Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT

Inside Microsoft Azure Sphere

Microsoft engineer details how the company's IoT security solution operates - at multiple layers starting with the microcontroller.

MICROSOFT IGNITE - Orlando, Fla. - Galen Hunt sat at a table during Microsoft Ignite, with a holder filled with scores of square microcontroller chips on the table in front of him. One of the chips was missing. "Someone took one of my chips!" he exclaimed and then laughed. "I think I know who it was—and I've got more where these came from."

Hunt, a Microsoft distinguished engineer and managing director of the Azure Sphere/Azure hardware systems group, has spent a lot of time with MCUs (microcontroller units) while building Sphere, a service and framework that Microsoft offers for securing devices at the network's edge. 

The industry's concern about security of connected devices has been late in coming. "About nine billion devices a year ship where a microcontroller is the brain of the device," Hunt said in an interview at Ignite this week. "Most of those devices are not connected; ninety-nine point something-percent of them have no connectivity whatsoever." 

But a few years ago that situation began to change. "Four years ago, somebody walked into my office with a schematic description of the specs for a microcontroller with Wi-Fi built into it. And that was one of those 'a-ha' moments for me when I realized I was looking at the future of computing."

One of the problems with these connected devices is that the network stack built into the MCU is very primitive, he said. Most have no security capabilities whatsoever, depending on an "air-gap" to keep attackers at bay. And with the explosion of the IoT, that air-gap has disappeared, replaced with constant connectivity to the Internet at large. 

Microsoft ultimately created Azure Sphere, a three-part solution that allows manufacturers to rely on built-in security for their connected intelligent products. It begins with the sort of chips that Hunt has on the tray in front of him. "We're not building chips. We have an IP block that goes into the chips, Hunt said. "The IP block is to hardware what a library is to software."

The IP block in this case is called the Pluton Security Subsystem and it's part of every Azure Sphere MCU. Its primary function is providing a hardware root of trust for the device in which the MCU will sit. During the chip manufacturing process, the silicon die generates a unique key for the chip — a key that is used as the basis for cryptography and authentication. "It provides secure boot on top of the crypto identity, some other crypto accelerators, key storage, and some other basic hardware root of trust capabilities," Hunt said.

The second part of Azure Sphere is the operating system, a Linux-based operating system with multiple layers of defense for the firmware and the application code. "The outer layers not only might get attacked, they might be compromised, so then the inner layers know how to protect and restore the security outer layers," Hunt explained.

The layers come in an open source package that manufacturers can modify to suit the needs of their individual devices, Hunt said, with the goal of making the system sufficiently flexible to meet a wide range of demands.

Then there's the Azure Sphere security service, a cloud-based service that keeps every device updated with the latest version of firmware and application software. It also provides certificate-based authentication between the device and the manufacturer's application cloud.

A typical installation checks with Azure Sphere for software updates once a day, and Microsoft recommends that manufacturers build their code so that the Azure Sphere software runs on one core, while the application code runs on an entirely separate core — one that will allow for "fail-safe" operation even if network connectivity is completely lost.

Azure Sphere is built around the points made in a paper, The Seven Properties of Highly Secure Devices, which Hunt co-authored. "I use 'property' very precisely as opposed to principle or standards," Hunt said, "because property is something you can measure."

Azure Sphere developer kits are now available from Microsoft.

Related content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vuongquocloaivat
50%
50%
vuongquocloaivat,
User Rank: Apprentice
9/29/2018 | 4:40:55 AM
thank 4 share bro
thank 4 share bro
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.