Silicon Labs recently received the highest level of certification available (see press release) through the well-known Platform Security Architecture, or PSA. This Level 3 certification, which has been designed to provide laboratory assessment of IoT chips with substantial security capabilities, represents a significant milestone for chip vendors targeting connected devices. We’re actually the first silicon provider to achieve this but what does it mean and why should any device manufacturer care?
What is Platform Security Architecture?
Before Arm developed PSA Certified and shared it with the world, it was essentially left to each silicon vendor to develop its own security systems. Of course, this resulted in varying degrees of robustness and confusing terminology in describing the different solutions. Arm responded by spending several years talking to security experts in the semiconductor world and coming up with a universal architecture that took all of those good ideas and put them into a single security architecture specification they named the “Platform Security Architecture” with the mission of providing what they called a “Hardware Root of Trust” in a secure microcontroller.
Some tenants of this “Hardware Root of Trust” philosophy are functions, including:
Enter PSA Certified
If Arm had stopped there, customers would still be taking the word of silicon vendors about its PSA implementation. Arm recognized this and created the PSA Certification process. They formed psacertified.org, joining other heavy hitters in the security certification industry including Brightsight, Riscure, UL Security Solutions, and TrustCB.
PSA Certified’s first priority was to write a simplified protection profile, starting with the PSA Architecture as a base requirement, then add assurance levels on top of that. Protection Profiles define “what” security a vendor is claiming in a particular component. The assurance level just means to what level or extent the security features in the Protection Profile are evaluated or tested.
So PSA Certified set about creating three separate documents. The first was what they called a Level 1 questionnaire which is a self-assessment of how a vendor meets the PSA “Root of Trust”. This questionnaire is submitted to TrustCB for scrutiny to prevent manipulation. The two other documents were Protection Profiles for two different levels of assurance against software and physical attacks.
By far the most common attacks are software attacks, which can be either local (the device is in your hands), or remote (you are connecting to the device either wired or wirelessly via some communication medium). The PSA Level 2 Protection Profile specifically addresses scalable software attacks and details security functions necessary in the silicon to prevent those types of attacks. PSA Level 2 is not simply a questionnaire, but also requires independent third-party labs to spend a specified amount of time and various methods trying to break the prescribed Level 2 security functions.
PSA Level 3 adds hardware attacks (again either local or remote), which have historically required more time, more experience, a much more expensive equipment to execute. So, if local hardware attacks aren’t as common as software attacks, why would Silicon Labs, or any other vendor, go through the trouble of getting this high level of certification? The answer is because there are tools reaching the market that effectively remove two of these barriers by bringing down the experience required and the cost of equipment for a physical attack. For example, NewAE has a product called ChipWhisperer and for a mere $3,800 you can get a starter kit that makes it possible to do some pretty effective side channel analysis attacks by stealing secret keys in the device as they are being used in the crypto operations. This same company also sells a tool for $3,300 called ChipShouter which is an inexpensive EMF fault injection tool which can cause the software in a product to glitch (often called glitch attacks) and allow malware to be injected in the product or do things unlock a locked debug port. I am sure there are more advanced tools available on the dark web that are even more deadly, these are just examples of tools that are easily bought by anyone.
The Growing Risks of Inaction Against Physical Attacks
With these relatively cheap tools, a criminal enterprise can pretty easily do some serious damage to a brand, ecosystem, or the bottom line of a company. An easy way to make money if you’re an organized cyber criminal is to steal the intellectual property of a company and sell it to someone who has the resources to produce knock-offs of those devices. It’s estimated that 10 percent of consumer electronic devices sold on the web are counterfeit, including sophisticated devices like a Wi-Fi router. Companies try to protect against IP theft by locking the debug port to prevent someone from simply dumping the whole contents of the product. With the ChipShouter tool, you can simply perform a glitch attack on the software that locks the debug port and boom, all the IP comes spilling out.
Another example might be when you have a sophisticate attestation procedure for your ecosystem to protect against rouge or fake devices from joining your network. This requires a secure identity in the device and a secure handshake to verify your device is authentic. With ChipWhisper and a real device in your hands, you can steal that secret identity and clone the device easily.
Silicon Labs is committed to anticipating our customers’ security needs and addressing them before they become an issue. That’s why we’ve adopted the PSA Architecture and achieved its highest level of certification - to create products that proactively stay ahead of this ‘cyber mafia’ rather than being forced to react to them after they’ve wreaked havoc.
For more information on how Silicon Labs is securing the IoT, visit silabs.com/security.