The value of the Internet of Things (IoT) is in its scale. It’s in the billions of devices that are currently being connected and in the way the technologies fit seamlessly into almost every aspect of our lives. We can think of the difference security makes in similar terms. It’s about the security of individual components and about the bigger picture – how our approach contributes to the protection of the end-product and the wider network of devices.
At Silicon Labs, we believe that security is vital to the future of the IoT. If we want the widespread deployment of connected devices to transform industries, grow economies, and improve people’s lives, we must build trust in the products. We can only do that by ensuring they’re secure, and that they behave in the way our customers want and expect them to. So, what do we mean by secure?
The answer to that question is more straightforward now than it was five years ago. Then, silicon vendors were developing their own systems that all provided different levels of protection and we were all speaking about security in different ways. It could be difficult for customers to understand and compare our approaches.
We could see that a common foundation and language for security was required to move the discussion and the industry forward. We also needed to find a way to assure people that our products were secure rather than expecting them to take our word for it.
Establishing a Common Language for Security
Arm and its partners realized that certification would help set a benchmark for the security of connected devices and enable the industry to be clear with each other about what it means to have security built into a product, starting at the silicon. That partnership, called PSA Certified, established an easy-to-use framework and evaluation scheme to help remove the uncertainty and confusing terminology that had become a problem and make it easier for us to assure our customers that security had been built in. PSA Certified is a multi-level assurance scheme:
- At PSA Certified Level 1, vendors carry out a self-assessment to determine that basic security principles have been addressed.
- At PSA Certified Level 2, a fundamental security component, the PSA Root of Trust (PSA-RoT), is tested by independent security experts to ensure it can prevent scalable software attacks. A RoT has become a sought-after feature in connected devices because it acts as an anchor for the other security features.
- PSA Certified Level 3 builds on PSA Certified Level 2, where a third-party security lab assessment of the chip is conducted to ensure that the PSA-RoT can prevent sophisticated hardware (local or remote) and software attacks.
We chose to certify our EFR32MG21 wireless system-on-chip with Secure Vault at PSA Certified Level 3. We believe that level of protection is needed to guard against the threats of operating in a connected world. With relatively inexpensive tools and limited experience, criminals can disrupt operations, gain unauthorized access to a building, steal intellectual property, or compromise people’s privacy or identities. That can damage a company’s reputation or finances and erode people’s trust in the technologies, which will slow the IoT’s development. As Matt Johnson, senior vice president of IoT at Silicon Labs, said in a recent media release, “The continued growth of the IoT depends on trusting that devices are authentic and secure when they join ecosystems.”
Quote
The continued growth of the IoT depends on trusting that devices are authentic and secure when they join ecosystems.
We were the first silicon provider to achieve PSA Certified Level 3 certification. PSA Certified was an obvious choice for us when we were looking for a way to communicate the value of our approach to security to our customers. We’d been involved in the conversations about the need for a framework and assurance scheme and the development of this program. Other silicon vendors had also been a part of the discussions. That early engagement meant that PSA Certified responded to the challenges we were all facing and established a common security language that was useful to the market.
Building Trust in Connected Devices and the IoT
Communication is vital to establishing the trust in our products and in the IoT that I mentioned earlier. Now, everyone in the ecosystem knows what we mean we speak about the security of a device because we’re using the same vocabulary. If you have certification at PSA Certified Level 3, it means you are helping to protect the device against hardware attacks. That helps Silicon Labs and other silicon providers show our customers that we’re meeting their expectations.
We know people are increasingly concerned about the growing number of attacks on connected devices, and our customers want to know that we’re worried about it too and are taking the steps that will help to secure our products. As my colleague Mike Dow, Senior Product Manager for IoT Security at Silicon Labs said in an earlier blog and podcast, that includes asking for secure boot. “… they know the term and they know the concept: I need to be able to trust my device because my device, the first thing that boots in my system is going to have to check other things.”
Certification Can Help Speed Up Development
More companies are adopting the PSA Certified framework and pursuing security certification because of this concern. There are also an increasing number of security laws and baseline requirements being introduced to help protect individuals and organizations from criminals. However, securing a device is difficult and time consuming. We’ve done the hard work and built a foundation of security and because we have the certification from PSA Certified to prove it, it enables others to benefit from our investment.
Our certification means that device manufacturers can build their products on trusted components, and they can then capitalize on the level of assurance we provide to offer their own customers peace of mind. PSA Certified certification can be inherited, which helps to establish a chain of trust and streamline and accelerate product design. As Mike Dow said, “So, if I do a PSA Certified Level 2 or PSA Certified Level 3, any customer that uses that chip should be able to inherit that goodness, that certification should come with it.”
Security Becomes More Important in an Increasingly Connected World
We’re developing the connected technologies that our customers are building the future on. If we ensure security starts at the silicon now, we’re also helping to secure devices for the years ahead.
Silicon Labs and PSA Certified are working together to create a more secure IoT. Learn more.