My name is Brian Willess, I work at Avnet where I'm responsible for training Azure Sphere customers. I wanted to advertise the MT3620 Azure Sphere device and its supporting systems to this community. Azure Sphere has everything you need to develop and deploy a secure IoT solution quickly.
The Azure Sphere system developed by Microsoft combines a secure MCU, secure OS (Linux kernel), and the Azure Sphere Security Service (in the cloud) to deliver a highly secure IoT solution. Just a few of the key benefits of the system are listed below:
- Certificate based authentication to the cloud (Managed by Microsoft)
- Threat monitoring (Managed by Microsoft)
- Over the air updates (Managed by Microsoft)
- OS updates included for 13 years
- OEM application updates included for the agreed life of your device
- Sphere development is integrated into the Visual Studio development environment
- Secure connections to Azure works out of the box
- Support for telemetry data, device twins, remote method calls are all included with the Sphere SDK
- Remote GDB real-time debugging using Visual Studio debugger interface
7-Properties of a highly secure device
One of the fundamental design goals in the Azure Sphere ecosystem is security. Microsoft has some experience with security; the first two generations of the XBox were both hacked within weeks of release. Microsoft decided to do something about that and spun up a research team to solve the problem. This team developed the 7 Properties of a Highly Secure device, white paper here. The latest XBox system implemented the 7-Properties and has not been hacked. (Note that the XBox does NOT use the Azure Sphere device). These 7-Properties are all implemented in the Azure Sphere solution.
- Hardware Root of Trust – The identifying cryptographic keys are embedded and protected by secure element physical hardware with a hardware firewall around it.
- Certificate-Based Authentication – Well beyond passwords, certificates are unforgeable and prove device authenticity.
- Small Trusted Computing Base – Only a small portion of the device firmware has access to the private cryptography keys.
- Defense in Depth – Multiple layers of security that mitigate attacks.
- Compartmentalization – On-Chip Software Systems are highly compartmentalized, leaving little access from compartment to compartment.
- Failure Reporting – Ecosystem monitoring to watch for threats, and threat methodologies.
- Renewable Security – Let Microsoft update security systems – Just like a Windows System update. Nice.
Azure Sphere Links