Microsoft just launched Azure Sphere with the goal of protecting IoT devices. Its new custom silicon is a Linux-based embedded OS and cloud service, aimed at securing edge devices for microcontrollers (MCU). The MCU is “the brain of the device”, as Microsoft terms it, “hosting the compute, storage, memory, and an operating system right on the device”. Over 9 billion of these MCU-powered “everyday devices” are built and put into operation yearly. While a minority of these devices are currently connected to the Internet, Microsoft predicts that this will fundamentally change within the next few years, as “this entire industry, all 9 billion or more devices per year, is on path to include connected MCUs”.
The connected nature of IoT devices of course not only makes them more responsive, but also gives them access to sensitive data in our homes and workplaces, and they thereby become natural targets for attack. Not only could this lead to individual attacks, such as an online baby monitor being used to spy on your home, it’s already a problem for society at large. IoT botnets, such as Mirai and IoTroop, which commandeer hundreds of thousands of compromised IoT devices, can knock large elements of the Internet offline through the combined force of their computing power. Microsoft is ahead of the curve in noting that “it’s of paramount importance that we proactively address this emerging threat landscape with solutions that can keep pace as connected MCUs ship in billions of new devices ever year”.
At RSA on Monday, Microsoft announced the preview of its Microsoft Azure Sphere, its solution for “creating highly-secured, Internet-connected microcontroller (MCU) devices”. Three key components work together in Azure Sphere to protect and power devices at the edge:
- Azure Sphere certified microcontrollers (MCUs): This “cross-over class of MCU” combines real-time and application processors with in-built Microsoft security technology and connectivity. Each chip includes custom silicon security technology from Microsoft.
- Azure Sphere OS: This operating system is “purpose-built to offer unequalled security and agility”. Unlike the RTOSes that most MCUs operate on today, Microsoft’s IoT OS provides multiple layers of security by combining a security monitor with a custom Linux kernel.
- Azure Sphere Security Service: Microsoft describes this as, “A turnkey, cloud service that guards every Azure Sphere device; brokering trust for device-to-device and device-to-cloud communication through certificate-based authentication, detecting emerging security threats across the entire Azure Sphere ecosystem through online failure reporting, and renewing security through software updates”.
Microsoft’s goal is to bring the expertise from decades protecting its own devices and data in the cloud, including “learnings” from Xbox, to MCU powered devices. The above capabilities work together to meet all seven properties of a highly secured device, which Microsoft claims makes it a first of its kind solution.
ZDNet journalist, Mary Jo Foley, noted that Microsoft has been at work on this project for a number of years. Its Project Sopris, a research effort to secure IoT devices that were low-cost, was in part led by Galen Hunt who heads up Azure Sphere as Partner Managing Director. Early findings indicated that “even the most price-sensitive devices should be redesigned to achieve the high levels of device security critical to society’s safety,” the researchers said last year.
The first Azure Sphere chip will be the MediaTek MT3620. Inside the secured MCUs, Microsoft is including a new security subsystem it has dubbed “Pluton”. Its controllers include the power of a Cortex-A processor with the real-time guarantees of a Cortex-M class processor, according to Microsoft’s Azure Sphere web site.