Azure Sphere

IOT CYBERSECURITY FROM EDGE-TO-CLOUD: BUILD HIGHLY SECURED CONNECTED DEVICES WITH NXP AND MICROSOFT AZURE SPHERE

Sudhanva Huruli, Program Manager, Microsoft Naama Bak, Global Business Development, NXP M A R C H 2 0 2 1

PUBLIC

• Summary of the recent announcement

• Cybersecurity for IoT

• Properties of highly secured devices

• How does i.MX 8ULP-CS processor work with Azure Sphere

• Use cases for the i.MX 8ULP-CS & i.MX 9 processors

PUBLIC 1 NXP INTRODUCES ITS FIRST CLOUD -SECURED, MICROSOFT AZURE SPHERE -CERTI F IED PROCESSOR FAMILY

Plans to build additional Azure Sphere-certified processors as part of the NXP i.MX 9 series

First cloud-secured crossover applications processor, the i.MX 8ULP-CS with Azure Sphere

PUBLIC 2 Importance of Cybersecurity in IoT

PUBLIC

NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RES PECTIVE OWNERS. © 2021 NXP B.V. 3 PUBLIC 3 What happens when you connect a device to the internet?

“The internet is this cauldron of evil.” Dr. James Mickens, Harvard University

PUBLIC 4 CYBERATTACKS PUT BUSINESSES AT RISK

! ! !

Devices bricked or Devices are used for Data & Data polluted & Devices used to held for ransom malicious purposes IP theft compromised attack networks

The cost of IoT attacks

Stolen IP & other highly valuable data Brand impact (loss of trust) Financial and legal responsibility

Compromised regulatory status Recovery costs Downtime or certifications Security forensics

PUBLIC 5 MIRAI BOTNET ATTACK

• Everyday devices are used to launch an attack that takes down the internet for a day • 100k devices • Exploited a well-known weakness • No early detection, no remote update

PUBLIC 6 EXPECTATIONS ARE INCREASING WITH AWARENESS

Consumers Enterprise Customers Government Action

65% of consumers wouldn’t 97% of enterprises call out security In the USA, several bills have been purchase a smart device from a as a concern when adopting IoT.1 introduced in Congress, with two brand that has experienced a passed in California (SB-327) and security breach. Enterprise customers would purchase Oregon (HB2395). 70% more devices if security concerns were mitigated.2 74% of consumers would pay In Europe, upcoming EU more for a smart device that had Enterprise customers are willing to Cybersecurity Act with three security additional security. pay 22% more for IoT cybersecurity.2 assurance levels will become basis for regulation—basic, substantial, high.

93% of consumers believe that manufacturers need to do more to ETSI EN 303 645, with 13 security secure smart devices. requirements, with increasing adoption globally (e.g. Singapore, Finland, UK).

According to Greenberg research 2019 1 IoT Signals 2020 2 Bain & Co. 2018

PUBLIC 7 WHAT WE HEAR FROM CUSTOMERS ABOUT THE CHALLENGES OF SECURING IOT

Manufacturing Operations Maintenance While in the factory or in the supply Once in the field, ICs and devices are While this capability is key to chain, ICs and devices are subject to susceptible to a wide range of logical attacks maintaining device security, the upgrade malware injection, counterfeiting, key and physical attacks, including malware process must be totally secure to capture, overproduction, and the injection, theft of unencrypted data, and prevent loading of malware/unauthorized creation of security backdoors. malicious software updates, as well as SW. reverse engineering.

PUBLIC 8 THE 7 PROPERTIES OF HIGHLY SECURED DEVICES

Hardware Defense Small Trusted Root of Trust in Depth Computing Base Is your device’s identity Does your device remain Is your device’s security- and software integrity protected even if some enforcement code protected secured by hardware? security mechanism is from bugs in application defeated? code?

Dynamic Certificate-Based Error Renewable Compartments Authentication Reporting Security Can your device’s Does your device Does your device Does your device security improve after authenticate itself with report back errors to software update deployment? certificates? give you in-field automatically? awareness?

PUBLIC 9 AZURE SPHERE

An end-to-end solution for securely connecting existing equipment and to create new IoT devices with Operating built-in security. System

Integrated hardware, software, and cloud services work Ongoing seamlessly together and deliver active security by default. Hardware Ongoing Servicing Ongoing security and OS updates from Microsoft keep your devices secured over time.

Defense in depth provides multiple layers of protection to help guard devices against and respond to threats. Cloud Implementation options allow you to secure existing equipment Security and build security into new IoT devices.

PUBLIC 10 Azure Sphere certified chips The Azure Sphere Operating System The Azure Sphere Security Service

Adv. Proc. Real-Time OS Layer 4 Containers Containers Microsoft Pluton Network Security Connection Azure Subsystem OS Layer 3 On-chip Cloud Services FIREWALL Azure Sphere Security Service

FIREWALL FIREWALL OS Layer 2 Linux Kernel

ARM Cortex-A ARM Cortex-M OS Layer 1 Security Monitor network & AI for real time processing

processing FIREWALL OS Layer 0 Pluton Runtime

Hardware • i.MX 8ULP-CS processor • Microsoft Pluton Enabled

EdgeLock™ Secure Enclave i.MX 8ULP-CS • Root of Trust established at NXP YOUR APPS

AZURE SPHERE API TO PERIPHERALS, Operating System YOUR FW PROVISIONING CRYPTO.. • Managed OS for users OS / FW PROVISIONING AZURE SPHERE OS OS / FW UPDATE • Built off existing technology ROOT OF TRUST PLUTON / EDGELOCK KEYS UPDATE • Secure boot ROM code based; ESTABLISHMENT Keys fused at NXP

SECURE MANUFACTURING SECURE OPERATIONS SECURE UPDATE

PUBLIC 12 MANAGED SECURITY SERVICE TO PROVIDE UPDATES

• Fully managed OTA service by Microsoft for OS components updates and on demand user application update • Users use Microsoft frontend to interact with device • Azure Sphere Service is agnostic to your cloud provider • Microsoft provides constant updates for the lifetime of the chip

PUBLIC 13 OVERVIEW ON i.MX 8ULP APPLICATION PROCESSOR

SPECIFICATIONS:

CPU Connectivity 10/100 ETH Arm Cortex-A35 @ 1.0 GHz CAN Bus Arm Cortex-M33 @ 240Mhz Fusion DSP @200MHz

Packaging External Memory 2 2 9.4x9.4mm , 15x15mm SPI-NAND LPDDR4 Temp Range SPI NOR -40oC to 105oC

PUBLIC 14 Use Cases for i.MX 8ULP-CS

PUBLIC

Cloud connected Manufacturing Automation Gateways Home Control & Security Energy Consumption & Temperature Monitoring Wireless Base Stations Smart Appliances Monitoring Machine Diagnosis & Control Switches Thermostats PV Inverters Remote Asset Control Home Hub EV Charging Station Fleet Tracking

eReaders Building Control System EBS Smart Parking SOM Modules Wearables Smart Lighting Smart Watch Connected Printers Activity Tracking Barcode Scanner Smart Glass

PUBLIC 16 Contact Us! If you are interested to share insights and discuss how Azure Sphere and i.MX 8ULP-CS could shape your next generation IoT products. [email protected] [email protected]