Renesas Electronics Corporation has announced both PSA Certified Level 2 and Security Evaluation Standard for IoT Platforms (SESIP) certifications for its RA family of 32-bit Arm Cortex-M microcontrollers (MCUs).
Renesas’ RA6M4 MCU group devices with the flexible software package (FSP) have been PSA Level 2 certified, expanding on the PSA Certified Level 1 achieved by RA4 and RA6 Series MCUs. Renesas’ RA6M3, RA6M4, and RA4M2 MCU groups have achieved SESIP1 certification with physical and logical attacker certifications.
PSA Certified offers a framework for securing connected devices, from analysis through to security assessment and certification. The framework provides standardized resources addressing the growing fragmentation of IoT requirements, ensuring security is no longer a barrier to product development. PSA Certified through a third-party laboratory evaluation of a PSA root of trust (PSA-RoT), PSA Certified Level 2 provides evidence of protection against scalable software attacks. Evaluation labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT protection profile have been met.
The PSA Certified ecosystem, whose mission was launched at embedded world in 2019, said it has over 60 PSA Certified products from over 30 partners ranging from silicon vendors and siftware providers to device manufacturers. PSA Certified provides three levels of progressively increasing security robustness and assurance:
PSA Certified Level 2 demonstrates protection against software attacks and requires the PSA-RoT to have passed 25 days of test lab evaluation
PSA Certified Level 3 increases the sophistication of the attacks and includes analysis of protection against physical and side-channel attacks.
SESIP is an optimized version of Common Criteria methodology (ISO 15408-3) for the evaluation of IoT components and connected platforms. SESIP defines a catalogue of security functional requirements (SFRs), which the product developer can use to build their secure device, scaling appropriately for their specific threat model and use case. SESIP also incorporates and refines Common Criteria security assurance requirements (SARs), including the requirement ALC_FLR.2 flaw reporting procedures, which Renesas addresses with its Renesas PSIRT (Renesas product security incident response team) process and public web interface. Specifically designed for SFR reuse and mapping to other certifications, the SESIP methodology enables product developers to pursue appropriate certification of their device to other industry-standard certifications such as IEC 62443.
In addition to industry certifications, Renesas RA MCUs offer IoT security by combining secure crypto engine IP with NIST CAVP (cryptographic algorithm validation program) certifications on top of Arm TrustZone for Armv8-M. RA Family devices incorporate hardware-based security features from simple AES acceleration to fully-integrated crypto subsystems isolated within the MCU. The secure crypto engine provides symmetric and asymmetric encryption and decryption, hash functions, true random number generation (TRNG), and advanced key handling, including key generation and MCU-unique key wrapping. An access management circuit shuts down the crypto engine if the correct access protocol is not followed, and dedicated RAM ensures that plaintext keys are never exposed to any CPU or peripheral bus.
Representing the independent security evaluation lab Brightsight, Carlos Serratos, said, “From an OEM perspective, there is an increasing awareness of the value of certified devices as a tool for managing risk, and for aligning with multiple device certifications. While this is particularly relevant for devices used in critical infrastructures, it is steadily becoming the norm for the rest of the IoT domain.” Serratos is the lab’s senior director of strategy, policy and advocacy. Brightsight is a founding member of and an accredited lab for the PSA Certified program.