PSA Certified
Platform Security Architecture (PSA) Certified is a security certification scheme for Internet of Things (IoT) hardware, software and devices. It was created by Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, TrustCB and UL as part of a global partnership.
PSA Certified | |
---|---|
Effective region | Worldwide |
Effective since | 2017 |
Type of standard | Security certification scheme |
Website | psacertified.org |
Arm Holdings first brought forward the PSA specifications in 2017 to outline common standards for IoT security,[1] with PSA Certified assurance scheme launching two years later in 2019.
History
In 2017, Arm Holdings created Platform Security Architecture (PSA) as a standard for IoT security. The standard builds trust between Internet of Things services and devices.[2][3] It was built to include an array of specifications such as threat models, security analyses, hardware and firmware architecture specifications, and an open-source firmware reference implementation.[4] It aimed to become an industry-wide security component, with built-in security functions for both software and device manufacturers.[1]
PSA has since evolved into PSA Certified, a four-stage framework which can be used by IoT designers for security purposes.[5] The framework includes different levels of trust, with each level containing a different level of assessment; levels respond with progressively increasing security assurances.[6]
In 2018, the first IoT threat models and PSA documents were published.[7]
The certification of PSA Certified launched at Embedded World in 2019,[8] where Level 1 Certification was presented to chip vendors. A draft of Level 2 protection was presented at the same time.[9]
Six of the seven founding stakeholders created the PSA Certified specifications, which are now makes up the PSA Joint Stakeholders Agreement. The stakeholders are Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure and UL. TrustCB became the seventh PSA Certified JSA member, acting as an independent Certification Body for the scheme. Out of the six other founding members, four are security test laboratories, including Brightsight, CAICT, Riscure and UL.[6]
Security test labs Applus+ and ECSEC joined PSA Certified in 2021.[10][11]
The first PSA Certified Level 2 certificates were issued to chip vendors in February 2020.[12]
The first PSA Certified Level 3 certificate was issued in March 2021.[13]
PSA Certified Level 2 + Secure Element was introduced in November 2022, allowing a secure element to be used to provide moderate physical protection to Level 2 without requiring the advanced protection of Level 3.[14]
Certification
The PSA Joint Stakeholders Agreement outlines how members can create a worldwide standard for IoT security, enabling the electronic industry to have an easy to understand security scheme. The security certification scheme documents offer a security-by-design approach to a diverse set of IoT products. The scheme starts with a security assessment of the chip and its Root of Trust (RoT) and then builds outwards to the system software and device application code. PSA Certified specifications are both implementation and architecture agnostic and so can be applied to any chip, software or device.[15][9]
PSA Certified aims to reduce industry fragmentation for IoT product manufacturers and developers in a number of ways. The world's leading IoT chip vendors are delivering system-on-chips built with a PSA Root of Trust (PSA-RoT) providing a new and widely available security component with built-in security functions that software platforms and original device manufacturers (OEMs) can make use of.[16]
Functional API certification
A high-level set of APIs are provided by the PSA-RoT to abstract the trusted hardware and firmware used by different chip vendors. These APIs include:
- PSA Cryptography API
- PSA Attestation API
- PSA Storage API
- PSA Firmware Update API
Open source API test suites are available to check compliance for PSA Functional API Certification.[3] An open-source implementation of the PSA Root of Trust APIs is provided by the TrustedFirmware.org project.[17]
Level 1
The first level of security certification for PSA Certified is Level 1, aimed at chip vendors, software platforms and device manufacturers. The certification consists of questions, document review and an interview by one of the certification labs.[15] The completed answers are accompanied with explanatory notes, checked by the certification lab. According to the PSA Certified website, language and mappings align with other important IoT requirements, such as standards and laws. These include NISTIR 8259, ETSI 303 645 and SB-327.[18]
Level 2
The mid-level security certification involves testing by a security lab, focusing on software attacks, and provides a review of the PSA Root of Trust (PSA-RoT) source code over the course of a month to attain the level 2 certification. This process focuses on carefully defined attack methods and utilizes a set evaluation methodology.[19] It also ensures hardware must support PSA-RoT functions and is therefore aimed at chip vendors.[4]
According to Forbes, they believed Level 2 was likely to become the most common level for consumer IoT applications.[15]
Level 2 + Secure Element
This level extends the criteria of Level 2 to provide physical protection of a subset of security functions, such as secure cryptographic operations and secure key storage. A typical instantiation would be a Level 2 Certified SoC with a secure element.
Level 3
The final level extends the criteria of Level 2 to include protection against various physical attacks and side-channel attacks. Unlike Level 2 + Secure Element, the scope includes physical protection of all security functions.
Industry adoption
Since the launch of the standard, it has been adopted by a number of chip manufacturers and system software providers.
Company | Certification Level | Sector | References |
---|---|---|---|
Aitos.io | Level 1 | Blockchain | [20] |
Azure RTOS | Level 1 | Software platform | [21] |
Crypto Quantique | Level 2 | OEM | [22] |
Cypress Semiconductor | Level 2 | Chip manufacturer | [23] |
Embedded Planet | Level 2 | OEM | [24] |
Eurotech | Level 1 | OEM | [25] |
Express Logic | Level 1 | Software platform | [26] |
FreeRTOS | Level 1 | Software platform | [27] |
Infineon | Level 2 | Chip manufacturer | [28] |
InGeek | Level 1 | OEM | [29] |
Macronix | Level 1 | OEM | [30] |
Microchip Technology | Level 1 | Chip manufacturer | [31] |
Nordic Semiconductor | Level 1 | Chip manufacturer | [32] |
Nuvoton | Level 1 | Chip manufacturer | [33] |
NXM Labs | Level 1 | Software platform | [34] |
NXP Semiconductor | Level 2 | Chip manufacturer | [35] |
OneOS | Level 1 | Software platform | [36] |
Renesas Electronics | Level 2 | Chip manufacturer | [37] |
RT-Thread | Level 1 | Software platform | [38] |
Sequitur Labs | Level 1 | Software platform | [39] |
Silicon Labs | Level 3 | Chip manufacturer | [40] |
Shenzhen Goodix | Level 1 | Chip manufacturer | [41] |
STMicroelectronics | Level 3 | Chip manufacturer | [42] |
Unisoc | Level 1 | Chip manufacturer | [43] |
Veridify | Level 1 | Software platform | [44] |
Winbond | Level 2 | Chip manufacturer | [45][46] |
Zephyr OS | Level 1 | Software platform | [47] |
References
- Dent, Steve (October 23, 2017). "Google and others back Internet of Things security push". Engadget.
- McGregor, Jim (October 30, 2017). "Not All Electronic Device Are Secure, But ARM's PSA May Change That". Forbes.
- Takahshi, Dean (25 February 2019). "Arm unveils security certification testing for IoT devices". VentureBeat.
- "Momentum Builds for PSA Certified". Embedded Computing Design. March 30, 2020.
- Khan, Jeremy (October 23, 2017). "SoftBank's ARM Makes Bid to Standardize IoT Security Industry". Bloomberg.
- Condon, Stephanie (February 25, 2019). "Arm partners with testing labs to provide IOT security certification". ZDNet.
- Williams, Chris (October 17, 2018). "Arm PSA IoT API? BRB... Toolbox of tech to secure net-connected kit opens up some more". TheRegister.
- Hayes, Caroline (February 25, 2019). "Embedded World: Arm introduces fourth security element to PSA". Electronics Weekly.
- "PSA Certified–building trust, building value". EE Times. March 4, 2019.
- "Applus+ joins the PSA Certified scheme, as a security lab for IoT-device chips". Applus.
- "PSA Certification". ECSEC.
- "The $6trn importance of security standards and regulation in the IoT era". IoT Now. March 16, 2020.
- "Secure Vault achieves PSA Certified Level 3 status". www.newelectronics.co.uk. Retrieved 2021-04-10.
- "PSA Certified Level 2 + Secure Element". 14 November 2022.
- McGregor, Jim (March 4, 2019). "Arm Introduces Security Certification Testing For IoT". Forbes.
- Speed, Richard (February 26, 2019). "Azure IoT heads spacewards to maintain connectivity at the edge, courtesy of Inmarsat". TheRegister.
- "partitions « secure_fw - trusted-firmware-m.git - Trusted Firmware for M profile Arm CPUs". git.trustedfirmware.org. Retrieved 2023-05-25.
- "Level 1". PSA Certified.
- "Arm Releases New Infrastructure and Security Certifications for IoT Devices". AllAboutCircuits. February 25, 2019.
- "aitos.io launches the world's first PSA Certified BoAT blockchain application framework". Medium. 12 May 2021.
- "Azure RTOS | PSA Certified". www.psacertified.org. 2021-10-27. Retrieved 2022-12-15.
- "Securing the IoT ecosystem". New Electronics. September 30, 2021.
- "Cypress Processing Solution with Built-in System Layer Security Fortifies IoT Application Design" (Press release). 26 February 2019.
- "Arrow Electronics Accelerates Development of IoT Devices on PSA Certified Trusted Methodology". EE Times.
- "Eurotech achieves IoT security certification". Eurotech. July 7, 2021.
- "Express Logic's X-Ware IoT Platform is now Arm PSA Certified". Embedded Computing.
- "FreeRTOS | PSA Certified". 2020-03-16. Retrieved 2021-04-09.
- "PSoC 64 Standard Secure MCU family achieves PSA Level 2 certification". New Electronics. September 21, 2021.
- "InGeek Embedded World PSA Certified". InGeek.
- "Macronix ArmorFlash NOR Flash achieves PSA Certified Level 1 status". New Electronics. August 31, 2021.
- "SAM L10 and SAM L11 Microcontroller Family". Microchip Technology.
- "Nordic nRF9160 SiP among first of major semiconductor vendor products to gain PSA Certification for IoT trusted security". Nordic Semiconductor.
- "Nuvoton Debuts PSA Certified Level 1 and PSA Functional API Certified Arm Cortex-M23 Based MCU for Global Market Targeting IoT Security". Nuvoton.
- "NXM Achieves PSA Level One Certification from UL for its Autonomous Security Software". UL. October 8, 2019.
- Dordyk, Susan. "MCU leverages IoT security assurance". EDN.
- "OneOS certification". PSA Certified. 3 February 2021.
- "Renesas Electronics Unveils RA Family of 32-Bit Arm Cortex-M Microcontrollers with Superior Performance and Advanced Security for Intelligent IoT Applications". Renesas.
- Cohen, Perry. "RT-Thread IoT OS Achieves PSA Security Certification". Embedded Computing Design.
- "Sequitur Labs' EmSPARK 2.0 Security Suite achieves PSA Certified status". New Electronics.
- Dahad, Nitin (March 17, 2021). "Silicon Labs First to Achieve PSA Certified Level 3 Status for Wireless SoC". EE Times.
- "Goodix receives PSA Certification" (in Chinese). EE Times China.
- "Dev kits and software for STM32U5 – and chips now available". Electronics Weekly. October 1, 2021.
- "Unisoc Launches All-New AIOT Solution V5663". Unisoc. March 2, 2020. Archived from the original on June 16, 2020. Retrieved August 4, 2020.
- "Veridify Security's DOME Client Library Achieves PSA Certified Level 1 Accreditation". Embedded Computing (magazine).
- "Winbond TrustME Secure Flash Memory achieves PSA Certified Level 2". Winbond. February 26, 2020.
- Winning, Ally (3 March 2020). "Winbond TrustME secure flash gets PSA Certified Level 2 Ready". EE News.
- "Linaro contributes to the Zephyr Project becoming PSA certified". Linaro.