Azure Sphere Transformation Patrick Ward, Principal Solutions Specialist – Iot @ Pdubya [email protected] Microcontrollers (Mcus)

Azure Sphere Transformation Patrick Ward, Principal Solutions Specialist – IoT @_pdubya pward@microsoft.com Microcontrollers (MCUs)

LOW-COST, SINGLE CHIP COMPUTERS

IN TOYS... IN APPLIANCES… IN EQUIPMENT…

FEWER THAN 1% ARE CONNECTED TODAY. Microcontrollers (MCUs)

Wave 1: Wave 2: The Microcontroller (MCU) Internet Connectivity

How does a consumer know the compressor in their fridge needs to be replaced?

Option 1 Option 2 Melted ice cream Predictive maintenance

Connected devices create profoundly better customer experiences.

Device security is a socioeconomic concern Day 1 the attack is Technology headline in NY Times Day 2 the attack is Politics headline

The attack exploited well-understood weaknesses Weak common passwords, no early detection, no remote update, etc.

Future attacks could be much larger This attack was small; just 100k devices Imagine a 100M-device attack

Future attacks could create huge liability exposure Hackers could ”brick” an entire product line in a day Actuating devices could cause property damage or loss of life

Hardware Defense Small Trusted Root of Trust in Depth Computing Base

Is your device’s identity Does your device remain Is your device’s TCB and software integrity protected if a security protected from bugs in secured by hardware? mechanism is defeated? other code?

Dynamic Certificate-Based Failure Renewable Compartments Authentication Reporting Security Can your device’s Does your device use Does your device Does your security protections certificates instead report back about device’s software improve after of passwords for failures and update deployment? authentication? anomalies? automatically?

© Microsoft Corporation = Silicon support required = OS support required = Cloud Service support required Hardware Root of Trust Unforgeable cryptographic keys generated and protected by hardware Is your device’s identity and software integrity secured by hardware?

o Hardware to protect Device Identity Some properties o Hardware to Secure Boot depend only on hardware support o Hardware to attest System Integrity

Some properties o Hardware to Create Barriers

depend on hardware o Software to Create Compartments and software

o Cloud to Provide Updates Some properties o Software to Apply Updates depend on hardware, software and cloud o Cloud to Prevent Rollbacks

A new Azure Sphere OS secured by Microsoft for the devices 10-year lifetime to create a trustworthy platform for new IoT experiences

A new Azure Sphere class of MCUs, from silicon partners, with built-in Microsoft security technology provide connectivity and a dependable hardware root of trust.

The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust for device-to-device and device-to-cloud communication, detects emerging threats, and renews device security.

Microsoft CONNECTED with built-in networking Network Pluton FLASH Connection Security ≥ 4MB Wi-Fi in first chips SECURED with built-in Microsoft silicon Subsystem CONNECTED with built-in networking security technology including the Pluton Firewall Firewall Firewall Security Subsystem SECURED with built-in Microsoft silicon security ARM ARM Cortex-A SRAM Cortex-M technologyCROSSOVER including theCortex-A Pluton Securityprocessing Subsystem power Optimized for ≥ 4MB For real-time brought to MCUs for the first time low power processing

CROSSOVER Cortex-A processing power Firewall Firewall Firewall brought to MCUs for the first time Multiplexed I/O

GPIOPWM TDM I2S UART I2C SPI ADC

Protects your devices and your customers with certificate-based authentication of all communication

Detects emerging security threats through automated processing of on-device failures

Responds to threats with fully automated on-device updates of OS

Allows for easy deployment of software updates to Azure Sphere powered devices

Simplify development Focus your device development effort on the value you want to create

Streamline debugging Experience interactive, context-aware debugging across device and cloud

Simplify Azure connect Connect your Azure Sphere devices quickly and easily to Azure IoT

© Microsoft Corporation Three components. An Azure Sphere certified MCU One low price. The Azure Sphere Security Service No subscription required. for 10 years The Azure Sphere OS with 10 years of on-device updates

Open to any cloud Azure Sphere is open Azure Sphere devices are free to connect to Azure or any other cloud, proprietary or public for application data

Open to any innovation MCU manufacturers are free to innovate with our GPL’d OSS Linux kernel code base

* Azure Sphere branding requires an Azure Sphere chip with Azure Sphere © Microsoft Corporation OS and Azure Sphere Security Service Azure Sphere empowers manufacturers to create highly-secured, connected MCU devices

SECURITY PRODUCTIVITY OPPORTUNITY Every device built with The Azure Sphere Azure Sphere empowers Azure Sphere is secured developer experience OEMs to create new by Microsoft. shortens OEM time to customer experiences and market. business models. For its 10 year lifetime.