ioXt Alliance “SmartCert” certification against the ioXt 2020 Base Profile has been granted.
The ioXt 2020 Base Profile assures that the base ioXt security pledge is met which requires a device to secure its external interfaces, provide proven cryptography, and is secured by default out of the box. The requirement also requires the product to run verified software, provides secure software updates, and has a public vulnerability reporting process.
The Silicon Labs reporting process provides customers both a mechanism to report vulnerabilities they have found and receive notifications of vulnerabilities reported to the Silicon Labs PSIRT committee.
The ioXt Alliance is a large advocate in achieving scalability by allowing for the inheritance of security certifications. For example; they recognize the Arm PSA certification to show that the device has a hardware root of trust for verifying software. It also means that any device going through ioXt Alliance certification with an xG21B device will be able to leverage the Silicon Labs EFRMG21B development kit certification and not have to repeat test cases that our chip has already passed.
Our EFRxG21B SoCs with Secure Vault are the first chips in the world to achieve Arm PSA Level 3 certification – PSA Certified's highest level of IoT security protection. This certification is proof of our commitment to protect devices from hardware and software attacks, and it cements our leadership in IoT security.
PSA Level 3 certification requires testing the prescribed “Hardware Root of Trust” security features in an approved 3rd party security lab against not only software attack vectors (the scope of PSA Level 2) but also hardware attack vectors (the additional scope of PSA Level 3). “Hardware Root of Trust”, a proven technology, has become a highly desired feature in IoT devices as it creates an anchor to security capabilities.
PSA Level 2 certification ensures several security features are robust by ensuring separation between a secure processing environment and a non-secure processing environment, a secure boot process with integrity and authenticity checks, secure debug ports that cannot be unlocked without cryptographic authorization, an ability to update software securely, secure storage of assets (e.g., secret keys) that must maintain confidentiality, and strong proven cryptographic functions.
PSA Level 3 adds protection against various physical manipulations of hardware and data, as well as operation outside of normal operating conditions.
Read more about the Level 3 PSA Certification – What it is and Why it Matters
Silicon Labs has completed extensive independent vulnerability penetration testing from the industry established Riscure Security Certification Services.
For this evaluation, Riscure performed a vulnerability analysis of our secure boot and secure debug and determined that it was infeasible for them to break. Our ECC and AES encryption were also evaluated for side-channel leakage with very high grades. The AES engine was further evaluated using Differential Fault Analysis (DFA) and the ECC engine was evaluated using Correlation Power Analysis (CPA) and again scored very well. Other areas evaluated by Riscure in the report were our Secure Element mailbox and tamper detection which again showed strong resistance to attacks.
This report can be shared as needed by Sales with customers under NDA and can be reviewed with the customer in a Video chat with our Security Apps team if required.
SESIP provides a common and optimized approach for evaluating the security of connected products that meet the specific compliance, security, privacy, and scalability challenges of the evolving IoT ecosystem.
This evaluation scheme is based on Common Criteria (ISO/IEC 15408) which was developed in the mid-1990s by Canada, France, Germany, the UK, the USA, and the Netherlands to address creating a standard way to define a computer product security claims and then a standard way for security labs to evaluate the products to determine if they actually meet the claims.
SESIP evolved out of Common Criteria as a security assurance scheme that was more adept at addressing the diverse and varied products being developed for the IoT market. The major difference between SESIP and PSA certification is that PSA certification requires strict adherence to the Platform Security Architecture (PSA) and its security functional requirements. Whereas SESIP allows for some flexibility in defining what security functions are in scope for evaluation.
There are three primary assurance Levels in SESIP, which are:
A distinguished independent panel of engineering and academic professionals at LEAP (Leadership in Engineering Achievement Program) awarded Secure Vault the gold medal in the 2020 LEAP Awards Connectivity category, citing it as a “new contemporary solution to an ever-evolving problem in privacy and security.” The annual LEAP Awards celebrate the most innovative and forward-thinking products serving the design engineering space.
Our Product Security Incident Response Team (PSIRT) is responsible for ensuring the vulnerabilities discovered in our products are mitigated and communicated responsibly. If you detect a security threat, let us know.