IoT

Inside Microsoft Azure Sphere

Microsoft engineer details how the company's IoT security solution operates - at multiple layers starting with the microcontroller.

MICROSOFT IGNITE - Orlando, Fla. - Galen Hunt sat at a table during Microsoft Ignite, with a holder filled with scores of square microcontroller chips on the table in front of him. One of the chips was missing. "Someone took one of my chips!" he exclaimed and then laughed. "I think I know who it was—and I've got more where these came from."

Hunt, a Microsoft distinguished engineer and managing director of the Azure Sphere/Azure hardware systems group, has spent a lot of time with MCUs (microcontroller units) while building Sphere, a service and framework that Microsoft offers for securing devices at the network's edge. 

The industry's concern about security of connected devices has been late in coming. "About nine billion devices a year ship where a microcontroller is the brain of the device," Hunt said in an interview at Ignite this week. "Most of those devices are not connected; ninety-nine point something-percent of them have no connectivity whatsoever." 

But a few years ago that situation began to change. "Four years ago, somebody walked into my office with a schematic description of the specs for a microcontroller with Wi-Fi built into it. And that was one of those 'a-ha' moments for me when I realized I was looking at the future of computing."

One of the problems with these connected devices is that the network stack built into the MCU is very primitive, he said. Most have no security capabilities whatsoever, depending on an "air-gap" to keep attackers at bay. And with the explosion of the IoT, that air-gap has disappeared, replaced with constant connectivity to the Internet at large. 

Microsoft ultimately created Azure Sphere, a three-part solution that allows manufacturers to rely on built-in security for their connected intelligent products. It begins with the sort of chips that Hunt has on the tray in front of him. "We're not building chips. We have an IP block that goes into the chips, Hunt said. "The IP block is to hardware what a library is to software."

The IP block in this case is called the Pluton Security Subsystem and it's part of every Azure Sphere MCU. Its primary function is providing a hardware root of trust for the device in which the MCU will sit. During the chip manufacturing process, the silicon die generates a unique key for the chip — a key that is used as the basis for cryptography and authentication. "It provides secure boot on top of the crypto identity, some other crypto accelerators, key storage, and some other basic hardware root of trust capabilities," Hunt said.

The second part of Azure Sphere is the operating system, a Linux-based operating system with multiple layers of defense for the firmware and the application code. "The outer layers not only might get attacked, they might be compromised, so then the inner layers know how to protect and restore the security outer layers," Hunt explained.

The layers come in an open source package that manufacturers can modify to suit the needs of their individual devices, Hunt said, with the goal of making the system sufficiently flexible to meet a wide range of demands.

Then there's the Azure Sphere security service, a cloud-based service that keeps every device updated with the latest version of firmware and application software. It also provides certificate-based authentication between the device and the manufacturer's application cloud.

A typical installation checks with Azure Sphere for software updates once a day, and Microsoft recommends that manufacturers build their code so that the Azure Sphere software runs on one core, while the application code runs on an entirely separate core — one that will allow for "fail-safe" operation even if network connectivity is completely lost.

Azure Sphere is built around the points made in a paper, The Seven Properties of Highly Secure Devices, which Hunt co-authored. "I use 'property' very precisely as opposed to principle or standards," Hunt said, "because property is something you can measure."

Azure Sphere developer kits are now available from Microsoft.

Related content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vuongquocloaivat
50%
50%
vuongquocloaivat,
User Rank: Apprentice
9/29/2018 | 4:40:55 AM
thank 4 share bro
thank 4 share bro
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.