Azure Sphere 为智能边缘保驾护航

施佳物联解决方案架构师 IoT Solutions, Microsoft 2019年3月13日苏州 The microcontroller (MCU) a low-cost, single chip computer

9 BILLION new MCU devices built and deployed every year The MPU in your PC is 100x to 1000x more powerful than the MCU in your fridge.

MCU

MPU Connected MCUs will change your customer relationships

How does a consumer know the compressor in their fridge needs to be replaced?

Option 1 Option 2 Melted ice cream Predictive maintenance

Connected devices create profoundly better customer experiences.

Device security is a socioeconomic concern Day 1 the attack is Technology headline in NY Times Day 2 the attack is Politics headline

The attack exploited well-understood weaknesses Weak common passwords, no early detection, no remote update, etc.

Future attacks could be much larger This attack was small; just 100k devices Imagine a 100M-device attack

Future attacks could create huge liability exposure Hackers could ”brick” an entire product line in a day Actuating devices could cause property damage or loss of life

Hardware Defense Small Trusted Root of Trust in Depth Computing Base

Is your device’s identity Does your device remain Is your device’s TCB and software integrity protected if a security protected from bugs in secured by hardware? mechanism is defeated? other code?

Dynamic Certificate-Based Failure Renewable Compartments Authentication Reporting Security Can your device’s Does your device use Does your device Does your security protections certificates instead report back about device’s software improve after of passwords for failures and update deployment? authentication? anomalies? automatically?

© Microsofthttps://aka.ms/7properties Corporation = Silicon support required = OS support required = Cloud Service support required Hardware Root of Trust Unforgeable cryptographic keys generated and protected by hardware Is your device’s identity and software integrity secured by hardware?

o Hardware to protect Device Identity Some properties o Hardware to Secure Boot depend only on hardware support o Hardware to attest System Integrity

Some properties o Hardware to Create Barriers

depend on hardware o Software to Configure Compartments and software

o Cloud to Provide Updates Some properties depend o Software to Apply Updates on hardware, software and cloud o Hardware to Prevent Rollback

SECURITY PRODUCTIVITY OPPORTUNITY Every device built with The Azure Sphere Azure Sphere empowers Azure Sphere is secured developer experience OEMs to create new by Microsoft. shortens OEM time to customer experiences and market. business models. For its 10 year lifetime.

New Azure Sphere OS secured by Microsoft for the devices 10-year lifetime to create a trustworthy platform for new IoT experiences

New Azure Sphere certified MCUs, from silicon partners, with built-in Microsoft security technology provide connectivity and a dependable hardware root of trust.

The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust for device-to-device and device-to-cloud communication, detects emerging threats, and renews device security.

C O N N E C T E D with built-in networking Microsoft Network Pluton FLASH Connection Security ≥ 4MB WiFi in first chips SECURED with built-in Microsoft silicon Subsystem CONNECTEDsecurity technologywith built including-in networking the Pluton Firewall Firewall Firewall Security Subsystem SECURED with built-in Microsoft silicon security ARM ARM Cortex-A SRAM Cortex-M technologyCROSSOVER including theCortex Pluton-A Securityprocessing Subsystem power optimized for ≥ 4MB for real time brought to MCUs for the first time low power processing CROSSOVER Cortex-A processing power Firewall Firewall Firewall brought to MCUs for the first time Multiplexed I/O

GPIO PWM TDM I2S UART I2C SPI ADC

Azure Sphere OS Architecture

App Containers for App Containers for Secure Application Sandboxes OS Layer 4 POSIX (on Cortex-A) I/O (on Cortex-Ms) Compartmentalize code for agility, robustness & security

On-chip Cloud Services OS Layer 3 On-chip Cloud Services Provide update, authentication, and connectivity

Custom Linux kernel OS Layer 2 HLOS Kernel Empowers agile silicon evolution and reuse of code

Security Monitor OS Layer 1 Security Monitor Guards integrity and access to critical resources

Hardware Azure Sphere certified MCUs

Protects your devices and your customers with certificate-based authentication of all communication

Detects emerging security threats through automated processing of on-device failures

Responds to threats with fully automated on-device updates of OS

Allows for easy deployment of software updates to Azure Sphere powered devices

Simplify development Focus your device development effort on the value you want to create

Streamline debugging Experience interactive, context-aware debugging across device and cloud

Collaborate across your team Apply tool-assisted collaboration across your entire development organization

Simplify Azure connect Connect your Azure Sphere devices quickly and easily to Azure IoT

Three components. The Azure Sphere Security Service One low price. for 10 years

No subscription required. The Azure Sphere OS with 10 years of on-device updates

Open to any cloud Azure Sphere is open Azure Sphere devices are free to connect to Azure or any other cloud, proprietary or public for application data

Open to any innovation MCU manufacturers are free to innovate with our GPL’d OSS Linux kernel code base

© Microsoft Corporation * Azure Sphere branding requires an Azure Sphere chip with Azure Sphere OS and Azure Sphere Security Service SECURITY PRODUCTIVITY OPPORTUNITY Peace of mind Faster time to market The future is now Protect your products and customers Lower overhead and increase team Transform engagement your products with our turnkey, 7 property security efficiency with tools that deliver and customer strategies, and enable new solution that protects, detects and productivity and dramatically optimize revenue streams with connected responds to threats dynamically so development and maintenance of your crossover chips powerful enough to you’re always prepared. device and experiences. create next generation experiences.

连接Azure Sphere到Azure IoT Hub

Azure Sphere Compact Development Board USB Cable

Publish/Deploy

Azure Upgrade existing devices Azure Use a Azure Sphere MCU MCU Sphere by adding a Azure Sphere MCU Sphere module to existing MCU, to provide connectivity in conjunction with an Azure Sphere connected by serial, SPI module etc. application-specific MCU. Product PCB Product PCB

Sensor Add connectivity to Sensor s s Azure Use a Azure Sphere MCU to Sphere existing or new devices by Contro Azure Contro Sphere l wiring simple sensing, l implement all the on-device control and HMI to a logic and provide HMI† Azure Sphere HMI† module Azure Sphere module. connectivity.

Product PCB Product PCB

* Hybrid combinations possible † HMI: human-machine interface 非常感谢！

© 2018 Microsoft Corporation. All rights reserved. © 2019 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.