Layered Security for the Next One Trillion Devices

Arm technology is in billions of devices today, a number we expect to grow to more than a trillion by 2035. To protect the billions of devices entering the market, IoT security cannot be an afterthought but must be layered in to form a symbiotic relationship between hardware and software.

Why? Because your device is only as strong as your weakest link – a single vulnerability could compromise an entire device.

PSA Certified (previously known as the Platform Security Architecture) is an architecture-agnostic security framework and certification program for implementing technologies, processes, and measures designed to protect systems, networks, and data from a range of attacks and a broad spectrum of vulnerabilities.

Based on four key stages: analyze, architect, implement and certify, PSA Certified guides you through the complex world of security design, identifying threats to a system, and recommending and describing which counter-measures to implement. The Arm security portfolio is built to help our partners to meet PSA Certified guidelines, so organizations can deploy the right level of robustness to best match the needs of each application.

What vulnerabilities do I need to consider?

As the appetite for exploiting security flaws intensifies, so does the broad spectrum of vulnerabilities. It’s important to consider each type of vulnerability and how these could impact your system. At Arm we split the types of vulnerability into four areas: communication, physical, lifecycle and software.

Communication Vulnerabilities

Attackers can try multiple means to intercept, spoof or disrupt messages sent from devices back to the server. Best-practice cryptographic defences must match the increasing value data being communicated. 

Physical Vulnerabilities

Silicon attacks are often split into two categories: non-invasive and invasive. Non-invasive (side-channel) use different ways to try to observe the chip to gain information. These include perturbation techniques–altering the power supply voltage or interfering with electromagnetic signatures. Invasive techniques involve opening the chip to probe or modify part of the passivation layer. 

Lifecycle Vulnerabilities

Devices changes hands many times—from factory to user, to maintenance and to end-of-life. The integrity of the device must be protected at each step: who is repairing it, how is confidential data handled, are firmware upgrades legitimate. Unplanned or forbidden paths, such a theft, overages, or Wi-Fi changes are all vulnerabilities to consider.

Software Vulnerabilities

These are the most common attacks where someone finds a way of using existing cost to get access to restricted resources. It could be due to a software bug or to unexpected call sequences that are open to whole classes of exploits.

Key Security Goals

Key Security Goals

As a founder of PSA Certified, Arm believe that every connected device needs to meet 10 fundamental security goals. These goals help to overcome some of the most fundamental security threats, ensuring there is a baseline for security. Achieving these 10 security goals requires a number of things, including specific counter-measures.

Learn More
PSA Certified Security Report 2021

Bridging the Gap

The PSA Certified 2021 Security Report is a comprehensive study into the opinions of 600+ IoT technology decision-makers, examining the glaring gap between the perceptions of security today and the reality – where companies are skipping threat modeling, lacking resources and struggling with fragmentation. Read the report to understand more and learn how collaboration will bridge this gap.

Download Report


Selecting the right security products for a device requires careful analysis to identify the level of threat while considering all four types of vulnerability. Ask yourself: what are the assets of my application? How sensitive are they? What are the risks to my business if they are exposed? What lengths will an attacker take to access the assets? PSA Certified advises to start security design with analysis and answering these important questions, using threat modelling (or a protection profile) to identify the appropriate counter-measures. Once this extensive analysis is complete and you have a list of security requirements, it’s time to select the best counter-measures for your application.

Arm offers a wide spectrum of security IP to mitigate the risks associated with each vulnerability. These include products that can help with cryptography, security services, isolation and tamper mitigation.

Software Counter-Measure Solutions 

PSA Certified advises that software security measures must isolate the security firmware and private information from the rest of the application. Arm TrustZone-enabled Cortex-A and Cortex-M processors are the most efficient way to implement isolation.

Trusted Execution Environment

The TEE consists of hardware-based isolation technology, trusted boot and a small trusted OS, offering protection against software attacks.

CMSIS-Zone Arm Keil MDK

CMSIS provides device support and a common approach to interface peripherals, reducing development time and offering protection against software attacks.

Trusted Firmware-M (TF-M)

Trusted Firmware-M delivers reference documents, specifications, and APIs that meet PSA Certified guidelines for Armv8-M based microcontrollers completely free of charge.

Mbed OS

Arm Mbed OS provides transport, lifecycle, and device security features for the entire Arm Cortex-M family via standardized security-specific building blocks.

Communication and Lifecycle Counter-Measure Solutions

Cryptographic Services: Arm CryptoCell Family

Arm CryptoCell lets you protect assets belonging to different stakeholders in an ecosystem, safeguarding against communication and lifecycle attacks. Depending on your application, choose either Arm CryptoCell-300 for high-efficiency systems with a small footprint and low power consumption or Arm CryptoCell-700 for high performance systems.

Secure Debug: Arm CoreSight SDC-600

An important part of protecting a device, is ensuring that debug can take place in a secure way. CoreSight SDC-600 enables silicon and tool vendors to enforce protection and debug access via a secure debug channel.

Physical Counter-Measure Solutions

Anti-tampering Processor: Arm Cortex-M35P

The Arm Cortex-M35P processor includes built-in tamper resistance, memory protection, and TrustZone security for hardware-enforced isolation. The processor is certified to EAL6+ for the Common Criteria ISO 15408 standard, providing SoC designers a trusted, simplified route to security. 

Arm SecurCore SC300

Arm SecurCore SC300 provides a processor with embedded counter measures against side channel attacks and fault injections to protect against physical attacks.

Arm SecurCore SC000

Arm SecurCore SC000 combines the Cortex-M0 processor with anti-tampering security features to offer protection against physical attacks.

Looking to accelerate the development of secure SoCs?

Designed on the principles of PSA Certified, Corstone reference packages provide a complete solution for architecting a system with security at the heart, while balancing trade-offs between performance and power. The pre-verified subsystem and system IP included in Corstone packages significantly accelerates the development of secure SoCs, saving you time and allowing you to focus your resources on differentiation.

Learn More