IoT

Inside Microsoft Azure Sphere

Microsoft engineer details how the company's IoT security solution operates - at multiple layers starting with the microcontroller.

MICROSOFT IGNITE - Orlando, Fla. - Galen Hunt sat at a table during Microsoft Ignite, with a holder filled with scores of square microcontroller chips on the table in front of him. One of the chips was missing. "Someone took one of my chips!" he exclaimed and then laughed. "I think I know who it was—and I've got more where these came from."

Hunt, a Microsoft distinguished engineer and managing director of the Azure Sphere/Azure hardware systems group, has spent a lot of time with MCUs (microcontroller units) while building Sphere, a service and framework that Microsoft offers for securing devices at the network's edge. 

The industry's concern about security of connected devices has been late in coming. "About nine billion devices a year ship where a microcontroller is the brain of the device," Hunt said in an interview at Ignite this week. "Most of those devices are not connected; ninety-nine point something-percent of them have no connectivity whatsoever." 

But a few years ago that situation began to change. "Four years ago, somebody walked into my office with a schematic description of the specs for a microcontroller with Wi-Fi built into it. And that was one of those 'a-ha' moments for me when I realized I was looking at the future of computing."

One of the problems with these connected devices is that the network stack built into the MCU is very primitive, he said. Most have no security capabilities whatsoever, depending on an "air-gap" to keep attackers at bay. And with the explosion of the IoT, that air-gap has disappeared, replaced with constant connectivity to the Internet at large. 

Microsoft ultimately created Azure Sphere, a three-part solution that allows manufacturers to rely on built-in security for their connected intelligent products. It begins with the sort of chips that Hunt has on the tray in front of him. "We're not building chips. We have an IP block that goes into the chips, Hunt said. "The IP block is to hardware what a library is to software."

The IP block in this case is called the Pluton Security Subsystem and it's part of every Azure Sphere MCU. Its primary function is providing a hardware root of trust for the device in which the MCU will sit. During the chip manufacturing process, the silicon die generates a unique key for the chip — a key that is used as the basis for cryptography and authentication. "It provides secure boot on top of the crypto identity, some other crypto accelerators, key storage, and some other basic hardware root of trust capabilities," Hunt said.

The second part of Azure Sphere is the operating system, a Linux-based operating system with multiple layers of defense for the firmware and the application code. "The outer layers not only might get attacked, they might be compromised, so then the inner layers know how to protect and restore the security outer layers," Hunt explained.

The layers come in an open source package that manufacturers can modify to suit the needs of their individual devices, Hunt said, with the goal of making the system sufficiently flexible to meet a wide range of demands.

Then there's the Azure Sphere security service, a cloud-based service that keeps every device updated with the latest version of firmware and application software. It also provides certificate-based authentication between the device and the manufacturer's application cloud.

A typical installation checks with Azure Sphere for software updates once a day, and Microsoft recommends that manufacturers build their code so that the Azure Sphere software runs on one core, while the application code runs on an entirely separate core — one that will allow for "fail-safe" operation even if network connectivity is completely lost.

Azure Sphere is built around the points made in a paper, The Seven Properties of Highly Secure Devices, which Hunt co-authored. "I use 'property' very precisely as opposed to principle or standards," Hunt said, "because property is something you can measure."

Azure Sphere developer kits are now available from Microsoft.

Related content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vuongquocloaivat
50%
50%
vuongquocloaivat,
User Rank: Apprentice
9/29/2018 | 4:40:55 AM
thank 4 share bro
thank 4 share bro
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.