Platform Security Architecture – Scalable Security for the IoT

Arm releases a white paper on the Platform Security Architecture

The recent deployment of connected devices, as part of the evolution of the Internet of Things (IoT), has led to a major increase in the number of IoT-based cyber-attacks. These attacks have highlighted the very real need for better security measures to be implemented, throughout the value chain of connected devices, covering high-level infrastructure, such as energy supply and connected vehicles to low-cost devices, such as webcams and smart lighting. Breaches in security present a host of issues for those operating in the IoT. Leaks in confidential information, theft of personal data, a loss of control of connected systems and the shutting down of critical infrastructure, all represent major areas at risk.

The growth of IoT-based services is founded on a diversity in the nature and type of device being connected to the internet, whether sensors, actuators or gateways. Not all of these devices, however, are high value, high specification appliances, with the vast majority likely to be small and built to a budget. Despite this, as recent high-profile attacks have demonstrated, even the cheapest of devices needs to be secure as they can act as portals into much larger systems. Overall, as the number of connected assets in the Internet of Things increases, the attack surface is expanding and so is the need for more robust, scalable defence systems.

Threat Categories IoT

Figure 1. Threat Categories

Enter: Arm’s Platform Security Architecture (PSA) 

The Platform Security Architecture is an holistic set of threat models, security analyses, hardware and firmware architecture specifications. The PSA provides a framework, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. It offers common ground rules and a more economical approach to building more secure devices. Additionally, Arm is delivering an open source reference implementation of PSA firmware for Armv8-M based devices. The components of PSA can be framed in three general design stages: Analyse, Architect and Implement.

  1. Analyse
    The recipe starts with a set of threat models and security analyses, considering multiple IoT use cases with respect to their assets and potential threats. PSA includes model analyses that can serve as both examples and guidelines for developing a similar approach to additional use cases. This approach is modelled on the formal security certification processes used across the industry.
  2. Architect
    The hardware and firmware architecture specifications are designed to cover the core set of security principles, as identified in the security analyses. These can be used to design silicon and devices that include these principles with a consistent set of capabilities and interfaces. These common principles include concepts such as device identity, trusted boot, secure over-the-air software update, and certificate based authentication.
  3. Implement
    Arm provides a variety of security technologies and silicon IP to help designers build more secure systems – and the open source Trusted Firmware-M project will provide a reference implementation for PSA as a starting point for the industry on the software side.

Analysis Architect Implement

The value of the Arm ecosystem is to provide diversity and choice to end-customers and this benefit extends to the IoT and its broad range of technologies and providers. Arm recognises this potential, alongside the risks that threaten the devices, systems and infrastructures operating within the IoT. PSA provides the common framework for the ecosystem, from chip designers and device developers, to cloud and network infrastructure providers and software vendors.

Shifting the Economics of Security

Arm is creating a cost-effective, scalable, easy-to-implement security framework that provides a basis for the industry to build more secure devices. Security can no longer be optional, and as an industry we have a shared responsibility to protect our connected world.

For more in-depth information, we have written a white paper Platform Security Architecture Overview covering:

  • PSA Building Blocks
  • Threat Models and Security Analyses
  • Architecture Specifications Documents
  • Trusted Firmware-M reference implementation
  • Ecosystem Enabling

To find out more on the PSA

Download PSA White Paper