Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Microsoft’s new Azure Sphere service promises to secure IoT devices for 10 years from their manufacture.
- Security of IoT devices is a growing concern, with 20% of companies having experienced at least one IoT attack over the past three years.
Microsoft has built a Linux-based OS for IoT devices, as part of a wider push to secure internet-connected appliances in businesses, factories and homes.
The OS is one part of Azure Sphere, a new service that Microsoft says will secure IoT devices from their manufacture through to the end of their 10-year lifetime.
As Internet of Things devices become increasingly widespread, with more than nine billion IoT microcontrollers deployed each year, concerns over the risk posed by the outdated software and lackluster authentication on these devices has grown. A recent survey found about 20% of organizations have experienced at least one IoT attack in the past three years.
SEE: Security awareness and training policy (Tech Pro Research)
Azure Sphere has three components. The first is customized microcontroller units (MCUs) for IoT devices, which are authenticated using certificates encoded in on-board chips.
The second component is the Azure Sphere OS, which runs on the IoT devices and helps secure and authenticate the hardware, and which is based on a custom-version of the Linux kernel.
The third is the Azure Sphere Security Service, a cloud-based offering that keeps devices patched with the latest security updates and detects threats to these connected devices for 10 years after their rollout.
Microsoft believes Azure Sphere will help vendors secure smart appliances for home and business users, as well as allowing larger companies to protect their networked infrastructure.
“This is not disposable technology. These things are going to go in your home, your office, your factory, and they’re going to live for a long time,” said Caitie McCaffrey, lead engineer on the Azure Sphere project.
“We want to make sure that through the lifetime of these devices they are secure.”
McCaffrey gave authentication as an example of how Azure Sphere will strengthen the notoriously weak security of IoT devices.
Rather than relying on passwords to authenticate each device to the cloud-based Azure Sphere Security Service, boards will instead include chips encoded with certificates that authenticate their identity, which will be checked by the OS and the cloud service.
“We’ve totally eliminated this attack vector from the Azure Sphere ecosystem by not even using passwords to control the MCUs,” she said.
The OS provides multiple other layers of security alongside its role helping authenticate each board, including running apps in containers and a built-in security monitor.
Microsoft is working with various chip manufacturers and designers to create certified Azure Sphere boards for IoT devices, which will have authentication certificates baked into the silicon.
The first Azure Sphere-approved MCU will be the MediaTek 3620, a forthcoming Arm-based system-on-a-chip packing one 500MHz Cortex A7 processing core and two low-power Cortex M4 cores, alongside Wi-Fi connectivity.
Microsoft says this approach of pairing two energy-sipping cores with a relatively beefy single core will allow for IoT devices that cater to a wide range of uses.
Azure Sphere is currently available in private preview, and Microsoft is working with other device manufacturers — including NXP Semiconductors, Nuvoton, and Qualcomm — to develop new Azure Sphere boards — with the first Azure Sphere devices expected to go on sale by the end of 2018 and the first dev kits available by mid-2018.