Where will IoT Take You?
Join companies like Cox Communications, Comcast, and Google to unlock powerful insights through digital transformation.
The 7 properties of highly secure devices and how Microsoft implemented all 7 in low-cost microcontrollers.
MIT Technology Review named “Botnets of Things” as one of the top 10 breakthrough technologies in 2017. From internet-connected kiosks to medical devices, IoT security problems have been stealing the headlines since the infamous Mirai attack last year.
We previously covered Google’s Infrastructure Security Design and CryptoNets as software approaches to security. This week, we dive into the “Seven Properties of Highly Secure Devices” by Microsoft Research NExT Operating Systems Technologies Group to see how we can bring security to the microcontroller level to complete the IoT stack.
The goal of the research was to identify and implement security protocols for the billions of smart devices powered by microcontrollers. Despite the complete lack of security properties in current devices, the researchers remain bullish that IoT security problems can be addressed at the hardware level regardless of the price. Mainly, the purpose of this paper is two-fold: 1) establishing 7 properties required to achieve high security, 2) demonstrating the feasibility with a prototype.
According to the Microsoft research group, the minimum requirements to secure connected devices are the following:
To our astute reader, many of these principles seem obvious. However, the real contribution by the Microsoft team lies in demonstrating the feasibility of implementing all seven principles in low-cost microcontrollers.
The team at Microsoft took a low-power smart home chipset MT7687 from MediaTek Labs to build in multiple levels of security. Figure 1 below shows the architecture of the MT7687 device. While it already contains cryptographic engines to provide some level of security, it fails to provide sufficient security due to its lack of compartmentalization and defense in depth.
Compare the previous design with the modified design shown below. The new design has multiple levels of isolation and process-isolated compartments inside what Microsoft named the Pluton Security Subsystem.
While the paper doesn’t report the added cost to implement Pluton, the researchers state that the next phase will detail packaging Pluton into a simple device board for mass production. Although demonstrating feasibility on a single existing board doesn’t prove that security solved, Microsoft is leading the discussion to push security design considerations to the hardware level.
February 16, 2021
February 11, 2021