Key Elements of the PSA Certified Program
The IoT continues to grow - in terms of the number of connected devices (we estimate there will be one trillion by 2035) and in its potential. In fact, two-thirds of companies surveyed recently, including those in the manufacturing, healthcare, energy, IT and automotive sectors, said the IoT is 'fundamental to their digital strategies'.
However, that creates challenges for the industry. When you imagine the IoT at the scale of a trillion devices, the game completely changes. It is no longer a case of managing a small and secure network in your home or office. This is about everything being connected, meaning one weak point in a network is a threat to the entire system.
The diversity of the IoT means that the choices you make now about security will affect every aspect of our lives, from driving our cars, to shopping for groceries, and even the way fundamental services such as water and electricity are provided. As a result, it is critically important for all of us that we get security right.
PSA Certified was developed to ensure we have a foundation for security that all connected devices can be built on. It began with a four-step framework that made it easier and more cost-effective for developers and device makers to build a more secure device, and has now evolved through valuable contributions from the ecosystem into a comprehensive assurance scheme that encompasses best practice from across the industry and aligns with major industry and government standards.
The framework and assurance scheme are underpinned by six key security elements:
Threat Modeling and Security Analysis
Threat modeling and security analysis (TMSA), or an English Language Protection Profile, is the starting point for security. It will help you ensure you have the right level of protection for your device by taking you step-by-step through the process of identifying:
- The assets that need to be protected
- All potential threats to your device
- The scope and severity of the potential threats
- Types of attacker and the methods they might use to compromise your device
- Counter-measures you should implement
The documentation that you create as part of this process will guide your approach to security and enable you to match your requirements to industry best practice, which is highlighted through a series of security goals.
The PSA Certified founders provide published Threat Model and Security Analysis documents for three use cases that can be downloaded and edited for a specific use case.
The resulting TMSA document contributes to the security process providing an audit of identified threats and proposed mitigations.
PSA Certified 10 Security Goals
World-leading security experts have defined 10 security requirements, or goals, that should be implemented into every chip, operating system and IoT device. They showcase best practice and act as a checklist for developers who want to put the foundations of a secure system in place.
The security goals are central to the PSA Certified framework and assurance scheme. So much so, they are assessed at PSA Certified Level 1 (along with other security requirements). These baseline security goals have also been mapped to globally recognised standards and regulations.
Click on the icons below to find out more about the PSA Certified 10 Security Goals
Adherence to Worldwide Standards and Regulations
Our monitoring and review of the requirements of governments and industry bodies in major world markets will make it easier for silicon vendors, software developers and OEMs to ensure complaince, especially if you are trying to scale your product globally.
The founders of PSA Certified have carried out security mappings to EN 303 645, NIST 8259A, Californian State Law SB-327 and emerging legislation from the UK's Department for Digital, Culture, Media & Sport (DCMS).
The PSA Certified Level 1 Questionnaire version 2.0 maps to these regulations to ensure baseline security criteria have been met.
Device manufacturers know that our platform is certified on the best global standards which means they can follow those standards, too, and we don’t need to open up our product source code for verification or provide stacks of documentation.”
Suik Hwang, CEO, Security Platform Inc.
Together, the first three key elements help to create a robust approach to security and enable baseline requirements to be assessed. The following security fundamentals aim to deliver scalable assurance, which can only be achieved with the support of the entire ecosystem.
The PSA Root of Trust
As we noted in the introduction, strong security starts at the silicon. We’re pleased that many of the world’s top silicon vendors have already embraced PSA Certified and are now delivering a new security component called the PSA Root of Trust (PSA-RoT). A Root of Trust (RoT) sits at the heart of a system-on-chip (SoC) and provides the security functions the rest of the system relies on. The PSA-RoT is a standardized, easy-to-use, on-chip component that has been designed for the IoT. It is made up of isolated, trusted hardware and a small amount of trusted firmware that provides essential security functions - typically, cryptography, attestation, trusted boot and secure storage – in a secure processing environment. It enables silicon vendors to demonstrate the security features of the chip; OEMs to select a level of security that is appropriate for the device; and helps cloud service providers and mobile network operators understand how secure a device is and make risk-based judgements about the level of trust that should be placed in it. A complete package of free engineering deliverables has been created to encourage adoption.
PSA Functional APIs
Now that trust has been built into the chip using the PSA-RoT, the next step is to enable developers to access the critical security functions within that secure processing environment. The PSA Functional APIs provide that high-level interface and make security accessible to everyone. This is because they give you a consistent way of utilizing the PSA-RoT across different chips and silicon vendors. So, you have:
- A consistent PSA-RoT
- Provided by a PSA Certified vendor
- Consistent APIs
The three fundamental and free APIs include cryptography, attestation and secure storage.
These services cover symmetric and asymmetric key usage and key storage. The cryptography API is easy to use so developers can secure their designs.
This service provides a signed message that contains claims about the identity and state of the device. It can be used to establish trust between the end point and a service provider. It could also be used to provide lifecycle information or signed security audit logs to the provider. PSA Certified uses the Entity Attestation Token (EAT), defined by standards bodies including the Internet Engineering Task Force.
Data stored on the device must be secure, so this service maintains the confidentiality and integrity of the data and prevents rollback. There are two functions performed by the same API – one that relates to storage that is internal to the device and another for external storage.
Choosing Your Level of Assurance
PSA Certified has been designed with the diversity of the IoT in mind. We recognize that different devices will have their own security requirements and the balance between cost and security will differ depending on the application and ecosystem. For that reason, the framework and scheme enable you to build different levels of security into your IoT product.
For chip vendors, it means you can use the information you gathered during the threat modeling process to identify how robust your security needs to be, and therefore, what level of PSA Certified you need to pursue.
For OEMs, the threat model will help you decide how robust your security needs to be and therefore, what level of security certification you need to pursue.
By selecting the security solutions that meet your requirements you can avoid spending time and money on less relevant options, which slow down development.