Security

Nordic takes security to the next level

The importance of security

Nordic Semiconductor is a leading provider of low-power wireless communication solutions. We offer a range of security features within all product series and have partnered with leading security providers to offer a complete end-to-end security solution for our customers.

Security is becoming increasingly important within the IoT and wireless connectivity for several reasons. Given these risks, it is important to prioritize and define security requirements early in the design process. Nordic offers security enablers that ensure a successful implementation of the security level needed for your specific IoT device.

Learn from our experts

Designing secure IoT products

Creating secure products with ease

 

The industry is coming together to create streamlined best practices, frameworks, and certifications. Nordic aligns with PSA CertifiedTM to provide a standardized approach to security that guides customers through their individual security journey. Below we have highlighted a few simplified steps, guiding you towards a successful result:

Analyze - Threat models & security analysis

Analyze - Threat models & security analysis

Understand the critical assets that need to be protected in your product, and what threats that have the potential to compromise it, to identify the most effective security measures.
Architect - Hardware & firmware specifications

Architect - Hardware & firmware specifications

Once the analysis is concluded it needs to be translated into technical specifications.
Implement - Firmware Source code

Implement - Firmware Source code

The required features must be implemented in the firmware, based on high-level APIs that interface to the hardware root of trust.
Icon of a document with a medal on it

Certify - Independently tested

The final step to confirm that all requirements have been satisfied and to establish the reliability of your product is an independent security assessment of your device.

Security goals and objectives

At Nordic we have a clear goal when it comes to security. Enable everyone to design and deploy secure products, by:

  1. Making the right choices from the start.
  2. Understanding the threats and value of security
  3. Protecting critical assets against common threats

IoT product security can be divided into a few simple objectives every product should meet.

Secure boot and secure update with anti-rollback

Secure boot and secure update with anti-rollback

Security starts at boot time to ensure that only authorized software can be executed and updated on a device. Reinstating previous software versions should be prevented to ensure that fixed security issues don't become exposed.
Isolation between secure and non-secure environments

Isolation between secure and non-secure environments

There must be separation between trusted and un-trusted services to avoid compromising the entire device. Un-trusted services should interact with trusted services through APIs that ensure functionality while keeping confidentiality of critical data and resources.
Secure storage

Secure storage

Critical assets must be uniquely bound to each device and protected from any intrusion, to ensure confidentiality and integrity.
Attestation and unique identification

Attestation and unique identification

Every device should be uniquely identifiable and attestable so that a trusted interaction can be established. See the nRF Cloud Security Services for more information.

Security Lifecycle

Security Lifecycle

Device security must be defined through different product lifecycle phases, from initial assembly to decommissioning and every step in between. The nRF Cloud Security Services can simplify some of the lifecycle phases.
Cryptographic services

Cryptographic services

A secure product sits on top of a set of trusted cryptographic services to enable the implementation of all required security features.