The Internet of Things (IoT) is very much a modern Wild West. Devices are connected to networks without considering security, offering bad actors a tempting gateway into your systems. What’s more, those devices are rarely updated, running the same insecure firmware as the day they were deployed. That makes it a matter of when, not if, you get compromised.
How can we secure devices and make sure they stay secure? That’s where Azure Sphere — Microsoft’s defence-in-depth IoT platform that mixes hardware, software, and the cloud to protect your devices and your network — comes in. Initially announced in May 2018, Azure Sphere has finally reached general availability, with hardware and software ready for use.
Start with the silicon
At the heart of Azure Sphere is a hardened Arm-based microcontroller, designed to deliver what Microsoft calls “the seven properties of highly secured devices“. These are a hardware-based root of trust, defence in depth, a small trusted computing base, dynamic compartmentalisation, certificate-based authentication, error reporting, and renewable security. Taking an opinionated approach to hardware and software design like this is sensible, as it ensures that everyone using Azure Sphere is on the same page and is using the same security model.
The first Azure Sphere-certified microcontroller is MediaTek’s MT3620. Based on Arm’s Cortex-A7 design, it’s a powerful enough chip to run a Linux-based operating system. That does mean it’s not the cheapest device on the market — more Raspberry Pi than Arduino. Microsoft has announced additional hardware from NXP and Qualcomm, giving you a choice of vendors and microcontrollers with different capabilities — NXP adds AI and graphics support, while Qualcomm adds cellular connectivity.
Along with its main Cortex-A7 and wi-fi capabilities, MediaTek’s MT3620 has two additional Cortex-M4F cores to manage I/O and many of the device’s other features. The whole chip is then locked down by Microsoft’s own security subsystem, Pluton, with a separate Cortex-M4F to manage secure boot and to monitor system operations. Pluton isn’t user-accessible: it’s the link between the hardware and the cloud-hosted Azure Sphere service.
Pluton is where Sphere handles device security. The core is where the platform runs its cryptographic processes, including its own hardware-based random number generator and tools for managing both network encryption and both secured and measured boot operations. It can offer a way of detecting software and operating system tampering. When an Azure Sphere device boots, the Pluton core ensures that the various components of the platform have correct digital signatures, where possible using remote attestation to confirm that the software that’s booting is secure. Once the device is up and running, Pluton continues to monitor operations.
Then add software
Azure Sphere was Microsoft’s first public foray into the Linux world. It had already been using its own Linux distribution as part of Azure’s networking, but Sphere’s custom kernel and the software built around it are intended for much wider distribution. Not only that, it’s where your software will run. Microsoft provides the libraries needed by your code, giving it access to the Sphere microcontroller hardware, with networking, storage and communications. To keep the device secure, they’re the only way to interact with the hardware — there’s no general-purpose file access and no shell. You can only interact with your device through the Azure components of the Azure Sphere service or through debugging services on a device that’s connected to a developer’s PC.
Applications are built in C, using the Azure Sphere SDK in either Visual Studio or Visual Studio Code. If you prefer Linux, you can develop in Visual Studio Code on Ubuntu 18.04, and both Windows and Ubuntu can use command-line tools bundled with the SDK. You can write both high-level applications or low-level real time code, depending on how you plan to use Sphere microcontrollers.
And finally, a touch of cloud
One of the key features of the Azure Sphere platform is its secure application deployment service. Each Azure Sphere device has its own unique ID that’s stored on the device. You’ll register each device you have as part of a product, with its own ID that’s managed through the cloud service. A device can only be part of a single product, with products grouping many devices. You can think of the device ID as the individual serial number of your microcontrollers, and a product as, say, the smart toaster that’s built around Sphere hardware and software.
One useful feature is the ability to set up Device Groups. These help you manage deployments, allowing you to ring-fence some devices for development, some for test, and most for production. There are five default device groups, each with different capabilities — allowing you to deploy preview versions of the Azure Sphere OS to some devices, for example, and to control which ones get which application releases. Applications are assigned to device groups and automatically deployed, so you can build the deployment process into an existing software development lifecycle, using separate software branches for development and test, with final deployment triggered by a merge to a separate production branch.
At the heart of an Azure Sphere deployment is a binary image. This is a cryptographically signed binary that’s packaged ready for delivery to the chosen device group. Once delivered, an image can only be replaced, it can’t be changed. Images can only be deployed by an Azure Sphere administrator, so keep the number of admins on your team low to reduce risk.
SEE: Microsoft Azure: An insider’s guide (free PDF) (TechRepublic)
Deployments are managed by the Azure Sphere cloud service, using the same infrastructure as Windows Update. While Azure Sphere devices are intended for more complex IoT applications and services than many of the smaller microcontrollers on the market, there’s still the potential for deployments to be in the hundreds of thousands, or even the millions, of devices. Building a software deployment and update service from scratch isn’t practical, so using Windows Update, with its end-to-end security and its proven scalability makes a lot of sense.
Removing much of the risk form IoT should make Azure Sphere an attractive alternative to other IoT platforms, allowing you to both use secure hardware and to ensure that it’s up to date, for your software and the device OS. Building on familiar tools and services should help too, making it easier to deliver the applications these devices need.