Microsoft built its own custom Linux OS to secure IoT devices

Microsoft built its own custom Linux OS to secure IoT devices

microsoft-azure-sphere-iot-security
Finally, it's happening.

Microsoft has built its own custom Linux kernel to power "Azure Sphere," a newly launched technology that aims to better secure billions of "Internet of things" devices by combining the custom Linux kernel with new chip design, and its cloud security service.

Project Azure Sphere focuses on protecting microcontroller-based IoT devices, including smart appliances, connected toys, and other smart gadgets, Microsoft announced during the security-focused RSA Conference in San Francisco Monday.

It is basically a security package consists of three main components:
  • Azure Sphere-certified microcontrollers (MCUs)
  • Azure Sphere OS
  • Azure Sphere Security Service
"Azure Sphere provides security that starts in the hardware and extends to the cloud, delivering holistic security that protects, detects, and responds to threats—so they're always prepared," Microsoft said.
microsoft-azure-sphere-iot-security-chips
Internet of Things (IoT) devices are 'ridiculously' vulnerable to remote hacking, because they are not originally manufactured keeping security in mind.

One innocent looking insecure IoT device connected to your 'secured network' would be enough to cause security nightmares. In the past, we have seen how lack of security by design led to massive DDoS attackspowered by Mirai IoT botnet.

To address such issues, Azure Sphere offers a full-fledged solution that provides the best-in-class security and a trustworthy environment for future IoT devices, and at the same time makes the life of IoT device manufactures a lot easier.

Azure Sphere Certified Microcontrollers (MCUs)

Azure-Sphere-certified-microcontrollers
Designed by Microsoft Research, the Azure Sphere Certified Microcontrollers is a new cross-over class of fixed-functional microcontroller chips that will be licensed to manufacturing partners for free, which comes with built-in connectivity, networking and Pluton security subsystems to ensure the security of future IoT devices.

These MCUs "combines both real-time and application processors with built-in Microsoft security technology and connectivity," Microsoft explains.
"The Pluton Security Subsystem creates a hardware root of trust, stores private keys, and executes complex cryptographic operations," Microsoft said. "A new crossover MCU combines the versatility and power of a Cortex-A processor with the low overhead and real-time guarantees of a Cortex-M class processor."
"Each chip includes custom silicon security technology from Microsoft, inspired by 15 years of experience and learnings from Xbox, to secure this new class of MCUs and the devices they power," the company adds.
According to Microsoft president Brad Smith, the first Azure Sphere chip, called the "MT3620," will be made by Taiwan-based MediaTek and to be available in stores worldwide by the end of the year.

The Azure Sphere chips will also be compatible with other cloud services like Google Cloud, Amazon Web Services, and Oracle Cloud.

Azure Sphere OS (Linux-based)

Microsoft-Azure-Sphere-Linux-OS
The second component of the solution, called Azure Sphere OS, is a "defense-in-depth" operating system that comes with a security monitor and Microsoft's custom Linux kernel to offer multiple layers of security.
"Each Azure Sphere chip will include our Microsoft Pluton security subsystem, run the Azure Sphere OS, and connect to the Azure Sphere Security Service for simple and secure updates, failure reporting, and authentication," Microsoft says.
It is the first time when Microsoft created hardware that is designed to run only Linux, rather than its Windows operating system.
"We are a Windows company, but what we recognized is that the best solution for a computer of this size in a toy is not a full-blown version of Windows," Smith said. "It is a custom Linux Kernel, and it is an important step for us and the industry."

Azure Sphere Security Service (Cloud-based)

Microsoft-Azure-Sphere-Security-Cloud-Service
On top of everything, Azure Sphere Security Service is a cloud-based service that handles security and management of microcontroller chips.

The service offers device-to-device and device-to-cloud communication through certificate-based authentication to guards every Azure Sphere device.

It detects emerging security threats across the entire Azure Sphere ecosystem and also takes care of software updates.

Azure Sphere is now available in private preview, and the company will distribute software development kits to everyone interested in hacking Azure Sphere by the middle of this year. To find more details about Azure Sphere, you can head on to Microsoft Azure Sphere's blog.

Comments