Telink white logo with Telink word in small size

We noticed you are using Internet Explorer.

We recommend using one of the below listed browsers to enjoy the best experience of our website.

Click here to download:

Chrome

Firefox

Safari

Edge

Telink white logo with Telink word
Rotate your device top arrow

PLEASE ROTATE ME

Rotate your device bottom arrow
Preloader image
loading...
Telink white logo with Telink word in small size

How PSA Certification Improves Security for the Internet of Things

Telink Staff

February 8, 2022

Standards

Semiconductor on blue background

PSA certification is a reliable way for developers to ensure their products offer improved data safety to consumers. 

The proliferation of Internet of Things (IoT) devices brings both innovation and risks to the technological landscape. A majority of IoT developers and companies are aware of security risks that can occur, yet 53 percent of hardware manufacturers do not run sufficient security checks when producing a product, in large part because they are dealing with conflicting security standards. That’s why Platform Security Architecture (PSA) certification guidelines for hardware security exist — they offer hardware developers and consumers evidence that their products include proper security measures.

The Purpose and Implementation of PSA Certification 

The three PSA certification levels

PSA certification was established in 2017 by seven security organizations to address the lack of industry-standard security principles needed to assess the defensive capability of a system on a chip (SoC). Since the IoT industry is already familiar with the importance of root of trust (RoT) in hardware development, PSA certification works harmoniously with it to align with existing expectations for security.

PSA certification involves an in-depth questionnaire, lab evaluation, and extensive board review. Certification is classified into three levels, depending on the degree of investment developers are willing to engage in:

  • PSA Certified Level 1: SoCs in this category are constantly monitored and audited to ensure that they are always up to PSA standards. Developers prioritize security along all aspects of product development.
  • PSA Certified Level 2: IoT hardware is further tested to examine how it fares against software-based cyberattacks. Level 2 certification is reached if SoCs are fortified enough to withstand a threat stemming from cloud servers and applications.
  • PSA Certified Level 3: The strongest hardware products are able to reliably prevent both software and hardware breaches.

Over 50 companies have already gauged their products’ security with PSA standards, and this number is expected to grow as IoT becomes further ingrained in our digital world.

Why PSA Certification Matters

Attacks on software programs take up to 90 days to resolve, while it can take years for hardware flaws to be patched. Chips of varying models and microcodes make these issues complicated to fix, especially if they were not comprehensively checked for potential weaknesses during the development process. PSA certification saves developers and consumers time and money by thoroughly testing chips’ RoT capabilities to reduce the risk of a malware attack in the first place.

RoT is the backbone of hardware security, so it’s important for consumers to know just how dependable it is for the device they’re using. Consumers interested in IoT devices but apprehensive about cyber threats are likely to be interested in products with PSA certification. 

Additionally, developers and vendors need to comply with government cybersecurity regulations, but there’s often no transparency regarding a device’s current level of security or how it is achieved. Moreover, smaller businesses may have difficulty integrating quality security solutions into their products. According to PSA Certified, only 33 percent of smaller companies admit to running threat analyses. This lack of security can severely tarnish a business’ reputation.

PSA certification provides all hardware companies with an easy and accessible guide for quality protection, while granting consumers more visibility into the safety of their data. 

Choose a PSA Certified Chip from Telink

Telink can help you quickly develop your products while minimizing security risks. Telink’s TLSR9 chip is the world-first PSA certified IC with RISC-V ISA. Developers can reduce time-to-market (TTM) and garner consumer confidence by using a chip that already complies with the highest security standards in the market. 

Please visit our wiki to learn more about all our development tools, or ask us a question through our Technical Forum or by contacting us directly today.