In an effort to improve security of IoT devices, Microsoft announced Azure Sphere, an end-to-end solution for Internet-connected microcontroller units (MCUs), during the April 2018 RSA infosec conference. Azure Sphere is organized around a three-layer architecture composed of hybrid microcontrollers running a new IoT-optimized Linux kernel and leveraging a cloud-based security service. The first Azure Sphere chip, the MT3620, is developed by MediaTek Inc and is expected to be publicly available in the third quarter of 2018.
The new MCUs are called "crossovers" by Microsoft because they combine both real-time (Cortex-M) and application (Cortex-A) processors into an MCU package, a necessary complexity in order to run a Linux distribution that is, by it's nature, CPU and memory intensive. To some experts, this combination ends up being a full application processor more than a simple MCU.
The chips include built-in network connectivity and Microsoft Pluton, an isolated security subsystem with its own Arm Cortex-M4F core that creates a hardware-based root of trust, stores private keys, and executes cryptographic operations. Programing the MCU takes place in an extended version of Visual Studio.
The new Linux kernel is a real-time operating system (RTOS) optimized for an IoT environment. It represents Microsoft's first-ever Linux distribution. The choice of Linux over Windows 10 IoT Core was required to allow the operating system to fit onto IoT node devices that have limited memory and power.
The silicon security technologies are licensed to partners royalty-free to lower the price of the device but Microsoft will charge a one time-fee per device to access the Azure Sphere security service. This cloud-based security service acts as an adaptive guarding layer for the devices by handling software updates, currently one of the major security weakness of IoT devices, as well as failure reporting, and authentication.
Azure Sphere is currently in private preview with the MediaTek MT3620 chip being tested by customers. Public availability of the chip is expected for summer of 2018 and dev-kits by the middle of the year. Microsoft's goal is to have Azure Sphere devices on the market by the end of the year.
This move by Microsoft follows a similar announcement by AWS last November to open source Amazon FreeRTOS, an AWS project built on the FreeRTOS kernel v10. The FreeRTOS Kernel was initially created in 2003 by Richard Barry, and is said to be "the most popular OS for embedded devices".
Driven by the business opportunities created by IoT devices, the MCU market is predicted to reach 27 billion units by 2020 for a market worth $20 billion according to an MCU market forecast by IC insights, a semiconductor marketing research company. However, as recent botnet and ransomware attacks have shown, IoT security poses a major risk for global Internet operations. To answer that threat, the Azure Sphere initiative was started in 2015 with a small team within the Microsoft AI+Research NExT division. The team identified Seven Properties of Highly-Secure Devices which layed out the ground work for the security measure and strategy implemented in Azure Sphere.