An Investigation of PSA Certified

Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI:10.1145/3538969.3544452

Seonghan Shin, Tomoyuki Ogawa, Ryo Fujita, Mari Itoh, Hirotaka Yoshida

{"title":"An Investigation of PSA Certified","authors":"Seonghan Shin, Tomoyuki Ogawa, Ryo Fujita, Mari Itoh, Hirotaka Yoshida","doi":"10.1145/3538969.3544452","DOIUrl":null,"url":null,"abstract":"PSA (Platform Security Architecture) Certified is a security certification scheme for IoT hardware, software, and devices. The scheme is composed of security certification (PSA Certified Level 1/2/3) and functional API certification (PSA Certified Functional API). Up to now, this scheme has been adopted by many chip manufacturers, system/software developers, and OEMs (Original Equipment Manufacturers). In this paper, we investigate the PSA security certification and PSA functional API (Cryptography API, Storage API, and Attestation API) with its reference implementation. Also, we analyze the source code of the reference implementation by using Polyspace Bug Finder. Specifically, we found 1,385 coding defects in the PSA functional API reference implementation where high, medium, and low impact defects take up 44, 90, and 1,251, respectively. Then, we compare the PSA functional API and its reference implementation in several aspects. Throughout this paper, we explain the obtained analysis results and our findings in detail.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"106 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 17th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3538969.3544452","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

PSA (Platform Security Architecture) Certified is a security certification scheme for IoT hardware, software, and devices. The scheme is composed of security certification (PSA Certified Level 1/2/3) and functional API certification (PSA Certified Functional API). Up to now, this scheme has been adopted by many chip manufacturers, system/software developers, and OEMs (Original Equipment Manufacturers). In this paper, we investigate the PSA security certification and PSA functional API (Cryptography API, Storage API, and Attestation API) with its reference implementation. Also, we analyze the source code of the reference implementation by using Polyspace Bug Finder. Specifically, we found 1,385 coding defects in the PSA functional API reference implementation where high, medium, and low impact defects take up 44, 90, and 1,251, respectively. Then, we compare the PSA functional API and its reference implementation in several aspects. Throughout this paper, we explain the obtained analysis results and our findings in detail.

查看原文本刊更多论文

PSA认证的调查

PSA (Platform Security Architecture) Certified是一种针对物联网硬件、软件和设备的安全认证方案。方案由安全认证(PSA Certified Level 1/2/3)和功能API认证(PSA Certified functional API)两部分组成。到目前为止，该方案已被许多芯片制造商、系统/软件开发商和oem(原始设备制造商)采用。在本文中，我们研究了PSA安全认证和PSA功能API(加密API，存储API和认证API)及其参考实现。此外，我们还使用Polyspace Bug Finder分析了参考实现的源代码。具体来说，我们在PSA功能API参考实现中发现了1,385个编码缺陷，其中高、中、低影响缺陷分别占44,90和1,251个。然后，我们从几个方面比较了PSA函数API及其参考实现。在本文中，我们详细解释了所获得的分析结果和我们的发现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 17th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量