PSA Certified moves to Level 4

PSA Certified moves to Level 4

Technology News |
By Nick Flaherty

UK security and evaluation framework PSA Certified has launched its highest level certification for AI in connected devices.

Infineon is the first partner to be under evaluation in the lab for the new PSA Certified Level 4. Over 200 companies have received PSA certifications, as 75% of businesses say security has become a higher priority in the last 12 months 

The PSA Certified Level 4 Integrated Secure Enclave / Secure Element (iSE/SE) certification offers enhanced protection of high value assets that can secure valuable AI models, future-proofing systems against new attack methods and rising security threats linked to the rapid adoption of edge AI.

Intrinsic ID is first with PSA Certified Level 3 Root of Trust

The certification is designed specifically for edge connected devices and takes a layered approach to IoT security, offering certification for all components of a connected device, ensuring that each element has built-in security based on a Root of Trust. The framework breaks down security design and implementation now with four levels, reducing complexities and ensuring right-size security can be deployed at scale. 

“As the world embraces a new set of AI-enabled use cases, the value of data and assets has never been higher; nor has the importance of protecting them. The launch of PSA Certified Level 4 iSE/SE is testament to our commitment to helping the industry deploy security features that will protect devices and models from malicious changes and theft now, as well as over the next decade.,” said David Maidment, Senior Director, Secure Devices Ecosystem at ARM, a PSA Certified co-founder.

The Level 4 certification is already available at PSA Certified Labs and marks a key change that can be used to protect valuable models and data during device boot and at rest, when models reside in secure storage.

The level recognizes the use of a highly robust integrated Secure Enclave (iSE) or Secure Element (SE) – that acts as a trusted subsystem to the full Root of Trust (PSA RoT). By safeguarding critical cryptographic functions and key storage, OEMs can now ask for a RoT with a trusted subsystem that offers a ‘high’ level of attack resistance.

PSA Certified Level 4 iSE/SE considers more sophisticated attack methods in scope. Chips that achieve this new level could be used in an AI context to help protect valuable models and data at boot and rest: some chips will need protection from advanced fault injection and differential power analysis (up to and including EMFI, single laser and multi-glitching).

PSA Certified Level 4 iSE/SE chips will also benefit from stronger cryptography of at least 128-bit strength. The new level offers a “high” level of protection of the PSA-RoT assets from physical or software attack. 

A trusted subsystem that achieves PSA Certified Level 4 iSE/SE can be used through composition in a PSA Certified Level 3+SE certification of the full PSA RoT security functionality.  The PSA Certified Level 3 document has been updated to allow this new certification level.

PSA Certified Level 4 iSE/SE will help protect emerging use cases from sophisticated security attacks that could be used to decrypt and verify OTA updates which help protect models in high-value systems.

Industrial and safety-critical use cases need to support system recovery and stronger authentication: re-establishing integrity, confidentiality and availability are fundamental when rebooting systems and deploying OTA updates when faults are found, or upgrades are required. PSA Certified iSE/SE also mandates higher strength cryptography, which protects against more sophisticated attacks.

“In the age of AI, the risks of insecurity are immense and increasing. I’ve backed PSA Certified since launch and I am impressed by its success in uniting the technology ecosystem around the common goal of improving trust and security within the connected device ecosystem, while aligning to emerging government standards and legislation,” said Erik Wood, Senior Director, IoT Secure MCU Products at Infineon.

PSoC64 microcontroller with PSA Level 2 certification for more secure IoT devices

“The launch of PSA Certified Level 4 iSE/SE takes that one step further. With this new level, the electronics industry is better able to protect against the growing advancement of attack methods driven by the explosion of machine learning, generative AI and LLM.”

PSA Certified Level 1 for device manufacturers involves the evaluation of an IoT device to assess whether it adheres to baseline security best practice; PSA Certified Level 2 offers protection against basic software attacks and PSA Certified Level 3 demonstrates protection from substantial physical and software attacks.



If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles