It sounds like the set up for a bad joke: What do a cricket bat and a coffee machine have in common? The answer is, at least after exploring the recent Microsoft Build show floor, Azure Sphere, Microsoft’s secure IoT platform that mixes silicon and software.
We’re all aware how insecure the internet of things can be: Much of the hardware and software in use has minimal protections, and there are many cases of devices hard-coding login credentials and exposing services on the public internet; even hosting massive botnets that have taken down key internet infrastructure. As more and more smart devices are deployed, securing and managing them becomes more and more important, reducing the risk to enterprises and to the wider world.
Securing the IoT microcontroller
Building on Microsoft Research’s Project Sopris, Azure Sphere goes beyond Sopris’s silicon to deliver a three-part solution: a secure microcontroller, a managed device operating system, and a cloud service. It’s an essential combination; you can’t have a secure IoT platform with out all three elements. Miss one, and the result is unstable, and like a two-legged stool is easy to topple.
The initial release of Azure Sphere is based around a secured microcontroller, being developed with Mediatek. Built around a three-core MT3620 microcontroller, the first-generation Azure Sphere hardware has a primary ARM Cortex A7 core for the Sphere OS, and two Cortex M4 cores for handling controller operations.
A fourth Cortex M4F core is the heart of the Pluton security subsystem, which gives the Azure Sphere board a managed hardware route of trust that can monitor the operation of the rest of the microcontroller and ensure that it’s protected from tampering and from side-channel attacks. The security subsystem also offers secure boot capabilities, implementing security configurations in a one-time programmable e-fuse block.
Sphere OS: Microsoft’s first Linux
One of the more surprising aspects of Azure Sphere is the secure Sphere OS, Microsoft’s first shipping Linux. While Azure has been using a custom Linux in its networking hardware for some time, it’s now making an IoT-focused Linux distribution available to the public. Apps built for Sphere OS are familiar C code that’s compiled using GCC, with an Azure Sphere plugin for both Visual Studio and Visual Studio Code. Both offer full remote debugging options, and you can access the Sphere OS command line via Visual Studio Code’s built-in terminal.
Microsoft has been working with maker board manufacturer Seeed to produce a development board for the MT3620, with familiar Arduino-like GPIO outputs and a built-in Wi-Fi connection. It’s not yet shipping, but you can pre-order devices expected for delivery in summer 2018. There’s no Bluetooth support, so you’ll need to add your own interfaces for wireless connections to sensors. You’ll need to put down a $5 deposit; the first batch of controllers will cost about $90.
As microcontrollers go, the MT3620 is firmly in the mid range. It’s more powerful than firmware-based Arduinos, but less capable than devices like the Raspberry Pi. You’re not going to use it as a general-purpose Linux computer, and you’re also not going to deploy it in the tens of thousands. Instead, what you have is a secure endpoint for your Azure IoT implementation, able to handle inputs from many simple sensors or from a few complex devices, performing signal and device validation before delivering results to Azure Hub devices or to Axure’s IoT Suite.
The philosophy behind Azure Sphere
The first Azure Sphere silicon has a potential market of about 3 billion Wi-Fi chipsets, says Galen Hunt, who’s been leading the Azure Sphere project at Microsoft. “A lot of initial uptake will be in home appliances, where things are mains-powered [connected to electrical outlets].”
The aim for Azure Sphere is to ensure to secure the vast majority of IoT, he says. Although Microsoft aims to sell the Azure Sphere service, it doesn’t intend to put roadblocks in the way of silicon vendors, he says. The Pluton security platform in Azure Sphere microcontrollers is licensed royalty-free, whether final products use it or not.
Hunt is well aware that, although it is more secure than current IoT platforms, Azure Sphere isn’t a complete panacea: “You will get hacked, you will get attacked. So, you will need to update things.” The result is that Sphere needs to be a connected service to get the benefits of the complete platform.
Hunt envisions the progression of the internet of things, where “a connected device will be more secure than a disconnected device.” Connectivity gives access to more than the built-in device capabilities and services; it also gives access to cloud-hosted security tools like Microsoft’s security graph that can respond to threats as soon as they are detected. It also gives access to support life cycles. For example, Windows 10 IoT Core uses the Windows life cycle to deliver as many as ten years of security updates. For Sphere OS that security update model goes even further, with updates for the on-board security hardware, as well as ten years of OS updates and ten years of security services.
With much of the internet of things now reliant on devices that, once bought and deployed, will never be updated, Hunt is adamant that attitude must change for manufacturers and users alike. For a successful, secure future, any connected devices will need to be updated.