IoT løsninger Cloud tjenester & Analyseværktøjer Ole Kjeldsen CTO & CISO Microsoft Danmark & Island Denne pptx: https://aka.ms/msiot2018 AGENDA Overblik … Trusler & mulige løsninger Sphere, Hub, Edge & cloud services …. meget mere i appendix & via bl.a. online træning hvis man vil nørde ☺ What is …. 9 billion IoT devices deployed per year © Microsoft Corporation Microcontrollers (MCUs) Wave 1: Wave 2: The Microcontroller (MCU) Internet Connectivity © Microsoft Corporation 1970’s 1980’s 1990’s 2000’s 2010’s 2020’s 2030’s 9 BILLION new MCU devices deployed every year IN TOYS... IN APPLIANCES… IN EQUIPMENT… FEWER THAN 1% ARE CONNECTED TODAY. North Carolina Highway Signs Compromised By a First/Largest known DDoS attack using insecure IoT Foreign Hacker* devices (2016) disrupted WW internet traffic ** *NSTAC Report to the President on the Internet of Things. www.dhs.gov/sites/default/files/publications/ ** https://www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/ What is …. 5 billion USD Microsoft investment in IoT © Microsoft Corporation The internet security battle. We’ve been fighting it for decades. We have experience to share. © Microsoft Corporation Azure Sphere Announced at RSA Azure Sphere is an end-to-end solution for securing MCU powered devices A new Azure Sphere OS secured by Microsoft for the devices 10-year lifetime to create a trustworthy platform for new IoT experiences A new Azure Sphere class of MCUs, from silicon partners, with built-in Microsoft security technology provide connectivity and a dependable hardware root of trust. The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust for device-to-device and device-to-cloud communication, detects emerging threats, and renews device security. © Microsoft Corporation Highly-secured connected devices require 7 properties Hardware Defense Small Trusted Root of Trust in Depth Computing Base Is your device’s identity Does your device remain Is your device’s TCB and software integrity protected if a security protected from bugs in secured by hardware? mechanism is defeated? other code? Dynamic Certificate-Based Failure Renewable Compartments Authentication Reporting Security Can your device’s Does your device use Does your device Does your security protections certificates instead report back about device’s software improve after of passwords for failures and update deployment? authentication? anomalies? automatically? © Microsoft Corporation = Silicon support required = OS support required = Cloud Service support required Three components. An Azure Sphere certified MCU One low price. The Azure Sphere Security Service No subscription required. for 10 years The Azure Sphere OS with 10 years of on-device updates © Microsoft Corporation Open to any MCU manufacturer We are licensing our Pluton security subsystem royalty free for use in any chip* Open to any cloud Azure Sphere is open Azure Sphere devices are free to connect to Azure or any other cloud, proprietary or public for application data Open to any innovation MCU manufacturers are free to innovate with our GPL’d OSS Linux kernel code base * Azure Sphere branding requires an Azure Sphere chip with Azure Sphere © Microsoft Corporation OS and Azure Sphere Security Service Our Silicon Partners © Microsoft Corporation WHEN? The first devices with Azure Sphere MCUs on shelf September 2018 In preorder now! © Microsoft Corporation https://www.seeedstudio.com/MT3620-Development-Board-for-Azure-Sphere-p-3052.html# IoT Edge Solutions Azure IoT Edge Azure Stream Analytics Azure Monitor Use| Windows 10 IoT Core Azure Machine Learning Azure Event Grid Azure Sphere Azure Maps Azure Websites Azure HD Insight Platform Azure Certified for IoT Spark, Storm, Kafka Microsoft Power BI Azure IoT Device SDK Azure Event Hubs Microsoft Flow Azure IoT Hub Device Azure Data Lake Azure Functions Provisioning Service Azure Time Series Azure IoT Hub Insights Azure Logic Apps Fully hosted and managed by Microsoft No cloud development expertise required Device connectivity and management Azure IoT Central Monitoring rules and triggered actions User roles and permissions Analytics, dashboards and visualization Risk-free trial with simplified pricing End-to-end implementation Completely customizable Open-source microservices based architecture Device connectivity and management Azure IoT solution Dashboards, visualization, and insights accelerators Workflow automation and integration Command and control Preconfigured solutions Remote Monitoring Connected Factory Predictive Maintenance Device Simulation Establish bi-directional communication with billions of IoT devices Enhance security with per device authentication Provision devices at scale w/IoT Azure IoT Hub Hub Device Provisioning Service Manage devices at scale with device management Multi-language and open source SDKs Move cloud and custom workloads to the edge, securely Seamless deployment of AI and advanced analytics Configure, update and monitor from the cloud Azure IoT Edge Compatible with popular operating systems Code symmetry between cloud and edge for easy development and testing Secure solution from chipset to cloud Connect millions of devices, integrate your business systems with new analysis tools to gain insights and transform your business. Get started quickly with preconfigured solutions for common IoT scenarios, using accellerators. Azure IoT Leverage a worldwide ecosystem of experienced IoT partners to tailor IoT solutions to your needs. Sphere delivers highly secured, Internet connected MCU devices with a purpose built OS & turn-key cloud service guarding every device. https://www.youtube.com/watch?v=iiDF26HNh-Y © Microsoft Corporation Klar til at BYGGE IoT Applikationer? Klar til at BRUGE en IoT Solution? Find alt du har brug for at udvikle selv Brug kontrollerede at industri-specifikke avancerede IoT apps med kendte værktøjer løsninger for at komme igang hurtigt og og udviklingssprog. Byg IoT apps nemt. Prøv IoT løsninger Azure IoT solutions Azure IoT Build page Azure IoT Hub IoT School acceleratorer Sphere: https://azure.microsoft.com/da-dk/services/azure-sphere/ Azure IoT: https://azure.microsoft.com/da-dk/overview/iot/ Edge IoT: https://azure.microsoft.com/da-dk/services/iot-edge/ Microsoft Research Paper: https://aka.ms/7pohsd “7 Properties of Highly Secure Devices” © Microsoft Corporation TAK! Hent præsentationen med mange flere detaljer på Ole Kjeldsen https://aka.ms/olek https://aka.ms/msiot2018 Use common, templates to accelerate your IoT projects and jump ahead of the competition. Hardware Root of Trust Unforgeable cryptographic keys generated and protected by hardware Is your device’s identity and software integrity secured by hardware? o Hardware to protect Device Identity Some properties o Hardware to Secure Boot depend only on hardware support o Hardware to attest System Integrity © Microsoft Corporation Dynamic Compartments Internal barriers limit the reach of any single failure Can your device’s security protections improve after deployment? Some properties o Hardware to Create Barriers depend on hardware o Software to Create Compartments and software © Microsoft Corporation Renewable Security Device security renewed to overcome evolving threats and security breaches. Does your device’s software update automatically? o Cloud to Provide Updates Some properties o Software to Apply Updates depend on hardware, software and cloud o Cloud to Prevent Rollbacks © Microsoft Corporation Azure Sphere empowers manufacturers to create highly-secured, connected MCU devices SECURITY PRODUCTIVITY OPPORTUNITY Every device built with The Azure Sphere Azure Sphere empowers Azure Sphere is secured developer experience OEMs to create new by Microsoft. shortens OEM time to customer experiences and market. business models. For its 10 year lifetime. © Microsoft Corporation Azure Sphere MCUs create a secured root of trust for connected, intelligence edge devices Microsoft C O N N E C T E D with built-in networking Network Pluton FLASH Connection Security ≥ 4MB Wi-Fi in first chips SECURED with built-in Microsoft silicon Subsystem CONNECTED with built-in networking security technology including the Pluton Firewall Firewall Firewall Security Subsystem SECURED with built-in Microsoft silicon security ARM ARM Cortex-A SRAM Cortex-M technologyCROSSOVER including theCortex Pluton-A Securityprocessing Subsystem power Optimized for ≥ 4MB For real-time brought to MCUs for the first time low power processing CROSSOVER Cortex-A processing power Firewall Firewall Firewall brought to MCUs for the first time Multiplexed I/O GPIO PWM TDM I2S UART I2C SPI ADC © Microsoft Corporation The Azure Sphere OS is optimized for IoT, Security and MCU agility Azure Sphere OS Architecture App Containers for App Containers for Secure Application Containers OS Layer 4 POSIX (on Cortex-A) I/O (on Cortex-Ms) Compartmentalize code for agility, robustness & security On-chip Cloud Services OS Layer 3 On-chip Cloud Services Provide update, authentication, and connectivity Custom Linux kernel OS Layer 2 HLOS Kernel Empowers agile silicon evolution and reuse of code Security Monitor OS Layer 1 Security Monitor Guards integrity and access to critical resources Hardware Azure Sphere MCUs © Microsoft Corporation The Azure Sphere Security Service connects and protects every Azure Sphere device Protects your devices and your customers with certificate-based authentication of all communication Detects emerging security threats through automated processing of on-device failures Responds