Arm announces PSA Certified independent security testing
The Platform Security Architecture (PSA) was announced by Arm at last year’s TechCon and since then has been adopted by an ecosystems of partners. Now, Arm announces that, together with its independent security testing lab partners Brightsight, CAICT, Riscure and UL and consultants Prove&Run, it has introduced independent security testing, PSA Certified. Independent security testing enables IoT developers and device makers to establish the security and authenticity of the data collected from millions of IoT devices around the world.
PSA Certified adds to the industry’s framework for standardising the design of secure IoT devices, evaluating implementation to enable trust in individual devices, data and in the deployment of these devices at scale in IoT services, explains Arm.
PSA Certified provides a simple and comprehensive approach to security testing. It comprises a multi-level security robustness scheme and a developer focused API test suite. The security testing is based on third-party lab-based evaluation that builds trust through independent checking of the generic parts of an IoT platform including PSA Root of Trust, which is the source of integrity and confidentiality, the real time operating system (RTOS) and the device itself.
Device makers can achieve the required for a use case through three progressive levels of security assurance in PSA Certified. The levels are assigned by analysing the use case threat vectors. For example, a temperature sensor in a field may require different security robustness (level 1) than a sensor in a home environment (level 2) or in an industrial plant (level 3). Following the testing, all PSA Certified devices will have electronically signed report cards (attestation tokens) for determining which level of security has been achieved, allowing businesses and cloud service providers to make risk-based decisions.
The PSA Functional API Certification enables standardised access to essential security services, making it easier to build secure applications. Free test suites have been published for chip vendors, RTOS providers and device makers to test their PSA APIs and harness the hardware security of the latest silicon platforms.
Cypress, Microchip, Nordic Semiconductor, Nuvoton, NXP, STMicroelectronics and Silicon Labs have all achieved Level 1 certification. OS provider ZAYA has achieved PSA Certified Level 1 alongside PSA Functional API Certification, Express Logic X-Ware IoT Platform has also been PSA Certified Level 1, and Arm Mbed OS will comply with PSA Certified Level 1 and PSA Functional API Certification in its upcoming March 5.12 release.