The problem that Azure Sphere is trying to tackle?
We are connecting more devices to the Internet all the time. In 2008 the number of network connected things exceeded the earth’s population. And by 2025, we will connect more than 75 billion of these devices – also known as Internet of Things (IoT) devices – to the Internet.
These connected things are not immune to hacking. In many cases, these devices are not secured from the beginning and the devices are left with many vulnerabilities. Hence, hackers can control IoT devices remotely. Examples of such vulnerabilities and hacks include:
- Hackable cardiac devices from St. Jude or Owlet baby heart rate monitor.
- TRENDNet webcams allowed anyone to see through the cameras or even listen in.
- A heater in a casino’s aquarium allowed hackers to access the casino’s customers list.
- The Jeep hack where some hackers demonstrated how they can turn the engine off or steer the car remotely. The vulnerability came from the car’s use of a dashboard system called Uconnect, which provided the ability to re-write the firmware on the chip. This in turn, enabled access to the rest of the car’s controls via the CANBus interface.
- The Mirai Botnet DDoS attack infected many devices (including digital cameras and DVR players). Then, Mirai Botnet used these devices to attack a service provider (Dyn). Subsequently, the Mirai Botnet brought down huge portions of the Internet.
- You can other examples of such vulnerabilities and hacks online.
The definition of a truly secured device.
It used to be that only high-end devices had strong security. Going forward though, it is critical that all network-connected IoT devices are secured. This includes children’s toys, household appliances and factory equipment. In the end, an IoT solution is a secure as its weakest link.
To secure such IoT devices, a Microsoft research team came up with the 7 criteria which they assert are required in highly secured devices. The 7 properties of highly secure devices
- Highly secure devices have a hardware-based root of trust: the device has a unique identity tied to the hardware.
- Such secured devices have a small trusted computing base. As a result, the security enforcement features are protected from other hardware or software.
- These IoT devices have defense in depth. This means that several countermeasures lessen the effect of a successful attack.
- Secured devices provide compartmentalization by using different security layers. Therefore, if one layer is compromised the other layers are not affected.
- They use certificate-based authentication: trust brokered using signed certificates
- These secured devices have renewable security. Consequently, you can update the device’s software automatically.
- And finally, secure devices have failure reporting: the device can report failures to its owner.
How does Microsoft Azure Sphere secure Internet connected devices?
Azure Sphere is a secured, high-level ecosystem with built-in communication and security features for Internet connected devices. It consists of:
- The hardware: secured microcontroller unit (MCU). Microsoft is working with several device manufacturer to produce these certified MCU’s. The first such MCU is the MT3620 from Mediatek. And other MCU’s should be coming from Qualcomm and NXP. And several existing Azure Sphere hardware partners are developing starter kits (prototyping boards) based on the MT3620 MCU. These include: Seeed Studio, AI-Link and USI.
- The OS: a new Linux-based operating system (OS). Microsoft will service the OS on the device for the 13 years of its life.
- The Service: the Azure Sphere Security Service that provides:
- Over the air updates infrastructure
- Application deployment and updates
- Reliable system software updates
- The Service reports errors at a global scale. The Service will report software bugs or security attacks.
Azure Sphere use cases
- You can use Azure Sphere for Brownfield scenarios. Hence, Azure Sphere can protect existing IoT devices that cannot be connected themselves to the Internet. Security concerns or the lack of networking capability prevents these devices from connecting directly to the Internet. For such IoT devices, you can use Azure Sphere Guardian modules to retrofit these older devices.
- Greenfield scenarios. With new IoT devices or appliances that you want to connect to the Internet with end-to-end security
Learn more about Azure Sphere secured MCU’s and how they may be used to send data securely to the cloud
Azure Sphere has been generally available since February 2020. I recently got my hands on an Azure Sphere MT3620 Starter Kit from Avnet. You can read about connecting such an Azure Sphere device to the cloud by reading articles on my blog: