New PSA Certified Level 4 Certification

3 mins read

PSA Certified, the global security and evaluation framework for the connected device ecosystem, has announced its highest certification level to date as it works to build assurance in connected devices.

Credit: : Tierney - stock.adobe.com

The new PSA Certified Level 4 iSE/SE certification offers enhanced protection of high value assets that can secure valuable AI models, future-proofing systems against new attack methods and rising security threats linked to the rapid adoption of edge AI.

Its launch follows a period of strong momentum for PSA Certified which has now become a trusted route for demonstrating security best practice and the assurance of connected devices.

Commenting David Maidment, Senior Director, Secure Devices Ecosystem at Arm (a PSA Certified co-founder), said “As the world embraces a new set of AI-enabled use cases, the value of data and assets has never been higher; nor has the importance of protecting them. The launch of PSA Certified Level 4 iSE/SE is testament to our commitment to helping the industry deploy security features that will protect devices and models from malicious changes and theft now, as well as over the next decade.”

As security cements its position as a business imperative, companies are uplevelling their investment in security-by-design. PSA Certified has now surpassed the milestone of 200 certifications from nearly 90 technology providers, making it one of the most successful schemes to address connected device security.

The newly launched PSA Certified Level 4 Integrated Secure Enclave / Secure Element (iSE/SE) certification, already available at PSA Certified Labs, can be used to protect valuable models and data during device boot and at rest (when models reside in secure storage).

The level recognises the use of a highly robust integrated Secure Enclave (iSE) or Secure Element (SE) - that acts as a trusted subsystem to the full Root of Trust (PSA RoT). By safeguarding critical cryptographic functions and key storage, OEMs can now ask for a RoT with a trusted subsystem that offers a ‘high’ level of attack resistance.

Benefits of PSA Certified Level 4 iSE / SE Certification include:

Protecting ML models at rest with highly robust crypto and key storage

  • PSA Certified Level 4 iSE/SE considers more sophisticated attack methods in scope. Chips that achieve this new level could be used in an AI context to help protect valuable models and data at boot and rest: some chips will need protection from advanced fault injection and differential power analysis (up to and including EMFI, single laser and multi-glitching). PSA Certified Level 4 iSE/SE chips will also benefit from stronger cryptography of at least 128-bit strength. The new level offers a “high” level of protection of the PSA-RoT assets from physical or software attack.
  • A trusted subsystem that achieves PSA Certified Level 4 iSE/SE can be used through composition in a PSA Certified Level 3+SE certification of the full PSA RoT security functionality. The PSA Certified Level 3 document has been updated to allow this new certification level.

PSA Certified Level 4 iSE/SE will help protect emerging use cases from sophisticated security attacks

  • PSA Certified Level 4 iSE/SE offers additional security against more advanced attacks. Chips that offer this RoT provide a strong trust anchor that could be used to decrypt and verify OTA updates which help protect models in high-value systems.
  • Industrial and safety-critical use cases need to support system recovery and stronger authentication: re-establishing integrity, confidentiality and availability are fundamental when rebooting systems and deploying OTA updates when faults are found, or upgrades are required. PSA Certified iSE/SE also mandates higher strength cryptography, which protects against more sophisticated attacks.
  • Trust anchor for Edge AI and infrastructure chips, providing a “High” level of protection against physical and software attacks on critical assets that require a more robust Root of Trust to maintain system integrity.

A transparent certification scheme with a route to High, Substantial, and Basic levels of robustness and assurance, purpose-built for the SoC market

  • PSA Certified offers a variety of robustness levels to match the market’s needs, all specifically designed for the electronics industry. By allowing a trusted subsystem to be certified as a component, and that certificate reused as part of a complete PSA RoT many times, chip vendors benefit from significant time and cost savings.

The first partner to aim for the PSA Certified Level 4 iSE/SE standard is Infineon. Commenting Erik Wood, Senior Director, IoT Secure MCU Products at Infineon, said “In the age of AI, the risks of insecurity are immense and increasing. I’ve backed PSA Certified since launch and I am impressed by its success in uniting the technology ecosystem around the common goal of improving trust and security within the connected device ecosystem, while aligning to emerging government standards and legislation.

“The launch of PSA Certified Level 4 iSE/SE takes that one step further. With this new level, the electronics industry is better able to protect against the growing advancement of attack methods driven by the explosion of machine learning, generative AI and LLM.”