RoTs are security primitives composed of hardware, firmware and/or software that provide a set of trusted, security-critical functions. The root-of-trust on a device determines the level of confidence in the AR device. AR systems operate in complex computing environments, and critical security functions should be designed using a hardware root-of-trust. As unique new hardware platforms, it is important for the asset owner to choose AR platforms that effectively implement hardware root-of-trust to provide device integrity, protected storage, and execution isolation. The protection levels SL3 and SL4 require a hardware root-of-trust.
Please refer to NIST SP 800-164, Guidelines on Hardware-Rooted Security in Mobile Devices, for an extended discussion of root-of-trust.
The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.
IEC security protection levels.
| IEC Security Protection Level | Description |
| SL1 | Protection against casual violation |
| SL2 | Protection against intentional violation using simple means |
| SL3 | Protection against intentional violation using sophisticated means |
| SL4 | Protection against intentional violation using sophisticated means with extended resources |
The following items are required for SL >2
The following items are required for SL >3
Physical Security
The AR device should have anti-tampering mechanisms to avoid uncontrolled changes or inspection of hardware. Also, physical security includes the control of exposed physical ports such as USB and media jacks. AR devices can be protected by perimeter defenses, but the risk analysis should take into account the mobile nature and size of AR devices.
The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.
IEC security protection levels.
| IEC Security Protection Level | Description |
| SL1 | Protection against casual violation |
| SL2 | Protection against intentional violation using simple means |
| SL3 | Protection against intentional violation using sophisticated means |
| SL4 | Protection against intentional violation using sophisticated means with extended resources |
The following items are required for SL >0
The following items are required for SL >1
The following items are required for SL >2
The following items are required for SL >3
You must be an AREA subscriber and logged in to access this content. Please login or click below to create your free AREA subscriber account and access this valuable content today.
Need more advice on the types of membership you cant get? Click here for our FAQ section on memberships.