The internet of things (IoT) is proving to be an expanding universe of security vulnerabilities. Microsoft is proposing an approach to securing one corner of that universe, the part dependent on microcontrollers. The company has introduced an MCU it is calling Azure Sphere that has IoT security measures embedded in the design.
Azure Sphere MCUs run a new OS written specifically for them. A Microsoft product with the Azure brand of course has a connection to the company’s Azure cloud service. The company is providing a cloud-based security service that can broker trust between IoT devices based on Azure Sphere, and among Sphere-based devices and the networks they’re attached to.
The basic concept for a security environment (chips, OS, network) is hardly new. The point of many IoT devices is that they are inexpensive enough to be made and sold in the hundreds of thousands or in the millions. Even home-grown security efforts are too expensive; third-party bolt-on solutions aren’t even considered. Companies that make components, including several IC manufacturers, have taken it upon themselves to introduce solutions that have security baked in, so that OEMs don’t even have to consider security as a separate issue.
Microsoft’s approach was devised by Galen Hunt, the company’s partner managing director of Azure Sphere. In a blog introducing Azure Sphere, he described the chip as an instance of a “new cross-over class of MCUs that combines both real-time and application processors with built-in Microsoft security technology and connectivity. Each chip includes custom silicon security technology from Microsoft, inspired by 15 years of experience and learnings from Xbox.”
MediaTek is building the first Azure Sphere chip. The MediaTek MT3620 will come to market in volume this year, Hunt wrote. He said other silicon partners will bring their own versions to market.
The OS combines security measures from Windows, a security monitor, and a custom Linux kernel. Hunt wrote the combination creates “a highly-secured software environment and a trustworthy platform for new IoT experiences.”
He described Azure Sphere Security Service, meanwhile, as a turnkey, cloud service that coordinates certificate-based authentication, detects emerging security threats across the entire Azure Sphere ecosystem through online failure reporting, and manages software updates. “It brings the rigor and scale Microsoft has built over decades protecting our own devices and data in the cloud to MCU powered devices,” Hunt said.
A good sign for propagation of the technology is that Microsoft is licensing its silicon security technologies to any semiconductor company royalty-free. This enables any silicon manufacturer to build Azure Sphere chips while keeping costs down and prices affordable to device manufacturers, Microsoft noted.
The potential drawback is that Azure Sphere appears to be a closed environment. That MCU and OS are tightly paired is to be expected, but it appears that devices built on Azure Sphere also need to be connected to the Azure Sphere Security Service. If Microsoft remains the only cloud service to which Sphere-based IoT devices can connect, that could be severely limiting.