Last week Microsoft announced a new product aimed at improving security for the internet of things. Azure Sphere is a combination of a chip, a Linux-based OS and a cloud-based security suite that aims to secure the next few trillion devices that come online. In this week’s podcast I spoke with Galen Hunt, who helped create Azure Sphere, to understand why Microsoft is doing this and to learn more details about the project.
Azure Sphere is the result of research Hunt released in April 2017 focused on what a secure IoT platform would look like. Those elements include: a hardware root of trust, defense in depth, a trusted computing base, dynamic compartments, certificate-based authentication, online error reporting and renewable security.
Hunt detailed what it took to create compartmentalization on the chip.
“Compartmentalization is actually probably almost one of the oldest security technologies known to man,” he says. “And this is the idea of having multiple layers of defense and having separation of concerns. If you think about on a chip, one of the most important lessons we’ve learned at Microsoft about security over the last 20 years is that it isn’t a matter of if I will get hacked. You will get hacked. Your device, some version of your device will get hacked at some time.”
“The question is when your device gets hacked, what are the mitigations, and how prepared are you for that? Building compartments actually into the chip itself and into the operating system allows us to, if part of the chip becomes compromised in some way, that compromise is compartmentalized. It can’t go any further, and then we can use the rest of the chip and the rest of the operating system and software to be able to restore the security of that piece.”
To offer that compartmentalization on the Azure Sphere, Microsoft is working with MediaTek and the companies are using an ARM-based Cortex A chip. Other elements of Azure Sphere focus on continued monitoring of vulnerabilities over the 10-year-supported life of the microcontroller. That continued monitoring takes place in the cloud, where Microsoft’s service will stay up-to-date on vulnerabilities and send signed patches for those vulnerabilities down to the chip.
Throughout all of this Hunt says Microsoft plans to be open. Customers using Azure Sphere can send the data from their secured silicon to any cloud they want, or keep the data on their own servers. It gets a little bit more complicated when it comes to products that will experience intermittent connectivity. Hunt says Sphere will work on platforms such as Microsoft IoT Edge and he says “it could be made to work with another platform.”
He expanded on that, saying, “The way to think about it, at the bottom we’ve got a chip and we’ve got an operating system, and we provide an API programming those chips and for giving you internet connections or TCP/IP connections, PLS connections. The programmers who program the actual device, they’re open to program execution that is totally local to the device. They’re open to be able to talk to whatever local devices or other things in the environment as well.”
He also explained why Microsoft is doing this. “We participate in the IT ecosystem, right?” he says. “And if you think about, I guess step back and think about this MCU ecosystem. There’s gonna be billions of these devices coming online. And we look at it and say if the technologies that people are using right now, pre-Azure Sphere, those devices are not gonna be secure. They’re gonna be a security nightmare.
“And we looked at it … I started this project about four years ago, looking at that ecosystem and seeing this future that looked like a very scary future and saying we have the technology. We have a lot of experience. Could we take everything that we’ve learned at Microsoft about security and figure out how to package it in such a way that it could be used on these very very small devices so that we lived in a secure world? And that’s what we created with Azure Sphere.”
For more on the conversation, list to my interview with Hunt below.