I’m sure we’re all familiar with Lego blocks: there are so many things that you can do with them. Each piece, with its unique shape, can be assembled simply and yet, in an almost infinite large number of combinations. That being said, the combinations are not random, there are intrinsic rules as to how to put them together, how to align them or how, by combining with other pieces, you can create larger modules. As you keep building, before you know it, you have a model robust enough to withstand several play scenarios. It’s all made possible thanks to the individual blocks being sturdy, fitting nicely together and having simple but flexible combination rules that you end up being able to build so many solid projects.
Building Security IP Blocks
Some of those ideas and concepts apply to the security of IoT devices. When looking at the foundations of security at an individual level, it’s like looking into individual Lego pieces. You can start by identifying the function of those individual security IP building blocks, such as crypto processors and PUF subsystems. These smaller blocks will later go on to be assembled and provide the cornerstone of trust of our secure IoT device: the chip’s Root of Trust (RoT).
Introducing PSA Certified for RoT Components
PSA Certified has always been centralized around the concept of each part of the ecosystem being secure. For two years we’ve been certifying chips, software and devices, which together combine to build a secure IoT system. Today, we’re taking this analogy about the individual blocks a step further, with the PSA Certified security evaluation for RoT components. This addition to the program recognizes smaller, yet vital, additional IP blocks and enables them to show their security robustness and applicability into the PSA Root of Trust (PSA-RoT).
Reusing Certified Security Blocks
This new and additional approach has multiple advantages, beyond presenting the security capabilities, and its robustness for each building block. Similar to the Lego analogy, those individual RoT component blocks are combined in different modules in a variety of different combinations and products. These products gain certification, which also gets reused in many different use cases. By certifying the individual components ahead of time, the certified security building blocks can be reused, making chip evaluation faster and cheaper. For the integrator making use of those blocks, the reusability results in a quicker certification of their products.
The Certification Toolbox
As more and more IP is added, together with security subsystems, the composition of those blocks ultimately delivers a complete product, with security functionality, that can be verified using the PSA Certified certification toolbox. PSA Certified security evaluation for RoT components verifies the secure implementation of subsets of the RoT security capabilities. Later, when the functionality for the PSA-RoT is fully implemented, the silicon vendor can take all the RoT Components and aim for a full PSA Certified Level 2, or PSA Certified Level 3 (if the physical resistance is also in scope) certification.
Expanding the Ecosystem: We’re All Responsible
Of course, there might be additional functionality to add before concluding a secure IoT device development, but that security functionality will rely heavily on the strong security foundations from the RoT. We’re proud to have over 70 PSA Certified products today, and this approach allows us to invite more partners into the fold, offering them to the chance to certify their individual blocks, and demonstrate to the rest of the security stack that they have made the right choices with security.
Ultimately, this step aims to ease the secure product development, making the IoT device sturdy for withstanding the days ahead. Together, let’s select the right building blocks for our devices and protect the future in a world where the network of connected devices is the hacker’s playground.