Functions: 9 – see PSA-RoT Protection Profile
- Lab time 25 days (White box)
- Evaluation Method: Inspired by ANSSI CSPN
- Assurance level: Comparable to EAL2
PSA Certified Level 2 has been designed to be quick (less than a month), cost effective and widely available. The evaluation methodology was inspired by ANSSI CSPN which is a practical, time limited, approach to pen-testing. A key document for Level 2 is the PSA Lightweight Protection Profile (PP) that focuses on threats from software attacks and lightweight hardware attacks and establishes nine security functions that will be tested in the lab.
PSA Certified Level 2 – Getting started
PSA Certified Level 2 is for chip vendors who can provide a PSA-RoT comprising of trusted hardware and trusted firmware to a test lab for white box testing. The scheme is similar to ANSII CSPN and is time limited to provide a mid-level of assurance.
Chip vendors can start by downloading the PSA Certified Protection Profile to understand the threats in scope and security functions being tested. The chip vendor will typically prepare the PSA-RoT by integrating Trusted Firmware-M (or their own equivalent) with their chip’s trusted hardware. The silicon partner should select a test lab from this list to begin security evaluation.