Who decides whether an IoT device is secure
Global IoT is continuously expanding. The consensus is that by 2020, the number of globally networked devices will have reached tens of billions. Some forecasts even claim that this number will reach trillions by 2035. A source of concern is that, along with network scale, the challenges of IoT security are also increasing.
- As we all know, there are many types of IoT devices, and the security issues met by the respective devices are characterized by “fragmentation,” which undoubtedly adds to application developers’workloads.
- In addition, many IoT devices are limited by factors like power consumption and cost, and do not have sufficient resources to support security functions. This makes security standards difficult to implement.
- Furthermore, since many IoT systems often incorporate components from multiple manufacturers, developers cannot assume that the security of these devices is reliable.
Collectively, these factors pose a major problem for developers when it comes to handling IoT security issues. Their problem would be solved if we could find a well-established and effective way to help them quickly create a secure system, maximizing related resource multiplexing while reducing the costs for one-on-one security testing and authentication between manufacturers. In other words, the problem would be solved with the creation of a standardized system that provides a technical pathway to achieve IoT security, with the built-in ability to evaluate and confirm the results.
Platform Security Architecture (PSA)
With this aim in mind, many trials have been conducted across the industry. In 2017, ARM introduced the eye-catching Platform Security Architecture (PSA), which focused on “achieving an IoT security foundation with manageable costs, easy implementation, and low risks.”
According to ARM definitions, the PSA is a system that comprises threat models, security analyses, and hardware and firmware architecture standards. It offers an industry-based best-practices framework in which consistent secure designs may be realized on hardware and firmware, providing universal regulations and more economical methods for designing and manufacturing secure IoT devices. A simple rule of thumb is – if you follow PSA, you will not stray far from achieving IoT device security.
Figure 1. The three steps in achieving PSA (Image source: psacertified)
PSA implementation is conducted in three steps:
Step 1: Analysis. Based on their product application scenarios, systems suppliers work out specific security requirements from a series of threat models and security analyses, for which PSA provides templates and guiding principles. Based on the outcomes, users can make modifications according to their usage requirements.
Step 2: Architecture. ARM provides open source hardware and firmware design specifications for chip designers and firmware developers, including factors required for designing secure devices such as device identity, trusted boot, secure OTA, and certificate-based certification.
Step 3: Implementation. Finally, suppliers create a secure system based on security technology and chip IP provided by ARM. If ARM provides TrustZone open source reference firmware code Trusted Firmware-M (TF-M), chip manufacturers can transplant this original code into their own platforms and provide reference implementation for PSA.
This results in a highly operative technological pathway for IoT developers. When designing PSA, ARM referenced effective, secure methods and first-hand industry experience to deliver a shortcut for developers.
PSA certification
So far, PSA’s concept looks “perfect.” But this is not the whole story.
As mentioned, once a secure platform architecture is created via the PSA technological pathway, a corresponding certification system is needed to assess the security results and label the architecture as reliable. This process is PSA certification. It effectively offers a simple, comprehensive, industry-wide approved security testing method to achieve security trust between different manufacturers’ hardware and software components.
Figure 2. Diagram of the PSA certification system (Image source: psacertified)
PSA certification is made up of two parts – the security robustness plan and the functional API certification, designed especially for developers.
The security robustness plan is carried out by partner company labs and includes four aspects: PSA Root of Trust (RoT), certification, encryption, and secure storage. Its purpose is to check on the interchangeable parts of the IoT platform security. Assessment results are divided into three levels, which correspond to security requirements for different scenarios. Users may select their own certification level based on their product’s market positioning.
|
Certification level |
Level 1 |
Level 2 |
Level 3 |
||
|
Robustness |
Confirm security model goals for RoT, OS, and devices |
Lab-based PSA-RoT defense software attack and featherweight hardware attack assessment |
Defense against numerous additional instances of software and hardware attacks |
||
|
Certification process |
Lab check questionnaire |
Lab assessment, white box testing |
Lab testing based on higher-level protection-profile (PP) requirements |
||
|
Certification results |
Issuance of PSCertified.org certificate, viewable online |
Issuance of PSCertified.org certificate, viewable online |
Issuance of PSCertified.org certificate, viewable online |
||
Table 1. PSA security robustness certification levels
The functional API part of PSA certification targets chip, RTOS, OEM company and application developers, to confirm their achievement of RoT status through API on different platforms. The PSA functional API certification ensures that different developers are seamlessly integrated in the same certificated environment. It also allows developers to put more time and effort into product function development while assuring basic security capacity. Essentially, the functional API certification provides assurance of maximal multiplexing for PSA-certified products and components.
All PSA-certified products and components will receive a certificate, and can be found on PSCertified.org. This “label” has already become a selling point that some companies use in their marketing to highlight their IoT products’security features. NXP Semiconductors, for example, state on their official site that their processor products currently boast the most PSA certifications of all chip manufacturers.
Figure 3. PSCertified.org offers PSA certified product search (Image source: psacertified)
The next step for PSA certification
Although newly introduced, PSA certification’s direct focus on industry challenges, as well as ARM’s unique positioning, has attracted growing and widespread interest. Increased demand for PSA certification over the next few years is expected to be driven by the following factors:
- Global organization – Partnership with more local certification labs to lower PSA implementation and certification thresholds.
- Expand certification range – Those who sought PSA certification in the early days were mainly chip manufacturers. In the future, more players in the ecosystem, such as RTOS companies and OEMs, are likely to seek it.
- Standardization – The PSA system architecture is open and its compatibility is not confined to ARM architecture processors. In fact, PSA is already considering development of a standardized platform, covering other computing architectures and wider applications.
In conclusion, in the face of an IoT world on the scale of trillions, ARM expanded its product and service offerings with PSA and took on a weighty responsibility. Of course, ultimately the setting of IoT security parameters relies on the participation of the public. So who really decides whether an IoT device is secure? We still have a long way to go before answering that question. Fortunately, we are already on the right track.
