Research Faculty Summit 2018

Systems | Fueling future disruptions Azure Sphere

Ed Nightingale Partner Architect Microsoft Microcontrollers (MCUs) low-cost, single chip computers

9 BILLION new MCU devices built and deployed every year Radio

MCU

How does a consumer know the compressor in their fridge needs to be replaced?

Option 1 Option 2 Melted ice cream Predictive maintenance

“Protecting Your Family: The Internet of Things Gives © Microsoft Corporation Hackers Creepy New Options” Mirai Botnet attack

Everyday devices are used to launch an attack that takes down the internet for a day Hackers attack casino

Attackers gain access to casino database through fish tank No manufacturer wants to make insecure devices

From: Hackers Terrorists Ignite Thousands of To: Consumer House Fires with Hacked Stoves Subject: Your Fridge

We control your fridge. Send us $5 in bitcoin or else… SECURITY IS FOUNDATIONAL It must be built in from the beginning. The 7 properties of highly secured devices

Hardware Defense Small Trusted Root of Trust in Depth Computing Base

Dynamic Certificate-Based Failure Renewable Compartments Authentication Reporting Security Some properties depend only on hardware support Hardware Root of Trust

Hardware Root of Trust

Unforgeable cryptographic keys generated and protected by hardware

• Hardware to protect Device Identity

• Hardware to Secure Boot

• Hardware to attest System Integrity Some properties depend on hardware and software Defense in Dynamic Small Trusted Depth Compartments Computing Base

Dynamic Compartments

Internal barriers limit the reach of any single failure • Hardware to Create Barriers • Software to Create Compartments Some properties depend on hardware, software and cloud Certificate-Based Failure Renewable Authentication Reporting Security

Renewable Security

Device security renewed to overcome evolving threats • Cloud to Provide Updates • Software to Apply Updates • Hardware to Prevent Rollbacks Azure Sphere is an end-to-end solution for securing MCU powered devices

The Azure Sphere OS

Azure Sphere Certified MCUs

The Azure Sphere Security Service Azure Sphere Certified MCUs from silicon partners, with built-in Microsoft security technology provide connectivity and a dependable hardware root of trust. The Azure Sphere OS secured by Microsoft for the devices 10-year lifetime to create a trustworthy platform for new IoT experiences The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust for device-to-device and device-to-cloud communication, detects emerging threats, and renews device security. Azure Sphere certified MCUs create a secured root of trust for connected, intelligence edge devices

C O N N E C T E D with built-in networking Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips SECURED with built-in Microsoft silicon Subsystem CONNECTEDsecurity technologywith includingbuilt-in networkingthe Pluton Security Subsystem Firewall Firewall Firewall SECURED with built-in Microsoft silicon security ARM ARM CROSSOVER Cortex-A processing power Cortex-A SRAM Cortex-M technology including the Pluton Security Subsystem optimized for ≥ 4MB for real time brought to MCUs for the first time low power processing CROSSOVER Cortex-A processing power Firewall Firewall Firewall brought to MCUs for the first time Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem

Firewall Firewall Firewall

ARM ARM Pluton is the hardware root of Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time trust in an Azure Sphere device. low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Pluton: A bodyguard for your device

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem

Firewall Firewall Firewall

ARM ARM Pluton guarantees the Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time authenticity of your low power processing software. Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Pluton: A bodyguard for your device

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem

Firewall Firewall Firewall

ARM ARM Pluton protects against Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time downgrade attacks. low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Pluton: A bodyguard for your device

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem

Firewall Firewall Firewall

ARM ARM Pluton guarantees the Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time authenticity of your device. low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Pluton: A bodyguard for your device

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem

Firewall Firewall Firewall

ARM ARM Pluton reduces supply Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time chain risk. low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Pluton: A bodyguard for your device

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem

Firewall Firewall Firewall

ARM ARM Pluton accelerates Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time cryptographic tasks. low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Pluton: A bodyguard for your device

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem

Firewall Firewall Firewall

ARM ARM Pluton protects against low Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time entropy attacks. low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Azure Sphere MCU’s create a secured foundation for intelligent edge devices

Pluton features implemented in silicon include Microsoft Network A hardware root of trust that Pluton FLASH Security ≥ 4MB Connection WiFi in first chips -accelerates common cryptographic operations (ECC and AES) Subsystem -generates public/private keypairs -implements secure boot (via ECDSA) Firewall Firewall Firewall ARM ARM A dedicated core and memory (TCM) that Cortex-A SRAM Cortex-M -resists side-channel attacks that focus on a single core optimized for ≥ 4MB for real time low power processing

A true random number generator that Firewall Firewall Firewall

-defends against low-entropy attacks Multiplexed I/O

Measured boot and remote attestation that GPIO PWM TDM I2S UART I2C SPI ADC -uses a digest accumulator register and nonce register

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem

Firewall Firewall Firewall

ARM ARM Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A:

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem SECURITY Firewall Firewall Firewall ARM ARM Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A:

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A:

Firewall Firewall Firewall

EXTENSIBILITY Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A: Security

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Isolation Firewall Firewall Firewall ARM ARM The Cortex-A provides process-level Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time isolation via its Memory Management Unit low power processing (MMU). The Azure Sphere IoT OS leverages the MMU as part of the Firewall Firewall Firewall application container to protect other Multiplexed I/O applications and services.

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A: Security

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Specialized operating system Firewall Firewall Firewall ARM ARM The Azure Sphere OS includes the Azure Sphere Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time runtime and a custom Linux kernel with special low power processing IoT functionality. Example: Azure Sphere OS reduces its attack surface by not using passwords, Firewall Firewall Firewall a shell or login. All benefits of a Linux kernel Multiplexed I/O without wasted overhead.

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A: Security

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Authentication Firewall Firewall Firewall ARM ARM Azure Sphere OS uses client and server Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time certificate authentication for cloud low power processing communication. Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A: Security

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Authorization Firewall Firewall Firewall ARM ARM Azure Sphere OS authorizes access to Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time resources via a custom capability system low power processing secured by Pluton. Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A: Portability

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Accelerated time to market Firewall Firewall Firewall ARM ARM MMU provides address-space virtualization. Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time Azure Sphere OS provides hardware low power processing abstraction. Application code is written once and portable across Azure Sphere chips. Firewall Firewall Firewall Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A: Portability

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Source portability Firewall Firewall Firewall ARM ARM Open source software (OSS) libraries are often Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time written against the POSIX standard. Azure low power processing Sphere OS includes a large subset of the POSIX standard, allowing rapid porting of OSS Firewall Firewall Firewall software to your application platform. Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Cortex-A: Extensibility

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem A7 headroom for the future Firewall Firewall Firewall ARM ARM Machine learning, machine translation, vision Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time and AI will be the future of many products. The low power processing Cortex-A has headroom for new product features and customer experiences that will set Firewall Firewall Firewall your products apart. Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Silicon counter-measures

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem A secure foundation in silicon Firewall Firewall Firewall ARM ARM Microsoft firewalls Implement the principle of least- Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time privilege. Software behind the firewall is given low power processing access to only those resources that it is given explicit permission. Firewall Firewall Firewall Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Silicon counter-measures

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Comprehensive protection Firewall Firewall Firewall ARM ARM This principle applies to every resource in the Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time system: RAM, network, flash and peripherals. low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Silicon counter-measures

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Hackers have no way out Firewall Firewall Firewall ARM ARM Compromised software cannot access new Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time resources. low power processing

Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Silicon counter-measures

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Sticky from the start Firewall Firewall Firewall ARM ARM Further, firewalls are sticky. Even if the layer Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time that controls the firewall is compromised, it low power processing is not possible to reconfigure until the chip is reset. Firewall Firewall Firewall Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC I/O Cortex-M

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Real-time computation Firewall Firewall Firewall ARM ARM MCUs targeted at real-time Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time computation and real-time interaction low power processing with peripherals. Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC I/O Cortex-M

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Low-friction migration Firewall Firewall Firewall ARM ARM Azure Sphere MCUs provide Cortex-M Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time series MCUs to run your existing MCU low power processing collateral secured by Pluton. Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC I/O Cortex-M

Microsoft Network Pluton FLASH Security ≥ 4MB Connection WiFi in first chips Subsystem Maximum flexibility Firewall Firewall Firewall ARM ARM Manufacturers are free to run any Cortex-M Cortex-A SRAM Cortex-M optimized for ≥ 4MB for real time runtime. low power processing

Microsoft will provide a reference M4 runtime. Firewall Firewall Firewall

Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC Our Silicon Partners The Azure Sphere OS is optimized for IoT, security, and agility

Azure Sphere OS Architecture Secure Application Containers

Compartmentalize code for agility, robustness & security OS App Containers for App Containers for Layer 4 POSIX (on Cortex-A) I/O (on Cortex-Ms) On-chip Cloud Services Provide update, authentication, and connectivity OS On-chip Cloud Services Layer 3 Custom Linux kernel Empowers agile silicon evolution and reuse of code OS HLOS Kernel Layer 2 Security Monitor Guards integrity and access to critical resources OS Security Monitor Layer 1

Hardware Azure Sphere MCUs

Azure Sphere OS Architecture Curated user-mode environment e.g., no passwords, no shell, no user accounts OS App Containers for App Containers for Azure Sphere application runtime provides long-term compatibility with OS Layer 4 POSIX (on Cortex-A) I/O (on Cortex-Ms)

OS Services manage connectivity & chip resources e.g., TLS connection, mutual authentication, peripheral access OS On-chip Cloud Services Layer 3 Custom Linux Kernel Linux Security Module protects resource acquisition OS HLOS Kernel Kernel integrates with Pluton services (e.g., RNG) Layer 2

Security monitor protects critical resources OS Guards against corruption using a technique called “erasure coding” Security Monitor Layer 1 Boot health-check detects and self-heals corrupted data

Hardware Azure Sphere MCUs

OS updates Your app from Microsoft updates

Protects your devices and your customers with certificate-based authentication of all communication Azure

Azure Sphere Other cloud or Detects emerging security threats through Security Service on-prem infrastructure automated processing of on-device failures

Online app and App data and telemetry Responds to threats with fully automated OS failure reports on-device updates of OS

App and App data and telemetry Allows for easy deployment of software updates OS updates to Azure Sphere powered devices Remote attestation & cert based authentication

OS updates Your app from Microsoft updates

Azure

Azure Sphere Other cloud or Security Service on-prem infrastructure

Online app and App data and telemetry OS failure reports

App and App data and telemetry OS updates

Remote attestation & cert based authentication

Simplify development Focus your device development effort on the value you want to create

Streamline debugging Experience interactive, context-aware debugging across device and cloud

Collaborate across your team Apply tool-assisted collaboration across your entire development organization

An Azure Sphere certified MCU

The Azure Sphere OS with 10 years of on-device security updates

The Azure Sphere Security Service for the lifetime of your device

© Microsoft Corporation Open to any MCU manufacturer We are licensing our Pluton security subsystem royalty free for use in any chip* Azure Sphere is open Open to any innovation Azure Sphere is Open. MCU manufacturers are free to innovate with our GPL’d OSS Linux kernel code base

Open to any cloud Azure Sphere devices are free to connect to Azure or any other cloud, proprietary or public for application data Let’s secure the future.