My name is Brian Willess, I work at Avnet where I'm responsible for training Azure Sphere customers.  I wanted to advertise the MT3620 Azure Sphere device and its supporting systems to this community.  Azure Sphere has everything you need to develop and deploy a secure IoT solution quickly.

 

Azure Sphere

 

The Azure Sphere system developed by Microsoft combines a secure MCU, secure OS (Linux kernel), and the Azure Sphere Security Service (in the cloud) to deliver a highly secure IoT solution.  Just a few of the key benefits of the system are listed below:

 

  • Certificate based authentication to the cloud (Managed by Microsoft)
  • Threat monitoring (Managed by Microsoft)
  • Over the air updates (Managed by Microsoft)
    • OS updates included for 13 years
    • OEM application updates included for the agreed life of your device
  • Sphere development is integrated into the Visual Studio development environment
    • Secure connections to Azure works out of the box
    • Support for telemetry data, device twins, remote method calls are all included with the Sphere SDK
    • Remote GDB real-time debugging using Visual Studio debugger interface

 

7-Properties of a highly secure device

 

One of the fundamental design goals in the Azure Sphere ecosystem is security.  Microsoft has some experience with security; the first two generations of the XBox were both hacked within weeks of release.  Microsoft decided to do something about that and spun up a research team to solve the problem.  This team developed the 7 Properties of a Highly Secure device, white paper here.  The latest XBox system implemented the 7-Properties and has not been hacked.  (Note that the XBox does NOT use the Azure Sphere device).  These 7-Properties are all implemented in the Azure Sphere solution.

 

  • Hardware Root of Trust – The identifying cryptographic keys are embedded and protected by secure element physical hardware with a hardware firewall around it.
  • Certificate-Based Authentication – Well beyond passwords, certificates are unforgeable and prove device authenticity.
  • Small Trusted Computing Base – Only a small portion of the device firmware has access to the private cryptography keys.
  • Defense in Depth – Multiple layers of security that mitigate attacks.
  • Compartmentalization –  On-Chip Software Systems are highly compartmentalized, leaving little access from compartment to compartment.
  • Failure Reporting – Ecosystem monitoring to watch for threats, and threat methodologies.
  • Renewable Security – Let Microsoft update security systems – Just like a Windows System update.  Nice.

 

Azure Sphere Links

 

 

Brian