With the introduction of PSA Certified, Arm and the PSA Certified co-founded have established a security baseline for embedded devices. Its concepts, threat models, and APIs can be reused between IoT products (such as smart home devices). This is especially beneficial for related products with different capabilities, such as different product lines. Key examples are crypto implementations in hardware, software, or both. In PSA Certified, cryptography is covered by the PSA Certified Crypto API. It can be leveraged across multiple products in a product line, and across product lines; from powerful application processors down to Arm Cortex-M microcontrollers with as little as 64 KB flash and 8 KB RAM.
Oberon microsystems AG develops lightweight crypto software that is practical even on resource-constrained Cortex-M class microcontrollers. It all started with an IoT project that required crypto support for firmware updates in 2013. For this project, Oberon created an efficient implementation of Bernstein’s elliptic curves for Arm Cortex-M. That code provided a head start when the smart home industry raised the bar for cryptography substantially and needed faster crypto libraries.
In 2015, Nordic Semiconductor and Oberon started a strong partnership on the nRF51 (16 MHz Cortex-M0). Today, as the result of a continued close collaboration, Nordic’s nRF Connect SDK incorporates Oberon’s PSA Certified Crypto API implementation. nRF Connect SDK is Nordic’s unified code base for building IoT products based on their wireless devices.
Oberon PSA Crypto is a crypto library optimized for low-power, resource-constrained microcontrollers. It is the first product to commercially support the PSA Certified Crypto API, its PAKE extension and the companion crypto driver API from Arm. It is also the first crypto library that passed the PSA Certified Crypto compliance program and received the corresponding certificate. Crypto hardware accelerators can be freely mixed and matched with Oberon’s fast, constant-time, pc-secure and table-free crypto software that provides better side-channel resistance than typical software crypto implementations. A common IoT cipher suite can fit in less than 20 kB flash memory, even if no hardware acceleration is available. PSA Certified APIs enabled Nordic Semiconductor to focus resources on a single standardized crypto API, regardless of the underlying hardware capabilities. Nordic customers also benefit from a consistent crypto API for streamlining their IoT product security efforts.
Quote
Oberon microsystems understands embedded and we are proud to integrate their high-quality solutions in our devices. Nordic partnered with Oberon in the development of Oberon PSA Crypto, an implementation of the PSA Crypto API which enables cryptographic hardware acceleration to be complemented by Oberon software crypto where hardware crypto is not available. Their PSA certified Oberon PSA Crypto is used for nRF52, nRF53 and nRF91 series devices available in nRF Connect SDK, today, and is continuously improved in close cooperation with Oberon microsystems.