Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT

Inside Microsoft Azure Sphere

Microsoft engineer details how the company's IoT security solution operates - at multiple layers starting with the microcontroller.

MICROSOFT IGNITE - Orlando, Fla. - Galen Hunt sat at a table during Microsoft Ignite, with a holder filled with scores of square microcontroller chips on the table in front of him. One of the chips was missing. "Someone took one of my chips!" he exclaimed and then laughed. "I think I know who it was—and I've got more where these came from."

Hunt, a Microsoft distinguished engineer and managing director of the Azure Sphere/Azure hardware systems group, has spent a lot of time with MCUs (microcontroller units) while building Sphere, a service and framework that Microsoft offers for securing devices at the network's edge. 

The industry's concern about security of connected devices has been late in coming. "About nine billion devices a year ship where a microcontroller is the brain of the device," Hunt said in an interview at Ignite this week. "Most of those devices are not connected; ninety-nine point something-percent of them have no connectivity whatsoever." 

But a few years ago that situation began to change. "Four years ago, somebody walked into my office with a schematic description of the specs for a microcontroller with Wi-Fi built into it. And that was one of those 'a-ha' moments for me when I realized I was looking at the future of computing."

One of the problems with these connected devices is that the network stack built into the MCU is very primitive, he said. Most have no security capabilities whatsoever, depending on an "air-gap" to keep attackers at bay. And with the explosion of the IoT, that air-gap has disappeared, replaced with constant connectivity to the Internet at large. 

Microsoft ultimately created Azure Sphere, a three-part solution that allows manufacturers to rely on built-in security for their connected intelligent products. It begins with the sort of chips that Hunt has on the tray in front of him. "We're not building chips. We have an IP block that goes into the chips, Hunt said. "The IP block is to hardware what a library is to software."

The IP block in this case is called the Pluton Security Subsystem and it's part of every Azure Sphere MCU. Its primary function is providing a hardware root of trust for the device in which the MCU will sit. During the chip manufacturing process, the silicon die generates a unique key for the chip — a key that is used as the basis for cryptography and authentication. "It provides secure boot on top of the crypto identity, some other crypto accelerators, key storage, and some other basic hardware root of trust capabilities," Hunt said.

The second part of Azure Sphere is the operating system, a Linux-based operating system with multiple layers of defense for the firmware and the application code. "The outer layers not only might get attacked, they might be compromised, so then the inner layers know how to protect and restore the security outer layers," Hunt explained.

The layers come in an open source package that manufacturers can modify to suit the needs of their individual devices, Hunt said, with the goal of making the system sufficiently flexible to meet a wide range of demands.

Then there's the Azure Sphere security service, a cloud-based service that keeps every device updated with the latest version of firmware and application software. It also provides certificate-based authentication between the device and the manufacturer's application cloud.

A typical installation checks with Azure Sphere for software updates once a day, and Microsoft recommends that manufacturers build their code so that the Azure Sphere software runs on one core, while the application code runs on an entirely separate core — one that will allow for "fail-safe" operation even if network connectivity is completely lost.

Azure Sphere is built around the points made in a paper, The Seven Properties of Highly Secure Devices, which Hunt co-authored. "I use 'property' very precisely as opposed to principle or standards," Hunt said, "because property is something you can measure."

Azure Sphere developer kits are now available from Microsoft.

Related content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vuongquocloaivat
50%
50%
vuongquocloaivat,
User Rank: Apprentice
9/29/2018 | 4:40:55 AM
thank 4 share bro
thank 4 share bro
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark Reading,  7/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14248
PUBLISHED: 2019-07-24
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
CVE-2019-14249
PUBLISHED: 2019-07-24
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
CVE-2019-14250
PUBLISHED: 2019-07-24
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14247
PUBLISHED: 2019-07-24
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.
CVE-2019-2873
PUBLISHED: 2019-07-23
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...