Four Steps to IoT Security — Critical to Business Success

Successful digital transformation can depend on PSA Certified, because it relies on trusted data and reliable security for protection. As governments create guidelines to prevent disruption and enforce that security, businesses need the right technology to adhere to those guidelines.

In the fragmented and fast-moving IoT space, the PSA Certified approach demonstrates security principles have been applied, regional requirements have been met and latest regulations have been followed.

Standardized Approach to IoT Security

A comprehensive assurance framework and resources that align multiple geographical markets ensures PSA Certified standardizes security across the IoT industry. Security is no longer a barrier for fast-to-market products.

More about PSA Certified:

  • The first scheme to offer a complete security framework accompanied by a multi-level certification scheme
  • A framework approach that ensures security is designed into devices from the ground up
  • Follows four stages – analysis of security requirements, architecture of security, implementation of the solution, and certification
  • Together with the PSA Certified ecosystem, open source resources, examples and specifications are provided for all four stages

The PSA Certified Framework

PSA Certified accelerates device makers, system software developers and chip vendors through the process of achieving IoT security certification through four stages:

  1. Analyze: Make a threat model to determine your security requirements.
  2. Architect: Use an established security architecture.
  3. Implement: Create a high-quality implementation.
  4. Certify: Get independent, unbiased security evaluation of your device, software platform and chip.

10 Security Goals for a Strong Security Foundation

PSA Certified outlines 10 security goals to guide design and inform the certification program. These requirements should be easily understood and implemented into every connected device. With security best practice in place, products and features can be developed in an ecosystem built on a reliable security baseline.

The PSA 10 security goals outline generic security requirements for IoT systems.

Building-In Security: The Root of Trust

As connected devices become integrated into our businesses and lives, their secure operation becomes increasingly important. A Root of Trust (RoT) fortifies security at the heart of an IoT device, by building it into the silicon. Think of the hardware RoT as a locked safe that can hold all your security sensitive operations such as keeping private keys confidential, performing crypto and ensuring the integrity of the system.  

The PSA Root of Trust

PSA Certified provides independent evaluation lab-based assurance of the PSA Root of Trust (PSA-RoT). It features nine predefined security functions, including trusted boot, crypto, secure storage and attestation, to protect the system from common IoT threats. In its role as a trust anchor, the PSA-RoT provides a source of confidentiality and integrity to the whole value chain. Depending on the result of the OEM’s threat model the device maker can choose an appropriately secure chipby choosing one with a PSA Certified Level 1, PSA Certified Level 2 or PSA Certified Level 3 PSA-RoT.

Why Certify a Root of Trust?

It’s important to allow the wider ecosystem to understand the complex work undertaken by the chip vendor to create the PSA-RoT. Testing enables the ecosystem to speak in a similar language and moves the industry from a stance of “trust me, the chip is OK” to one based on independent testing.

How testing works

PSA Certified labs test the chip’s PSA-RoT in PSA Certified Level 2 and PSA Certified Level 3 to look for conformity against the PSA-RoT protection profile (which outlines the security functions). PSA Certified Level 2 provides assurance against scalable software attacks, while PSA Certified Level 3 provides assurance against substantial hardware attacks and software attacks.