Third Party Accreditation

Arm PSA Certification

At Silicon Labs, IoT Security is a foundation for everything we do. Security is not a single point in time. But an ongoing process that includes protection against emerging threats, monitoring, and over-the-air software and firmware updates. Our Series 2 Wireless SoCs with Secure Vault™ were the first chips in the world to achieve Arm PSA Level 3 certification and now our Series 3 Secure Vault™ is the world’s first PSA Level 4 security technology.

Level 1: Foundational security best practices by demonstrating that good security design principles have been applied during the development of a product. It evaluates the implementation of a Root of Trust (RoT) with mechanisms like secure boot, cryptographic libraries, and update processes.

Level 2: Protecting against software attacks through independent testing by a security lab to demonstrate the RoT's resilience against scalable software attacks. This involves source code review, vulnerability assessment, and penetration testing, focusing on the RoT's security functions, including secure boot, secure storage, cryptographic services, and attestation.

Level 3: Protection against physical and software attacks through evaluation of the RoT's ability to protect against substantial software and hardware attacks, including side-channel and tamper attacks. This requires more intensive testing compared to Level 2, including white-box evaluation, vulnerability analysis, and penetration testing, with an emphasis on hardware design and implementation to mitigate threats.

Level 4: Highest assurance for critical applications by providing the highest level of security assurance against sophisticated physical and software attacks, specifically designed for high-security use cases. Building on Level 3, Leve 4 recognizes the use of a highly robust integrated Secure Enclave (iSE) or Secure Element (SE) and test for more sophisticated physical attacks, including laser fault injection.

Independent Security Evaluation by Riscure

Silicon Labs has completed extensive independent vulnerability penetration testing from the industry established Riscure Security Certification Services.

For this evaluation, Riscure performed a vulnerability analysis of our secure boot and secure debug and determined that it was infeasible for them to break. Our ECC and AES encryption were also evaluated for side-channel leakage with very high grades. The AES engine was further evaluated using Differential Fault Analysis (DFA) and the ECC engine was evaluated using Correlation Power Analysis (CPA) and again scored very well. Other areas evaluated by Riscure in the report were our Secure Element mailbox and tamper detection which again showed strong resistance to attacks.

This report can be shared as needed by Sales with customers under NDA and can be reviewed with the customer in a Video chat with our Security Apps team if required.

Security Evaluation Standard for IoT Platforms (SESIP)

SESIP provides a common and optimized approach for evaluating the security of connected products that meet the specific compliance, security, privacy, and scalability challenges of the evolving IoT ecosystem.

This evaluation scheme is based on Common Criteria (ISO/IEC 15408) which was developed in the mid-1990s by Canada, France, Germany, the UK, the USA, and the Netherlands to address creating a standard way to define a computer product security claims and then a standard way for security labs to evaluate the products to determine if they actually meet the claims.

SESIP evolved out of Common Criteria as a security assurance scheme that was more adept at addressing the diverse and varied products being developed for the IoT market. The major difference between SESIP and PSA certification is that PSA certification requires strict adherence to the Platform Security Architecture (PSA) and its security functional requirements. Whereas SESIP allows for some flexibility in defining what security functions are in scope for evaluation.

There are three primary assurance Levels in SESIP, which are:

• SESIP Assurance Level 1 (SESIP1)  is a self-assessment-based level that provides a basic level of assurance.
• SESIP Assurance Level 2 (SESIP2)  is a black-box penetration testing level that provides a moderate level of assurance.
• SESIP Assurance Level 3 (SESIP3)  is a traditional white-box vulnerability analysis that provides a substantial level of assurance. This evaluation is structured around a time-limited source code analysis combined with a time-limited penetration testing effort.

Leap Awards Winner 2020

A distinguished independent panel of engineering and academic professionals at LEAP (Leadership in Engineering Achievement Program) awarded Secure Vault the gold medal in the 2020 LEAP Awards Connectivity category, citing it as a “new contemporary solution to an ever-evolving problem in privacy and security.” The annual LEAP Awards celebrate the most innovative and forward-thinking products serving the design engineering space.