25. März 2021, 14:30 Uhr | Simon Butcher, principal security engineer, Arm
While there are many threats we face in a rapidly evolving security landscape, we now have the answers to help mitigate these risks. Implementing foundational security best practice is key; if a device is compromised, and its firmware or its configurations are changed, we need a means to detect this and to return the device back to a secure state. That requires secure boot to only boot authorized firmware and secure update to upgrade or restore the firmware remotely. This should be done quickly as a new version of firmware becomes available to fix any potential security issues as soon as they are found and patched.
OEMs must look to implement security from the chip level, ensuring they use secure IP that has been designed with security at its heart. Arm-based chips are already in more than 180 billion devices and as IoT rapidly expands, it’s important that security is not just an afterthought and is built into devices in line with PSA Certified standards.
For a device to securely communicate with a cloud, it needs to be able to trust the cloud server it connects to, and in turn the cloud server needs to be able to trust and identify the device. To do that securely, requires mutual cryptographic authentication, and for the device to have a unique identity.
So how to deliver and implement these features? How can we be sure that secure boot and secure update have not been compromised themselves? How can we be sure the device is the one it purports to be? It starts with a root of trust.
In essence, a root of trust is a means by which, at boot, you can establish trust of the firmware you're executing, the hardware it's executing on and that neither have been tampered with or changed. A root of trust is crucial to ensuring a device’s integrity and that the device’s integrity and security state can be determined by any other device or service it connects to.
The high-level security services, essential for the security of a device, all depend on establishing a root of trust. Without it there is no means for the software executing on a device to know that it is trustworthy and has not been subverted by an attacker.
With any software development, designing a secure system is not straightforward, and it's easy to make security related design mistakes in protocols and APIs or architecture which can be hard to fix retrospectively in patches and updates.
To ease this, the PSA Certified program has defined a series of common security services and functions, such as the PSA Root of Trust (PSA-RoT), that a PSA Certified product should provide.
Industry is increasingly realizing it needs to mitigate the commercial IoT threats in the evolving, connected OT landscape. As a result, we are starting to see cyber insurance companies looking for evidence of security best practice adoption in deployments.
Arm and six other founders, recognizing the risk that unsecured networked devices may bring, jointly created PSA Certified, an initiative to define a security framework and certification program to certify devices that have been designed with security in mind and are suitable for connecting to the internet or any other network.
The intention is to provide a standard for those selecting components for their designs, or devices for their systems, and to give clear guidance on the suitability of a part for its security properties. The PSA Certified program includes multiple levels, each providing a different level of assurance, suitable for devices and applications that have different security requirements.
PSA Certified defines not just a certification scheme, but also specifies a set of specifications and PSA Functional APIs, that provide a solution for some of the fundamental security issues of connected devices. These services help define the PSA-RoT and include a variety of functions, such as secure boot, firmware update, secure key storage as well as cryptographic services and others. Features which are not always present in all industrial equipment or IoT devices.
The ambition is to make commonplace these basic security features, and with a common set of APIs to access them, so by leveraging these resources, OEMs and ODMs can focus their investment on the application code in their own domain, and porting to later generations or different components should be easier.
The Trusted Firmware project has developed an open-source, open-governance reference implementation of the PSA Functional APIs, suitable for an Arm Cortex-M MCU, with Trusted Firmware-M. This can be ported by Arm’s silicon partners to MCUs to provide the services.
A recognition of the vulnerability of IoT systems has been driving standardization activities across IoT. National and international standards bodies such as the NIST and IEC have issued IoT and Industrial IoT cybersecurity standards. There has also been pull from industry itself with many companies recognizing the importance of security audits and the certification of their OT infrastructure, showing the increasing pressure and desire to certify.
One such standard is IEC62443, which is increasingly recognized as one of the most popular for industrial applications. IEC62443 defines requirements for whole industrial control systems, as well as the components that make up those systems. These requirements span how the system should operate, best practice for their use, and requirements for implementing specific features. However, it is the 4-2 section of IEC62443, that is the most relevant to individual IoT devices as it defines the security requirements of components of industrial systems.
PSA Certified evaluates many foundational security requirements. These security features can be used to meet the requirements of IEC62443, and specifically, the 4-2 section of IEC62443. For example:
These are just a few examples, but there are many other features PSA Certified has which can support IEC62443. Meeting the foundational security requirements of PSA Certified provides a standardized baseline on which to build an IEC62443 compliant system.
The Industrial Internet of Things offers enormous opportunity and advantages to industry, but as more devices get connected, we face the challenges of exposing more sophisticated and connected equipment to attack. Security best practice needs to be followed from the outset of any design to help protect against threats and provide the assurance required to scale deployments. PSA Certified has a wealth of resources to help, that will result in overall cost efficiencies and a faster time-to-market. For the benefits of IIoT to be realized over the next decade, security must become part of every company’s agenda and part of every product.
With more than 20 years of experience within the electronics industry, Simon has spent the last 10 years at Arm on security projects ranging from payment systems, to mobile phones to IoT. Simon currently works as a security solutions consultant, helping partners get the most from Arm technology.