PSA Certified

PSA Certified
Effective regionWorldwide
Effective since2017
Type of standardSecurity certification scheme
Websitepsacertified.org

Platform Security Architecture (PSA) Certified is a security certification scheme for Internet of Things (IoT) hardware, software, and devices. It was created by Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, TrustCB, and UL as part of a global partnership.

Arm Holdings first brought forward the PSA specifications in 2017 to outline common standards for IoT security,[1] with the PSA Certified Assurance Scheme launching two years later in 2019.

History

[edit]

In 2017, Arm Holdings introduced the Platform Security Architecture (PSA), a framework designed to enhance the security of Internet of Things (IoT) devices and services. PSA emerged as a comprehensive standard, incorporating various elements such as threat models, security analyses, and architectural specifications for hardware and firmware. It also included an open-source firmware reference implementation. The primary objective of PSA was to establish a baseline for security in the IoT sector, catering to the needs of both software and device manufacturers.

Over time, PSA evolved into PSA Certified, a more structured, four-stage framework. This development aimed to provide IoT designers with a systematic approach to ensuring security. The framework categorized security into different levels, each offering varying degrees of assessment and assurance.

The initial PSA documents and IoT threat models were released in 2018, marking a significant step in standardizing IoT security.

The formal certification process for PSA Certified was launched at Embedded World in 2019. This event saw the introduction of Level 1 certification, primarily targeting chip vendors. Concurrently, a draft outlining Level 2 protection was also presented.

PSA Certified was further strengthened by the collaboration of seven founding stakeholders, including Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, UL, and TrustCB. TrustCB joined as an independent certification body for the scheme, while the other stakeholders, four of which are security test laboratories, contributed to the creation of the PSA Certified specifications under the PSA Joint Stakeholders Agreement.

The PSA Certified ecosystem expanded in 2021 with the addition of Applus+ and ECSEC, two notable security test labs.

Noteworthy milestones in the journey of PSA Certification include the issuance of the first Level 2 certificates to chip vendors in February 2020 and the awarding of the first Level 3 certificate in March 2021.

In November 2022, PSA Certified introduced Level 2 + Secure Element. This new category allows for the integration of a secure element to enhance the physical protection at Level 2, bridging the gap before advancing to the more robust Level 3 protection.

The evolution of PSA and the introduction of PSA Certified represent significant strides in standardizing and enhancing IoT security, reflecting the industry's ongoing commitment to safeguarding interconnected devices in an increasingly digital world.

Certification

[edit]

The PSA Joint Stakeholders Agreement is an initiative focused on establishing a global standard for Internet of Things (IoT) security. This agreement aims to simplify the security protocols within the electronics industry by providing a coherent and comprehensive security scheme. The security certification scheme, as outlined in the agreement, advocates a security-by-design approach applicable to a broad spectrum of IoT products. This process begins with a thorough security assessment of the chip, specifically its Root of Trust (RoT), and progressively extends to system software and device application code. Notably, the PSA-certified specifications are designed to be neutral regarding implementation and architecture, making them applicable across various chips, software, and devices.

The PSA Certified program seeks to address and reduce fragmentation in the IoT product manufacturing and development sectors. It supports the creation of system-on-chips (SoCs) that incorporate a PSA Root of Trust (PSA-RoT), a security component accessible to software platforms and original equipment manufacturers (OEMs).

Functional API Certification

[edit]

PSA-RoT offers a set of high-level APIs, facilitating the abstraction of trusted hardware and firmware across different chip vendors. These APIs include the PSA Cryptography API, the PSA Attestation API, the PSA Storage API, and the PSA Firmware Update API. Compliance with these APIs is verified through open source API test suites, and an open-source implementation of the PSA Root of Trust APIs is available through the TrustedFirmware.org project.

Certification Levels

[edit]

Level 1 Certification

[edit]

Level 1 targets chip vendors, software platforms, and device manufacturers. It involves a questionnaire, document review, and an interview conducted by a certification lab. The process ensures alignment with key IoT standards and laws, like NISTIR 8259, ETSI 303 645, and SB-327.

Level 2 Certification[2]

[edit]

This mid-level certification focuses on software attacks and includes a month-long review of the PSA-RoT source code by a security lab. It emphasizes specific attack methods and evaluation methodologies, with a requirement for hardware support of PSA-RoT functions, primarily aimed at chip vendors.

Level 2 + Secure Element

[edit]

This level enhances Level 2 by adding physical protection for certain security functions. It typically involves a Level 2 Certified SoC combined with a secure element, focusing on secure cryptographic operations and key storage.

Level 3 Certification

[edit]

The highest level, Level 3, expands upon Level 2 to include safeguards against various physical and side-channel attacks. This level encompasses physical protection for all security functions, differentiating it from Level 2 + Secure Element.

This structured approach under the PSA Joint Stakeholders Agreement and the subsequent certification levels play a critical role in unifying and strengthening IoT security standards, catering to the diverse needs of the industry, and promoting a safer IoT environment.

Industry adoption

[edit]

Since the launch of the standard, it has been adopted by a number of chip manufacturers and system software providers.

Company Certification Level Sector References
Aitos.io Level 1 Blockchain [3]
Azure RTOS Level 1 Software platform [4]
Crypto Quantique Level 2 OEM [5]
Cypress Semiconductor Level 2 Chip manufacturer [6]
Embedded Planet Level 2 OEM [7]
Espressif Systems Level 1 Chip manufacturer [8]
Eurotech Level 1 OEM [9]
Express Logic Level 1 Software platform [10]
FreeRTOS Level 1 Software platform [11]
Infineon Level 2 Chip manufacturer [12]
InGeek Level 1 OEM [13]
Macronix Level 1 OEM [14]
Microchip Technology Level 1 Chip manufacturer [15]
Nordic Semiconductor Level 2 Chip manufacturer [16]
Nuvoton Level 1 Chip manufacturer [17]
NXM Labs Level 1 Software platform [18]
NXP Semiconductor Level 3 Chip manufacturer [19]
OneOS Level 1 Software platform [20]
Renesas Electronics Level 2 Chip manufacturer [21]
RT-Thread Level 1 Software platform [22]
Sequitur Labs Level 1 Software platform [23]
Silicon Labs Level 3 Chip manufacturer [24]
Goodix Level 1 Chip manufacturer [25]
STMicroelectronics Level 3 Chip manufacturer [26]
Unisoc Level 1 Chip manufacturer [27]
Veridify Level 1 Software platform [28]
Winbond Level 2 Chip manufacturer [29][30]
Zephyr OS Level 1 Software platform [31]

References

[edit]
  1. ^ Dent, Steve (October 23, 2017). "Google and others back Internet of Things security push". Engadget.
  2. ^ "ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) | PSA Certified". www.psacertified.org. 2022-07-06. Retrieved 2023-12-12.
  3. ^ "aitos.io launches the world's first PSA Certified BoAT blockchain application framework". Medium. 12 May 2021.
  4. ^ "Azure RTOS | PSA Certified". www.psacertified.org. 2021-10-27. Retrieved 2022-12-15.
  5. ^ "Securing the IoT ecosystem". New Electronics. September 30, 2021.
  6. ^ "Cypress Processing Solution with Built-in System Layer Security Fortifies IoT Application Design" (Press release). 26 February 2019.
  7. ^ "Arrow Electronics Accelerates Development of IoT Devices on PSA Certified Trusted Methodology". EE Times.
  8. ^ "ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) | PSA Certified". www.psacertified.org. 2022-07-06. Retrieved 2023-12-12.
  9. ^ "Eurotech achieves IoT security certification". Eurotech. July 7, 2021.
  10. ^ "Express Logic's X-Ware IoT Platform is now Arm PSA Certified". Embedded Computing.
  11. ^ "FreeRTOS | PSA Certified". 2020-03-16. Retrieved 2021-04-09.
  12. ^ "PSoC 64 Standard Secure MCU family achieves PSA Level 2 certification". New Electronics. September 21, 2021.
  13. ^ "InGeek Embedded World PSA Certified". InGeek.
  14. ^ "Macronix ArmorFlash NOR Flash achieves PSA Certified Level 1 status". New Electronics. August 31, 2021.
  15. ^ "SAM L10 and SAM L11 Microcontroller Family". Microchip Technology.
  16. ^ "Nordic Semiconductor nRF9160 SiP and nRF5340 SoC achieve PSA Certified Level 2 for enhanced IoT security assurance". Nordic Semiconductor.
  17. ^ "Nuvoton Debuts PSA Certified Level 1 and PSA Functional API Certified Arm Cortex-M23 Based MCU for Global Market Targeting IoT Security". Nuvoton.
  18. ^ "NXM Achieves PSA Level One Certification from UL for its Autonomous Security Software". UL. October 8, 2019.
  19. ^ "The LPC553x/S3x MCU family further expands the world's first general purpose Cortex-M33-based MCU series". Arm Limited.
  20. ^ "OneOS certification". PSA Certified. 3 February 2021.
  21. ^ "Renesas Electronics Unveils RA Family of 32-Bit Arm Cortex-M Microcontrollers with Superior Performance and Advanced Security for Intelligent IoT Applications". Renesas.
  22. ^ Cohen, Perry. "RT-Thread IoT OS Achieves PSA Security Certification". Embedded Computing Design.
  23. ^ "Sequitur Labs' EmSPARK 2.0 Security Suite achieves PSA Certified status". New Electronics.
  24. ^ Dahad, Nitin (March 17, 2021). "Silicon Labs First to Achieve PSA Certified Level 3 Status for Wireless SoC". EE Times.
  25. ^ "Goodix receives PSA Certification" (in Chinese). EE Times China.
  26. ^ "Dev kits and software for STM32U5 – and chips now available". Electronics Weekly. October 1, 2021.
  27. ^ "Unisoc Launches All-New AIOT Solution V5663". Unisoc. March 2, 2020. Archived from the original on June 16, 2020. Retrieved August 4, 2020.
  28. ^ "Veridify Security's DOME Client Library Achieves PSA Certified Level 1 Accreditation". Embedded Computing (magazine).
  29. ^ "Winbond TrustME Secure Flash Memory achieves PSA Certified Level 2". Winbond. February 26, 2020.
  30. ^ Winning, Ally (3 March 2020). "Winbond TrustME secure flash gets PSA Certified Level 2 Ready". EE News.
  31. ^ "Linaro contributes to the Zephyr Project becoming PSA certified". Linaro.