With stories of remotely hacked devices and vehicles continuing to make headlines in 2018, security has become a top priority for every industry that leverages the Internet of Things (IoT). Stepping up to the plate, Microsoft recently introduced their end-to-end solution to the problem. On April 16th, 2018 at the RSA 2018 security conference in San Francisco, Microsoft announced the release of the private preview version of Azure Sphere. According to Microsoft, Azure Sphere is the result of extensive research into IoT security that involved years of close interaction with leading device manufacturers. Microsoft maintains that Azure Sphere addresses all three areas of any complete IoT security solution: hardware security, software security and cloud security.

Research into IoT security

Led by Microsoft Partner Managing Director Galen Hunt, the Azure Sphere team spent several years researching new ways to tackle the growing problem of IoT security. As a result of their research, Hunt and his colleagues at Microsoft Research found seven characteristics of “highly secure” IoT devices. While incorporating these characteristics into their IoT security solution, Hunt’s team worked closely with leading device manufacturers in energy, agriculture and other industries leveraging the IoT. Hunt’s team eventually found that device manufacturers had three primary goals that Microsoft’s end-to-end solution would need to address: greater security, increased productivity and new business opportunities. Hunt argues that Azure Sphere not only serves as a best-in-class security solution, but also leverages the Visual Studio development and collaboration platform to make it far easier to build apps for the IoT. With plans to release Azure Sphere development kits this summer, Microsoft is confident that Azure Sphere will lead to increased productivity and decreased time-to-market for partner manufacturers. Furthermore, Microsoft argues that the highly secure Azure Sphere ecosystem will give partner manufacturers the confidence to reimagine their workflows and customer relationships, opening a new horizon of business opportunities.

Hardware security

Understanding microcontrollers (MCUs)

The first step to understanding Azure Sphere is understanding microcontrollers. Like microprocessors, microcontrollers are extremely small, typically no longer than a postage stamp. However, unlike microprocessors, MCUs are fully functional computers capable of running a complete operating system. Although a microcontroller does not have the usual peripherals associated with PCs (keyboard, mouse, monitor, etc) it technically does have peripherals of a less conspicuous nature. These peripherals are generally found in the form of small pins that connect to other parts of a larger system, often including the Internet, making the IoT possible.

Nine billion MCUs and counting

In recent years, nearly every device manufacturer has begun to tap into the power of the IoT. Today, MCUs are appearing in every imaginable device we encounter at work and at home. To give you a sense of scale, manufacturers are already shipping nine billion MCUs a year, and that number will only increase in coming years. Furthermore, a rapidly growing number of new MCUs are connecting to each other and to the Internet. This is why the IoT is garnishing so much attention in 2018. According to Hunt, “this entire industry, all 9 billion or more devices per year, is on a path to include connected MCUs.”

Creating a smart doorbell with an MCU

To give you an example of the power of connected MCUs, suppose you take a simple electric doorbell and incorporate an MCU into the system. All at once, a limitless range of additional functionality opens up for your doorbell. For example, you can now have the system store the number of times the doorbell is pressed over time. Or you can program the doorbell to make each press in a series louder so you don’t miss a visitor when you’re in the backyard or have the radio on. Or you can turn the doorbell into a connected device that uploads its activity to the Internet while alerting you remotely whenever it’s pressed. The possibilities are endless. Yet this also presents a problem. By opening up your doorbell to endless functional possibilities, you are also opening it up to endless security vulnerabilities. For example, someone could hack into your doorbell’s connected MCU and have your doorbell ring rapid-fire for hours on end in the middle of the night. Worse, as these security vulnerabilities appear in more complex connected devices, such as the latest generation of connected vehicles, these hacks can even endanger our lives.

Azure Sphere certification

Drawing from many years of experience building security technology for microcontrollers, Microsoft has committed itself to a new generation of MCUs with “built-in Microsoft security technology and connectivity” that will earn Azure Sphere certification. Previously found in smartphones, this technology will be available for building MCUs found in an enormous variety of IoT devices.

Software security

The Azure Sphere OS

The Microsoft team is also coupling its new hardware technology to new software. Branded Azure Sphere OS, Microsoft’s new IoT-centered operating system takes a multi-layered security approach. Hunt argues that the Azure Sphere team has taken lessons learned from Windows and baked them into Azure Sphere OS, which also comes with a security monitoring system.

Embracing Linux

Microsoft is embracing open-source leader Linux for their operating system’s core operations (the kernel). In other words, the Azure Sphere OS is not a version of Windows IoT, a bold decision that’s generating quite a bit of buzz in the tech community. Nonetheless, Microsoft maintains that creating a Linux distribution was simply the most practical solution to the problem at hand. After all, according to Microsoft’s Rob Lefferts, Windows IoT was built to run on “microprocessor units (MPUs) which have at least 100x the power of the MCU.” Consequently, Windows IoT has simply too large a footprint for so small a system. Microsoft’s custom Linux distribution, on the other hand, is a good fit for smaller systems, and has been specifically streamlined for the needs of MCUs.

Cloud security

IoT connectivity inevitably leads to the cloud. Therefore, cloud security is a key component of any end-to-end IoT security solution. With this in mind, Microsoft is introducing Azure Sphere Security Service as a broker to secure cloud communications. The Azure Sphere service also uses “certificate-based authentication” to broker secure inter-device communications between Azure Sphere-certified MCUs. Moreover, the service manages security threat monitoring, detection and reporting. Microsoft maintains that the service will also handle security updates to Azure Sphere-certified MCUs for no less than the first decade of their life cycles. Finally, Microsoft insists that the Azure OS ecosystem does not require that connected IoT devices run Azure cloud services alone, but welcomes cloud services from other providers.

The Azure Sphere ecosystem

Microsoft has already partnered with semiconductor MediaTek to create the first Azure Sphere-certified MCU: the MediaTek MT3620, available later this year. According to Microsoft and Mediatek, the new chip, like all chips created for the Azure Sphere ecosystem, will come with built-in connectivity, enhanced security and increased processing power. Microsoft is confident that their royalty-free approach will entice other partners to follow in the coming months and years. In addition, Microsoft maintains that the additional cost for taking any planned MCU and including Azure Sphere security technology is very low. Furthermore, Microsoft insists that once a device manufacturer begins using Azure Sphere-certified MCUs, Azure Sphere requires no additional hardware or staff to implement and maintain. Altogether, Microsoft makes the case that their partner-friendly approach will result in more Azure Sphere-certified chips to follow Mediatek’s in the near future.

The future of IoT security

According to Microsoft, manufacturers are looking for a holistic, end-to-end IoT security solution that covers the entire system from the hardware to the cloud, and all the communications in between. They are confident that Azure Sphere now meets that description.

As outlined above, the first step to understanding Azure Sphere is understanding microcontrollers. Typically no longer than a postage stamp, an MCU is a small computer dedicated to a particular set of functions, such as turning a traditional doorbell into a smart doorbell, and even connecting it to the cloud. By adding an MCU to a device, a wide range of new functionality becomes possible. Yet dangerous security vulnerabilities can also emerge. With over nine billion MCUs and counting shipped every year, and an increasing percentage connected to the IoT, security has become a growing concern for device manufacturers. To meet their security needs, Microsoft has committed itself to helping build a new generation of Azure Sphere certified MCUs.

Microsoft has also built a new operating system to run on certified MCUs: the Azure Sphere OS.  Microsoft’s IoT-centered, Linux-based operating system takes a multi-layered security approach that is specifically streamlined for MCUs. To address cloud security, Microsoft has also introduced Azure Sphere Security Service to serve as a broker securing both device-to-cloud and inter-device communications.

Planting the first seed of the Azure Sphere ecosystem, Microsoft has partnered with semiconductor MediaTek to create the first Azure Sphere-certified MCU. According to Microsoft and MediaTek, the MT3620, available later this year, comes with built-in connectivity, best-in-class security, and enhanced processing power. Microsoft is confident that more partners, and thus more chips, will soon follow MediaTek’s lead.

For more information on Azure services making an impact in 2018, contact us.