Secure Thingz contributes to Arm Platform Security Architecture line with improved device security

Device security company, Secure Thingz is helping broaden the Platform Security Architecture (PSA) documentation, which has a working name of ‘PSA for Secure Production’, includes a Secure Production Threat Model and Security Analysis (TMSA) document, as well as a future specification, looking at the need to implement security integrated within silicon to protect intellectual property (IP) and protect revenue streams within the Internet of Things (IoT) supply chain.

With growing connectivity in almost every industry sector, from industrial automation and critical infrastructure to smart cities and smart consumer products, the potential risks of cyberattack and hacking increase unless protection is built into the system’s foundations. The impact of poor security is manifested at many levels. A hardware-based security mechanism is essential to protect intellectual property and revenue streams. 

PSA is a framework for designing more secure connected devices building upon security best practice from across the industry. It is aimed at different entities throughout the supply chain and includes a set of deliverables, including Threat Models and Security Analyses documentation, hardware and firmware architecture specifications, Trusted Firmware, plus APIs and an API test suite. 

This is all alongside PSA Certified, which is an independent security evaluation and certification scheme. A Secure Production Threat Model identifies the assets to be protected, threats against these assets, along with the subsequent security objectives and requirements to mitigate against the identified threats.

PSA can be thought of as providing the recipe (architecture documents) and ingredients (open source code, threat models, development boards and models) to make security easier, no matter the level of security expertise. Through this approach, Arm is working with the electronics industry to make the development of chips, firmware, software and devices more straightforward.

PSA Certified is an independent security evaluation scheme for PSA-based IoT chips, OS and devices. It aims to build trust for the IoT value chain that starts with a multi-level assurance program for chips containing a security domain called a Root of Trust (PSA-RoT). The multi-level assurance scheme helps device makers and businesses get the level of security they need for their use case, based on security requirements established during the analyze phase of PSA.

PSA Certified focuses on the common parts of IoT systems and the central role of the PSA-RoT in providing a trustworthy security domain. The security evaluation scheme can apply to many use cases and markets, has been designed to be cost effective, fast to market and available at multiple test labs providing global testing.

“At Secure Thingz, we help our customers to ensure security and protect their IP through their supply chain and whole IoT device lifecycle. Arm provides the necessary hardware security foundation to offer our customers the means to secure their supply chain and valuable IP. Now we are working together to broaden the PSA family of specifications with security aspects related to the whole IoT supply chain,” commented Haydn Povey, CEO and founder, Secure Thingz.

“As connected devices become more intelligent, we are constantly looking at ways to reinforce device security and expand the PSA framework,” said Andy Rose, chief system architect and fellow at Arm. “The new documentation from Secure Thingz will build on the available practical security implementation guides and open source trusted firmware, helping simplify the creation of more secure IoT devices.”


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.

Name