The three initial pillars of analysis (threat and security analysis), architecture specifications for firmware and hardware and an open source implementation, are now joined by a fourth element, PSA Certified for security testing.
It has been released in partnership with independent security testing lab partners, Brightsight, CAICT, Riscure and UL, and consultants Prove&Run, to enable developers and device manufacturers to establish the security and authenticity of the data collected from IoT devices.
“We recognised that if the reality of trillions of connected devices is going to be met – and the devices will have years of deployed lifetimes – we need to build trust in those devices and make it easier for oems and developers to implement the right level of security for their use case,” said Chet Babla, Vice President, New Business Development at Arm.
There are two levels of security, the first of which, security robustness, is divided into three levels. “The highest security level is not necessarily industrial,” said Babla. “For example a farmer needs a high level of security to protect against physical access or attack [that can destroy crops], not seen in the home,” he pointed out to Electronics Weekly.
Security testing is based on third-party, lab-based evaluation with independent checking of generic parts such as Root of Trust, the RTOS and the IoT device, to build trust across the IoT.
Once tested, devices will have attestation tokens to determine which level has been achieved.
The second security level is a developer API test suite. Certification enables standardised access to security services to build secure applications. Free test suites have been published for chip vendors, RTOS providers and device makers to test APIs to gain a compliance logo; these are available at www.psacertified.org
“The fourth step of PSA is a really important one, this is the one that builds trust. We have designed it to be straightforward, independent and multi-level, which is what we think the IoT industry needs,” said Rob Coombs, Director of New Business Development, Arm.
“Chip vendors have done the heavy lifting in this scheme,” he adds, introducing partners that include Cypress, Microchip, Nordic Semiconductor, Nuvoton, NXP, STMicroelectronics and Silicon Labs , which have all achieved Level 1 certification. In addition to Arm’s own Mbed OS, which will provide compliance with PSA Certified Level 1 and PSA Functional API Certification in the March 5.12 release, Express Logic’s X-Ware IoT platform OS has achieved PSA Certified Level 1 and ZAYA has achieved PSA Certified Level 1 and PSA Functional API Certification.
Arm is exhibiting at Embedded World, in Hall 4, booth 140