MIT Technology Review named “Botnets of Things” as one of the top 10 breakthrough technologies in 2017. From internet-connected kiosks to medical devices, IoT security problems have been stealing the headlines since the infamous Mirai attack last year.
We previously covered Google’s Infrastructure Security Design and CryptoNets as software approaches to security. This week, we dive into the “Seven Properties of Highly Secure Devices” by Microsoft Research NExT Operating Systems Technologies Group to see how we can bring security to the microcontroller level to complete the IoT stack.
The goal of the research was to identify and implement security protocols for the billions of smart devices powered by microcontrollers. Despite the complete lack of security properties in current devices, the researchers remain bullish that IoT security problems can be addressed at the hardware level regardless of the price. Mainly, the purpose of this paper is two-fold: 1) establishing 7 properties required to achieve high security, 2) demonstrating the feasibility with a prototype.
According to the Microsoft research group, the minimum requirements to secure connected devices are the following:
To our astute reader, many of these principles seem obvious. However, the real contribution by the Microsoft team lies in demonstrating the feasibility of implementing all seven principles in low-cost microcontrollers.
The team at Microsoft took a low-power smart home chipset MT7687 from MediaTek Labs to build in multiple levels of security. Figure 1 below shows the architecture of the MT7687 device. While it already contains cryptographic engines to provide some level of security, it fails to provide sufficient security due to its lack of compartmentalization and defense in depth.
Compare the previous design with the modified design shown below. The new design has multiple levels of isolation and process-isolated compartments inside what Microsoft named the Pluton Security Subsystem.
While the paper doesn’t report the added cost to implement Pluton, the researchers state that the next phase will detail packaging Pluton into a simple device board for mass production. Although demonstrating feasibility on a single existing board doesn’t prove that security solved, Microsoft is leading the discussion to push security design considerations to the hardware level.
What type of use case are you building for? Whichever it is we are looking forward to learning more about your needs.
Our team of experts is here to help!