PSA Certified is a global, collaborative security program and its members include semiconductor IP provider Arm, and Riscure, a software and hardware security evaluation vendor specialising in chip, embedded and mobile devices.
The program was established to define a framework for connected device security and its aim is to prevent security becoming a barrier to product development.
There are several different elements to PSA Certified security evaluation which looks to certify security credentials for chips, software, Root-of-Trust (RoT) components and devices. At PSA Certified Level 2 and PSA Certified Level 3, the focus is on the PSA-RoT which is provided by silicon vendors. PSA Certified Level 2 Ready is built for companies who provide a sub-set of the full PSA-RoT security requirements.
Crypto Quantique’s semiconductor hardware IP (QDID) is a dedicated physical unclonable function (PUF) used in standard CMOS processes. It supports a full PSA-RoT supplied by chip vendors by exploiting the femto-currents caused by random quantum tunnelling of electrons through the oxide layer of chips to generate random numbers, or seeds. The seeds are then used to produce, unique, uncorrelated and unclonable identities and cryptographic keys on demand.
As these identities and keys are produced within the device itself and do not need to be stored in memory or injected from external sources, they are said to be inherently more secure than those produced by alternative technologies. The second-generation PUF technology is also economical, requiring only minimal silicon area to generate multiple keys and eliminating the need for expensive on-chip peripherals such as secure memory.
The PSA Certified Level 2 Ready scheme enabled Crypto Quantique to carry out penetration testing on a subset of the PSA Certified Level 2 security requirements, showcasing to chip vendors that its QDID technology meets some of the PSA Certified Level 2 requirements. This allows chip makers to take the pre-certification and use it in a full PSA Certified Level 2 certification.
Commenting Shahram Mossayebi, Crypto Quantique’s CEO, said, “This certification is further proof that our quantum-driven, second-generation PUF technology underpins the ultimate security for microcontrollers, application-specific semiconductors, and the IoT devices in which they are used. As semiconductor manufacturers seek to raise their game with respect to security, QDID is now the clear front-runner in terms of performance and cost.”