Azure Sphere

Azure Sphere

IOT CYBERSECURITY FROM EDGE-TO-CLOUD: BUILD HIGHLY SECURED CONNECTED DEVICES WITH NXP AND MICROSOFT AZURE SPHERE Sudhanva Huruli, Program Manager, Microsoft Naama Bak, Global Business Development, NXP M A R C H 2 0 2 1 PUBLIC NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RES PECTIVE OWNERS. © 2021 NXP B.V. AGENDA • Summary of the recent announcement • Cybersecurity for IoT • Properties of highly secured devices • How does i.MX 8ULP-CS processor work with Azure Sphere • Use cases for the i.MX 8ULP-CS & i.MX 9 processors PUBLIC 1 NXP INTRODUCES ITS FIRST CLOUD -SECURED, MICROSOFT AZURE SPHERE -CERTI F IED PROCESSOR FAMILY Plans to build additional Azure Sphere-certified processors as part of the NXP i.MX 9 series First cloud-secured crossover applications processor, the i.MX 8ULP-CS with Azure Sphere PUBLIC 2 Importance of Cybersecurity in IoT PUBLIC NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RES PECTIVE OWNERS. © 2021 NXP B.V. 3 PUBLIC 3 What happens when you connect a device to the internet? “The internet is this cauldron of evil.” Dr. James Mickens, Harvard University PUBLIC 4 CYBERATTACKS PUT BUSINESSES AT RISK ! ! ! Devices bricked or Devices are used for Data & Data polluted & Devices used to held for ransom malicious purposes IP theft compromised attack networks The cost of IoT attacks Stolen IP & other highly valuable data Brand impact (loss of trust) Financial and legal responsibility Compromised regulatory status Recovery costs Downtime or certifications Security forensics PUBLIC 5 MIRAI BOTNET ATTACK • Everyday devices are used to launch an attack that takes down the internet for a day • 100k devices • Exploited a well-known weakness • No early detection, no remote update PUBLIC 6 EXPECTATIONS ARE INCREASING WITH AWARENESS Consumers Enterprise Customers Government Action 65% of consumers wouldn’t 97% of enterprises call out security In the USA, several bills have been purchase a smart device from a as a concern when adopting IoT.1 introduced in Congress, with two brand that has experienced a passed in California (SB-327) and security breach. Enterprise customers would purchase Oregon (HB2395). 70% more devices if security concerns were mitigated.2 74% of consumers would pay In Europe, upcoming EU more for a smart device that had Enterprise customers are willing to Cybersecurity Act with three security additional security. pay 22% more for IoT cybersecurity.2 assurance levels will become basis for regulation—basic, substantial, high. 93% of consumers believe that manufacturers need to do more to ETSI EN 303 645, with 13 security secure smart devices. requirements, with increasing adoption globally (e.g. Singapore, Finland, UK). According to Greenberg research 2019 1 IoT Signals 2020 2 Bain & Co. 2018 PUBLIC 7 WHAT WE HEAR FROM CUSTOMERS ABOUT THE CHALLENGES OF SECURING IOT Manufacturing Operations Maintenance While in the factory or in the supply Once in the field, ICs and devices are While this capability is key to chain, ICs and devices are subject to susceptible to a wide range of logical attacks maintaining device security, the upgrade malware injection, counterfeiting, key and physical attacks, including malware process must be totally secure to capture, overproduction, and the injection, theft of unencrypted data, and prevent loading of malware/unauthorized creation of security backdoors. malicious software updates, as well as SW. reverse engineering. PUBLIC 8 THE 7 PROPERTIES OF HIGHLY SECURED DEVICES Hardware Defense Small Trusted Root of Trust in Depth Computing Base Is your device’s identity Does your device remain Is your device’s security- and software integrity protected even if some enforcement code protected secured by hardware? security mechanism is from bugs in application defeated? code? Dynamic Certificate-Based Error Renewable Compartments Authentication Reporting Security Can your device’s Does your device Does your device Does your device security improve after authenticate itself with report back errors to software update deployment? certificates? give you in-field automatically? awareness? PUBLIC 9 AZURE SPHERE An end-to-end solution for securely connecting existing equipment and to create new IoT devices with Operating built-in security. System Integrated hardware, software, and cloud services work Ongoing seamlessly together and deliver active security by default. Hardware Ongoing Servicing Ongoing security and OS updates from Microsoft keep your devices secured over time. Defense in depth provides multiple layers of protection to help guard devices against and respond to threats. Cloud Implementation options allow you to secure existing equipment Security and build security into new IoT devices. PUBLIC 10 Azure Sphere certified chips The Azure Sphere Operating System The Azure Sphere Security Service Adv. Proc. Real-Time OS Layer 4 Containers Containers Microsoft Pluton Network Security Connection Azure Subsystem OS Layer 3 On-chip Cloud Services FIREWALL Azure Sphere Security Service FIREWALL FIREWALL OS Layer 2 Linux Kernel ARM Cortex-A ARM Cortex-M OS Layer 1 Security Monitor network & AI for real time processing processing FIREWALL OS Layer 0 Pluton Runtime ©Microsoft Corporation Azure PUBLIC 11 AZURE SPHERE & NXP i.MX 8ULP -CS OVERVIEW Hardware • i.MX 8ULP-CS processor • Microsoft Pluton Enabled EdgeLock™ Secure Enclave i.MX 8ULP-CS • Root of Trust established at NXP YOUR APPS AZURE SPHERE API TO PERIPHERALS, Operating System YOUR FW PROVISIONING CRYPTO.. • Managed OS for users OS / FW PROVISIONING AZURE SPHERE OS OS / FW UPDATE • Built off existing technology ROOT OF TRUST PLUTON / EDGELOCK KEYS UPDATE • Secure boot ROM code based; ESTABLISHMENT Keys fused at NXP SECURE MANUFACTURING SECURE OPERATIONS SECURE UPDATE PUBLIC 12 MANAGED SECURITY SERVICE TO PROVIDE UPDATES • Fully managed OTA service by Microsoft for OS components updates and on demand user application update • Users use Microsoft frontend to interact with device • Azure Sphere Service is agnostic to your cloud provider • Microsoft provides constant updates for the lifetime of the chip PUBLIC 13 OVERVIEW ON i.MX 8ULP APPLICATION PROCESSOR SPECIFICATIONS: CPU Connectivity 10/100 ETH Arm Cortex-A35 @ 1.0 GHz CAN Bus Arm Cortex-M33 @ 240Mhz Fusion DSP @200MHz Packaging External Memory 2 2 9.4x9.4mm , 15x15mm SPI-NAND LPDDR4 Temp Range SPI NOR -40oC to 105oC PUBLIC 14 Use Cases for i.MX 8ULP-CS PUBLIC NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RES PECTIVE OWNERS. © 2021 NXP B.V. 15 PUBLIC 15 i.M X 8ULP-CS & i.MX 9 USE CASES Cloud connected Manufacturing Automation Gateways Home Control & Security Energy Consumption & Temperature Monitoring Wireless Base Stations Smart Appliances Monitoring Machine Diagnosis & Control Switches Thermostats PV Inverters Remote Asset Control Home Hub EV Charging Station Fleet Tracking eReaders Building Control System EBS Smart Parking SOM Modules Wearables Smart Lighting Smart Watch Connected Printers Activity Tracking Barcode Scanner Smart Glass PUBLIC 16 Contact Us! If you are interested to share insights and discuss how Azure Sphere and i.MX 8ULP-CS could shape your next generation IoT products. [email protected] [email protected] PUBLIC 17 NXP, THE NXP LOGO AND NXP SECURE CONNECTIONS FOR A SMARTER WORLD ARE TRADEMARKS OF NXP B.V. ALL OTHER PRODUCT OR SERVICE NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. © 2021 NXP B.V..

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    19 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us