PSA Certified: Building Trust in IoT

By Paul Williamson, VP and GM, Emerging Businesses Group, Arm

February 25, 2019 -- 2018 saw the topic of security continue to hit the headlines, showing the unrelenting damage both hardware and software security vulnerabilities are having on businesses and consumers alike. IoT security challenges are a constant presence and if we are to instill confidence in IoT devices, the industry has a shared responsibility to rectify this – security cannot be optional.

Back in October, Arm’s CEO Simon Segars shared our second  Security Manifesto stating that security is never ‘solved,’ the threat landscape is ever-changing and we must remain vigilant. When we launched Arm’s  Platform Security Architecture in 2017, we defined a framework to bring best practice approaches to security, and since then a huge amount of work has been done to continue to equip the ecosystem to offer consistent secure foundations for devices – for example,  this time last year, we launched the first set of PSA Threat Models and Security Analyses documentation.

Now it’s time to combat the current lack of security validation of IoT devices and we’re doing this by partnering with renowned test lab partners Brightsight, CAICT,  Riscure and UL, and security experts Prove&Run, to create PSA CertifiedTM. This program is a natural step in the evolution of PSA as trusted, independent security testing is critical to enabling the development and deployment of these devices at scale.

Why should you care about PSA Certified?

You should care, especially if you’re a software developer, because PSA Certified is applicable to the vast majority of the IoT device market volume today. It is based on openly published threat models, specs and open source reference code, allowing for older MCUs, as well as newer processor architecture, processors, to be tested.

Developers who build systems in line with PSA principles will be able to have all products tested and certified at one of three assurance levels.

Level 1:  The foundation of PSA Certified

This is the initial level of certification which requires a critical security questionnaire based on PSA security model goals and IoT threat models. There are different forms depending on if you are a chip maker, OS provider or device maker, and once completed, the questionnaire is reviewed alongside a PSA Certified lab check of your product.

The foundational Level 1 certification uses the 10 security model goals from the PSA architecture documents and aims to catch common security issues through an assessment of security functions. The questionnaire can be downloaded, filled in and then you can contact a partner test lab for an interview style assessment.

We have already seen leading silicon partners and IoT platform providers achieve Level 1 certification, including Cypress, Express Logic, Microchip, Nordic Semiconductor, Nuvoton, NXP, STMicroelectronics and Silicon Labs.

Level 2: Lab-based evaluation

Level 2 is aimed at chip makers and includes a 25-day lab based evaluation against the PSA-root of trust (PSA-RoT) protection profile. This time-limited evaluation makes the scheme affordable and efficient, and tests for both software and light-weight hardware attacks.

PSA Developer APIs – simplifying developer access to security functions  

PSA Functional API Certification is a separate certification which uses test kits to prove that PSA based solutions have a consistent set of APIs for essential security functions, ensuring a consistent developer experience. As we launch, Nuvoton and OS provider ZAYA have already achieved both PSA Certified Level 1 and PSA Functional API Certification, and Arm Mbed OS will provide out of the box compliance with PSA Certified Level 1 and PSA Functional API Certification in its upcoming March 5.12 release.

What’s next for PSA Certified?

Level 3 of PSA Certified is currently under development, and will support more extensive attacks such as side channel and physical tamper, and we will bring it to market in the near future. There is also room for additional device level evaluation such as any vertical specific devices, and we will share more information on this later in the year.

The goal of PSA Certified is to build trust in IoT and services. The program completes the circle in delivering the total PSA IoT security framework, providing a mechanism for the whole value chain to more easily specify or buy silicon or devices with the right-level of security. As it becomes widely utilized, it will build trust in the ecosystem through independent security testing of large volumes of designs, and enable the ecosystem to agree a solid security API for the industry.

Visit to find out more.

About Arm

Arm technology is at the heart of a computing and connectivity revolution that is transforming the way people live and businesses operate. Our advanced, energy-efficient processor designs have enabled intelligent computing in more than 130 billion chips. More than 70% of the world’s population are using Arm technology, which is securely powering products from the sensor to the smartphone to the supercomputer. This technology combined with our IoT software and end-to-end connectivity, device and data management platform enables customers to derive real business value from their connected devices and data. Together with our 1,000+ technology partners we are at the forefront of designing, securing and managing all areas of compute from the chip to the cloud.

All information is provided "as is" and without warranty or representation. This document may be shared freely, attributed and unmodified. Arm is a registered trademark of Arm Limited (or its subsidiaries). All brands or product names are the property of their respective holders. © 1995-2018 Arm Group.

Review Article Be the first to review this article

Featured Video
Salesforce Technical Lead   East Coast  for EDA Careers at Cherry Hill, New Jersey
Senior Software Architect Internet for EDA Careers at San Jose, California
Sr. Application Engineer for Mentor Graphics at Fremont, California
Senior Account Managers… FORMAL VERIFICATION...VALLEY for EDA Careers at San Jose, California
Hardware Engineer, Board Design for Arista Networks at Santa Clara, California
Upcoming Events
FLEX 2020 and MSTC 2020 at DoubleTree by Hilton 2050 Gateway Place San Jose CA - Feb 24 - 27, 2020
DVCon U.S. 2020 at DoubleTree Hotel San Jose CA - Mar 2 - 5, 2020
OFC 2020 - The Optical Networking and Communication Conference & Exhibition at San Diego Convention Center San Diego CA - Mar 8 - 12, 2020
DATE '2020 at ALPEXPO Grenoble France - Mar 9 - 13, 2020

© 2020 Internet Business Systems, Inc.
25 North 14th Steet, Suite 710, San Jose, CA 95112
+1 (408) 882-6554 — Contact Us, or visit our other sites:
AECCafe - Architectural Design and Engineering TechJobsCafe - Technical Jobs and Resumes GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy PolicyAdvertise