Augmented Reality for Enterprise Alliance

Root of Trust – Physical Security

Back to Infographic

Root-of-Trust

RoTs are security primitives composed of hardware, firmware and/or software that provide a set of trusted, security-critical functions. The root-of-trust on a device determines the level of confidence in the AR device. AR systems operate in complex computing environments, and critical security functions should be designed using a hardware root-of-trust. As unique new hardware platforms, it is important for the asset owner to choose AR platforms that effectively implement hardware root-of-trust to provide device integrity, protected storage, and execution isolation. The protection levels SL3 and SL4 require a hardware root-of-trust.

Please refer to NIST SP 800-164, Guidelines on Hardware-Rooted Security in Mobile Devices, for an extended discussion of root-of-trust.

Security Protection Levels

The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.

IEC security protection levels.

IEC Security Protection Level Description
SL1 Protection against casual violation
SL2 Protection against intentional violation using simple means
SL3 Protection against intentional violation using sophisticated means
SL4 Protection against intentional violation using sophisticated means with extended resources

 

The following items are required for SL >2

The following items are required for SL >3

Physical Security

The AR device should have anti-tampering mechanisms to avoid uncontrolled changes or inspection of hardware. Also, physical security includes the control of exposed physical ports such as USB and media jacks. AR devices can be protected by perimeter defenses, but the risk analysis should take into account the mobile nature and size of AR devices.

Security Protection Levels

The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.

IEC security protection levels.

IEC Security Protection Level Description
SL1 Protection against casual violation
SL2 Protection against intentional violation using simple means
SL3 Protection against intentional violation using sophisticated means
SL4 Protection against intentional violation using sophisticated means with extended resources

 

The following items are required for SL >0

The following items are required for SL >1

The following items are required for SL >2

The following items are required for SL >3