Before the advent of our very connected world, not a thought was given to locking up a light switch, putting a string password on an HVAC temperature controller, or creating individual hardware security credentials for a fleet of thermostats.
There was never a reason to suspect sinister situations. And if something was up (with an HVAC system), you could feel it!
But today, compromised devices are often not trying to hack the primary function of a device, but instead endeavoring to capture it’s internet connectivity and use it as a rogue agent, or bot, for nefarious schemes.
This ‘not the primary function’ concept has made it difficult for those outside of the business to comprehend the security challenges of the 21st century. Maybe we shouldn’t call something HACKED, but rather, involved in a ‘hostile takeover’.
The Mirai botnet attacks of 2016 (CCTV cameras bringing down East Coast USA Internet) and the Target break a couple years earlier (HVAC systems allowing access to data systems, and subsequently credit card data) highlight our problem with 20th century thinking against 21st century reality. This doesn’t even cover the designed for exploitation devices coming from China.
The Genius of Pulling from History
There’s one company in the world that has had the unique experience of being the target of countless hack, virus, trojan and malware attacks against their platform…
and that’s Microsoft.
For good or for bad, our friends in the Pacific Northwest have slogged through a punishing plethora of bad guys that play more like a series of Rocky movies than a business history. With experience in the ubiquitous Windows OS, and the slightly more closed Xbox gaming platform, Microsoft has rolled with the punches.
This experience has been excessive, exasperating, and, now, here as of late – a gold mine of knowledge.
Understanding the 7 Pillars of IoT Security that Underline Microsoft’s new Azure Sphere
That gold mine of Microsoft experience… results in 7 clear directives on how to build a secure ecosystem. Their Xbox devices, for example, have gone from instantly hackable to now, rock solid. These pillars trend from hardware root of trust, to failure monitoring and all the way up to cloud infrastructure.
Now, they’ve packaged holistic IoT security for the rest of us – Azure Sphere is Microsoft’s recently deployed IoT security oriented ecosystem that includes vetted microcontrollers, the secured OS that runs on those microcontrollers (based on the Linux kernel – an incredible admission if you know Microsoft’s history), and a full cloud suite based on Azure.
The seven pillars of IoT security delivered in the Azure Sphere system as a complete package is as follows:
- Hardware Root of Trust – The identifying cryptographic keys are embedded and protected by secure element physical hardware with a hardware firewall around it. Microsoft calls this security sub-system Pluton.
- Certificate-Based Authentication – Well beyond passwords, certificates are unforgeable and prove device authenticity.
- Small Trusted Computing Base – Only a small portion of the device firmware has access to the private cryptography keys.
- Defense in Depth – Multiple layers of security that mitigate attacks.
- Compartmentalization – On-Chip Software Systems are highly comparmentalized, leaving little access from compartment to compartment.
- Failure Reporting – Ecosystem monitoring to watch for threats, and threat methodologies.
- Renewable Security – Let Microsoft update security systems – Just like a Windows System update. Nice.
I am most impressed with what Microsoft borrows from our shared experience with Windows OS Personal Computers. Because the stack of tools flows from hardware all the way to cloud, Microsoft inserts itself (just like on your Windows machine) to push “critical” security updates to your edge device (microcontroller) directly – without user or system admin action.
Having a live up-to-date and on-the-job security partner is advantageous – both for Hallsten Innovations (IoT design team) as well as our current and future clients. A partner that prioritizes security for devices on the platform is a push towards sustainability and reliability.
Azure Sphere is one of Many Tools in the Hallsten Innovations Toolkit
Hallsten Innovations is consistently exploring the latest technologies from hardware and software vendors, as well as cloud based and open source initiatives.
Microsoft’s Azure Sphere is a new compelling offering in our best of class capabilities and platform experience that we will continue to leverage on the appropriate solutions going forward.
Do you have a need for an edge to cloud secure solution? Please reach out – we look forward to earning your “trust”.