azure sphere - microsoft€¦ · azure sphere devices are free to connect to azure or any other...

Azure Sphere

Giovanni Gatto

Solution Specialist

9 BILLION new MCU devices

built and deployed every year

Microcontrollers

(MCUs) low-cost, single

chip computers

Fewer than 1% of MCUs are connected today.

Opportunity Risk

What happens when you connect

a device to the internet?

“The internet is this caldron of evil.” Dr. James Mickens, Harvard University

“When smart gadgets spy on you: Your home life is less private than you think”

“Protecting Your Family: The Internet of Things Gives Hackers Creepy New Options”

Everyday devices are used to

launch an attack that takes

down the internet for a day

100k devices

Exploited a well known weakness

No early detection, no remote update

Mirai Botnet attack

Attackers gain access to casino

database through fish tank

Entry point was a connected thermometer

Once in, other vulnerabilities were exploited

Gained access to high-roller database

Hackers attack casino

No manufacturer wants to make insecure devices

Terrorists Ignite Thousands of House Fires with Hacked Stoves

From: HackersTo: ConsumerSubject: Your Fridge

We control your fridge.Send us $5 in bitcoin or else…

How will you respond when your devices are

compromised or under attack?

I don’t feel like this question is perfect – couldn’t remember exactly what we said in the hallway…

You’ll try to keep the hackers out of your device.

But, what will you do if they get in?

The internet security battle.

We’ve been fighting it for decades. We have experience to share.

Security is foundational

It must be built in from the beginning.

Hardware

Root of Trust

Defense

in Depth

Small Trusted

Computing Base

Dynamic

Compartments

Certificate-Based

Authentication

Failure

Reporting

Renewable

Security

The 7 properties of highly secured devices

https://aka.ms/7properties

© Microsoft Corporation

Some properties depend only on hardware support

Unforgeable cryptographic keys

generated and protected by hardware

Hardware Root of Trust

• Hardware to protect Device Identity

• Hardware to Secure Boot

• Hardware to attest System Integrity

Hardware

Root of Trust

© Microsoft Corporation

Internal barriers limit the reach of any

single failure

Dynamic Compartments

• Hardware to Create Barriers

• Software to Create Compartments

Some properties depend on hardware and software Dynamic

Compartments

Defense in

DepthSmall Trusted

Computing Base

© Microsoft Corporation

Device security renewed to overcome

evolving threats

Renewable Security

• Cloud to Provide Updates

• Software to Apply Updates

• Hardware to Prevent Rollbacks

Some properties depend on hardware, software and cloud

Certificate-Based

Authentication

Failure

Reporting

Renewable

Security

Meeting these seven properties is difficult and costly

Design and build

a holistic solution

Recognize and mitigate

emerging threats

Distribute and apply

updates on a global scale

Azure Sphere

Certified MCUs

The Azure Sphere

Operating System

The Azure Sphere

Security Service

Azure Sphere is an end-to-end solution for securing MCU powered devices

Azure Sphere Certified MCUs from silicon partners, with built-in Microsoft

security technology provide connectivity and

a dependable hardware root of trust.

© Microsoft Corporation

Connected with built-in networking

Secured with built-in Microsoft silicon security

technology including the Pluton Security Subsystem

Crossover real-time and application processing

power brought to MCUs for the first time

Azure Sphere certified MCUs create a secured root of trust for connected, intelligent edge devices

ARM Cortex-MFor real-time processing

ARM Cortex-AOptimized for

low power

SRAM≥ 4MB

Network ConnectionWi-Fi in first chips

Microsoft

PlutonSecurity

Subsystem

Multiplexed I/O

SPII2CUARTI2STDMPWMGPIO ADC

FLASH ≥ 4MB

Firewall Firewall Firewall

Firewall Firewall Firewall

The Azure Sphere Operating Systema four-layer defense in depth OS with ongoing updates

creates a secured platform for IoT experiences.

The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust for

device-to-device and device-to-cloud communication,

detects emerging threats, and renews device security.

Azure Sphere is open

Open to any MCU manufacturerWe are licensing our Pluton security subsystem

royalty free for use in any chip

Open to any innovationMCU manufacturers are free to innovate with our

GPL’d OSS Linux kernel code base

Open to any cloudAzure Sphere devices are free to connect to

Azure or any other cloud, proprietary or public

for application data

Azure Sphere is Open.

Three components. One low price. No subscription fees.

An Azure Sphere certified MCU

The Azure Sphere OS

with ongoing on-device OS updates

The Azure Sphere Security Service

with ongoing on-device security updates

Simplify development

Focus your device development

effort on the value you want

to create

Streamline debugging

Experience interactive, context-

aware debugging across device

and cloud

Collaborate across your team

Apply tool-assisted collaboration

across your entire development

organization

Microsoft has modernized MCU development with Azure Sphere, Visual Studio, and Azure DevOps

Faster time to market

PRODUCTIVITY

The future is now

OPPORTUNITY

Peace of mind

SECURITY

Get Started with Azure Sphere Today!

Try today: http://www.azure-sphere.com

Now available▪ Azure Sphere development kits from Seeed studios

Public preview availability ▪ Azure Sphere OS

▪ Azure Sphere Security Service

▪ Visual Studio tools for Azure Sphere

Opportunity RiskResponsibility

© 2018 Microsoft Corporation. All rights reserved.

Thank you!