With Linux, Microsoft makes IoT systems super secure


It was inevitable. I saw the writing on the wall when two years ago Microsoft turned to Linux to build an OS for networking switch for Azure. This week Microsoft announced Azure Sphere, an end-to-end solution for IoT devices.

The project is interesting from many different angles, the two most interesting angles are:

  1. It’s solving the biggest problem IoT and IIoT devices face today – security (or the lack of it)  
  2. It’s running Linux.

A quick intro to Azure Sphere

The announcement of Azure Sphere was made at RSA 2018, which clearly indicates that it’s all about security. In an interview, Galen Hunt, Partner Managing Director of Microsoft Azure Sphere told me that there are billions of devices out there that are powered by MCU (microcontrollers), but many of those devices are not connected to the internet. However, that’s going to change, and we will see most of these devices going online. That’s going to be a huge problem as none of these devices are designed with security in mind.

We have already seen the kind of havoc insecure IoT devices can cause. In 2016 the Mirai botnet brought down a big chunk of the internet by creating an army of IoT devices that were used to launch DDoS attacks.

While most people think that insecure smart devices like door locks or smart fridges can be compromised to lock you out of them, the real problem is much bigger. Once a device is compromised, since it’s on the local network it has access to every device in that network. It can compromise all of those devices. Doorbells can be used to steal sensitive information including credit card info any other device on the network which has access to such data. A zombie IoT device can lay low like a sleeping cell and wake up when needed. Imagine a scenario when all such IoT Wights wake up to create a massive disruption on the Election Day.

What makes these devices vulnerable

There are three major factors that make these devices vulnerable:

  • Lack of security at the hardware level
  • Lack of mechanisms to keep updated to patch vulnerabilities
  • Lack of incentives for vendors to invest in security and updates

Most Consumer IoT vendors monetize by selling more devices. They move from one version of hardware to the next, leaving the previous versions of the devices without any updates. The industry lives off a razor-thin profit margin, so they don’t have any incentive to invest in security or updates. On top of that, lack of any business model to monetize from these devices after sales leave companies uninterested in them.

While companies like Google, Amazon, and Apple are working on super expensive consumer IoT devices like smart speakers, the rest of the IoT ecosystem is left to make their own decisions about how to proceed.

Armored Achilles heel aka Azure Sphere

Enter Microsoft with a three-fold solution to put armor around the Achilles heel of IoT devices. The initial work on Azure Sphere started back in 2015, to secure the connected devices. Hunt explained that the security implications of Azure Sphere are based on the work Hunt and his team had done to chalk out seven properties of highly secure devices.

Azure Sphere has three core components: Microsoft certified MCUs, Azure Sphere OS, and Azure Sphere Security Service.

According to Hunt, Microsoft Certified MCUs combines both real-time and application processors with built-in Microsoft security technology and connectivity. Each chip includes custom silicon security technology from Microsoft, inspired by 15 years of experience and learnings from Xbox, to secure this new class of MCUs and the devices they power.

Microsoft will work with vendors and partners to offer these chips. It won’t change anything for the existing billions of such devices, but future devices may be more secured.

Secure vs Secured

Hunt made a very interesting point that Microsoft is using the term ‘secured’ devices and not the secure device. He explained that no matter how ‘secure’ a device is on day one, on day two there can be some newly found bug that could compromise that device. So fundamentally, we can’t call a device a secure device, but what we can do is ensure that it’s a ‘secured’ device. Security is a process. It’s a cat and mouse game. A device can be kept secured on day two and day three with updates and other best practices. That’s exactly what Microsoft is doing with Azure Sphere MCUs. The devices that can be powered by MCU include everything from consumer appliances to industrial IoT devices.

The first chip powered by these technologies is the MediaTek MT3620. Hunt expects more silicon vendors offering their own Azure Sphere chips. Microsoft is licensing silicon security technologies to partners royalty-free, which means silicon vendors can manufacture Azure Sphere chips at low cost to keep the prices of such devices affordable.

But there has to be a sustainable business model. If Microsoft is giving the technology away for free, how are they going to monetize? It’s not a charity.

Microsoft will charge a nominal one-time fee per device, which will give these devices access to the ultimate frontier of security, the cloud-based Azure Sphere Security Service.

Hunt explained that the Azure-based security service will guard each Azure Sphere device, brokering trust for device-to-device and device-to-cloud communication through certificate-based authentication, detecting emerging security threats across the entire Azure Sphere ecosystem through online failure reporting, and renewing security through software updates.”

Even if an existing lot of IoT devices are more or less powered by Linux, they are plagued by the three problems I mentioned earlier. One of the biggest problems is automated updates. I have been writing about IoT for a long time and one focal point of the discussions has been how to incentivize vendors so they could continue to update their devices, as well as trying to find a solution to keep devices updated if the vendors go out of business.

Azure Sphere solves that problem. Hunt told me that these devices will continue to get software updates for 10 years. That creates a lucrative incentive for IoT vendors. They pay a nominal fee to get a fully baked chip plus support for 10 years. Once they have sold devices powered by these chips, they can walk away from their customers, like earlier, but this time their customers won’t be left high and dry. These vendors won’t have to worry about class action lawsuits or massive fines due to vulnerabilities.

Hunt said that instead of offering a recurring subscription for Azure Security Service, making it part of a one-time license fee makes it easier for vendors to get onboard. In addition, customers don’t have to worry about the device maker not renewing the subscription or going out of business.

In my discussions with many stakeholders of the IoT world, it is pretty clear that no amount of customer awareness is going to work when people are looking for the cheapest Webcam on and don’t bother to verify the updatability. Regulation is another possible solution, but we can’t expect that from an administration that is determined to eliminate existing regulations.

It seems like a dead end. But Microsoft has now provided the industry with a solution that overcomes the potential problems.

What about Linux?

One of the three components of Azure Sphere is Azure Sphere OS, powered by Linux.  When asked why Microsoft is using Linux, Hunt said, “We chose Linux as the OS for two primary reasons: 1) the size of the OS footprint and 2) the needs of our silicon partner ecosystem. The custom Linux kernel found in Azure Sphere has been optimized for an IoT environment and shared under an OSS license so that silicon partners can rapidly enable new silicon innovations.”

More powerful IoT devices, such as media players or ATMs, that run on microprocessors will be powered by Windows IoT. “Windows IoT is a powerful OS for traditional embedded devices such as gateways, ATM machines, Point of Sale devices, digital Signage media players, Kiosks, and new sets of embedded devices such as smart thermostats, robots, wearables etc.”

Over time, Microsoft might transition even those devices to a Linux based OS. Let’s be clear that Azure Sphere OS is not yet another Linux distribution like Ubuntu or Fedora. “It’s not a general-purpose distribution like Ubuntu or Red Hat Enterprise Linux. For example, are no user accounts, no shell, and no package managers.  Think about Azure Sphere as an OS, purpose-built for connected IoT devices that leverages the Linux kernel, customized for IoT scenarios,” said Hunt.

What Microsoft is doing is taking the Linux kernel and making some tweaks and additions according to their needs. Most Linux vendors do the same thing. They customize the kernel; no one uses the mainline kernel. That’s why Ubuntu kernel of Red Hat kernel is in their products. But all these players push these changes back to Linus Torvalds’ tree. Microsoft will be doing the same. Hunt said that Microsoft has been engaged with the Linux kernel community for a very long time. They already use Linux in Azure, so they will be following the same path.

Hunt added that Microsoft and the Azure Sphere team are excited to engage within the wider silicon ecosystem and OSS community on improvements and changes to the Linux kernel targeted at the MCU space. “We’ll have development kits universally available in mid-2018 and look forward to feedback. Keep in touch with us at [email protected] or @OpenAtMicrosoft on Twitter,” he said.

Since the device will be shipped, Microsoft will also be releasing the source code of technologies that are used to comply with GNU GPL v2 used in the Linux kernel. Just think about it for a moment. Microsoft will be shipping devices that are powered by the Linux kernel, that’s dictated by GNU GPL v2. We have come a long way.

Doesn’t that make Microsoft an official Linux vendor? Yes, it does.

That also means that the peanut gallery, with their big megaphone that keeps yelling that Microsoft may embrace, extend and extinguish Linux needs to sit down. Microsoft is building its business on top of Linux. Linux to them is a vehicle, just the way it is for Red Hat and SUSE. The success of Microsoft is now tied to the success of Linux.

I like that! Don’t you?