The number of microcontrollers hidden in computers, cars, household appliances, airplanes, toys and mobile devices is constantly growing. More and more functionality depends on software and many improvements, innovations are today the result of the use of processors, controllers and displays.
As data and personal information become a highly valuable asset the importance of security rises continuously. Security in the embedded world becomes even more important especially in the IoT domain like factories or smart homes. Imagine your vulnerabilities at a connected device could make your product’s recipe not a secret anymore. Even worse, your connected device could start applying slightly different doses. Or your predictive maintenance solution might be using falsified data. The problem becomes pretty urgent as more and more devices are being connected in each type of business, like toys, medical, production, smart homes and smart cities, energy production and agriculture.
GFI East is developing a device-to-cloud solution to enable security in the next generation of embedded IoT devices. The basis of the solution is Microsoft’s Azure Sphere platform that just got generally available on 24th February. It is based on a secured microcontroller unit with built-in WiFi, secured operating system and security service running in the cloud.
The microcontroller unit is equipped with multiple ARM Cortex cores for Real Time and High Level applications, Microsoft Pluton security subsystem, multiplexed IOs and built-in WiFi.
Figure 1. Azure Sphere Device Architecture
(https://docs.microsoft.com/en-us/azure-sphere/product-overview/what-is-azure-sphere)
The Real Time core can run real-time application on bare metal or on a Real Time Operating System of your choice. The High Level application core runs a dedicated Linux OS that lets developers build and run containerized applications. Those can communicate with internet (for example IoT Hub) and with real-time core (via Application Socket functions in provided libraries). The OS services provide connectivity to the Azure Sphere Security Service “out of the box”. The Azure Sphere Security Service implements certificate-based authentication, automatic updates for Azure Sphere OS and customer applications and error reporting and diagnostic analysis.
The design has its roots in the seven properties of highly secured devices:
- Small trusted computing base
- Dynamic compartmentalization
- Certificate-based authentication
- Error reporting
- Renewable security
Those are widely described in Microsoft’s white paper available: https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
There are already development kits available from Seeed and Avnet containing the first Sphere-compliant MCU, the MediaTek MT3620 with 500 MHz ARM A7 core and 200 MHz ARM M4F cores, 16 MB of FLASH and 4 MB of RAM.
Figure 2. MT3620 Block Diagram
(https://d86o2zu8ugzlg.cloudfront.net/mediatek-craft/documents/mt3620/MT3620-Datasheet-v1.2.pdf)
Figure 3. Development Kit from Seeed at GFI East.
The solution being developed comprises of electronic platform, security service for device management and cloud application for real-time monitoring and predictive maintenance.
With Microsoft’s Azure and Azure Sphere technologies GFI East closes the security gap in the next generation of end-to-end IoT applications. Feel free to contact GFI East regarding embedded software, highly secure end-to-end IoT solutions and predictive maintenance. We are ready to help you. Let’s get in touch.
