Arm Bolsters IoT Security Testing
Arm, in collaboration with a variety of testing partners, has announced a series of certifications intended to make sure internet of things (IoT) platforms built using its processors are secure.
In 2017 Arm created the Platform Security Architecture (PSA), a framework that guides organizations through the process of building a secure connected device. That framework includes instructions and principles as well as Threat Models and Security Analyses documentation, hardware and firmware architecture specifications, open source Trusted Firmware (TF-M) and application programming interface (API) test kits.
Working with with Brightsight, CAICT, Riscure, UL and Prove&Run, Arm is now launching PSA Certified, a set of tools designed to certify which of the four levels of the PSA framework any IoT device meets. The level of cybersecurity certification that needs to be achieved is determined by its function—a temperature sensor, for example, doesn’t need to have the same level of cybersecurity defenses in place as an IoT gateway.
Level One of the PSA certification is achieved by answering a questionnaire. Level Two requires passing a series of lab tests. A forthcoming Level Three adds tests to identify vulnerabilities to more sophisticated attacks such as side channel and physical tampering. Arm is also looking at additional device level evaluation for vertical industry use cases.
Chet Babla, vice president of Emerging Businesses Group at Arm, said it’s apparent that IoT projects are being held up because of cybersecurity concerns. There is no shortage of IoT pilot projects, but very little in the way of successful IoT projects. The PSA framework and associated testing services are intended to give IT organizations more confidence in IoT platforms that have been built on top of Arm processors, he said.
That confidence is already sorely needed. Babla noted there has already been a 600 percent increase in attacks targeting IoT devices and a 300 percent increase in malware being loaded onto IoT devices.
Given the inherent challenges associated with defending every expanding IoT attack surface, Babla said it’s critical for organizations to infuse cybersecurity capabilities into IoT platforms that must be able to defend themselves from a wide range of types of cybersecurity attacks.
Arm also promised that the Arm Mbed operating system will provide out-of-the-box compliance with PSA Certified Level 1 and PSA Functional API Certification in its upcoming 5.12 release, coming next month. Semiconductor manufacturers that have already committed to support PSA include Cypress, Express Logic, Microchip, Nordic Semiconductor, Nuvoton, NXP, STMicroelectronics and Silicon Labs, all of which have achieved Level 1 certification. ZAYA, a provider of an operating system for IoT devices, has achieved both PSA Certified Level 1 and PSA Functional API Certification.
On the plus side, it would appear some cybersecurity forethought is being applied to IoT projects before they get deployed. That’s a far cry from what usually occurs whenever an emerging technology comes along. The real challenge now, of course, is making sure those IoT devices are secure in the timeliest way possible, because the projects on which those devices depend will not wait around forever.
