A TINY NEW CHIP COULD SECURE THE NEXT GENERATION OF IOTTHE INTERNET OF Things security crisis persists, as billions of inadequately secured webcams, refrigerators, and more flood homes around the world. But IoT security researchers at Microsoft Research have their eye on an even larger problem: the billions of gadgets that already run on simple microcontrollers—small, low-power computers on a single chip—that will gradually gain connectivity over the years, exponentially expanding the internet of things population. And that connected electric toothbrush needs protection, too.
The challenge with internet of things security so far has been the cost of implementing hardened features. It’s cheaper and faster to develop a product without spending time and resources on security. Devices rush off the line without adequate protections, often riddled with bugs, and rarely have a mechanism for manufacturers to distribute patches. An attacker who penetrates those IoT devices can potentially steal data, rope the unit into a botnet, or even use it as a jumping off point to infiltrate other parts of a network.
At least for those full-featured IoT devices, fixes exist, even if they’re rarely or poorly implemented. Smaller peripheral devices that run on microcontrollers, though, don’t have the compute power to spare on security steps like encrypting data, or scanning for anomalous behavior. So Microsoft Research has poured its IoT efforts into Project Sopris, placing the IoT security focus to microcontrollers, while keeping costs down.
7 Habits of Highly Effective Microprocessors
The Project Sopris microcontroller prototype is designed to incorporate what Microsoft terms the “Seven Properties of Highly Secure Devices,” a common-sense melange of best practices. It includes the usual suspects, like enabling regular software updates, and requiring devices to store cryptographic keys in a secure part of the hardware. Hunt says they built the chip with “recognition that you build in security and then you also have to have mechanisms so that if in the future hackers get more clever, you are able to—without the consumer doing anything—be able to update and improve the security on the device.”
Stuffing so many elements onto a microcontroller asks a lot of such a tiny processor, so the Sopris chip includes a secondary security processor that handles much of the cryptographic overhead. That specialized processor also does periodic software audits to check for deviations or any misbehavior. If it finds something, it can reset individual processes—or the whole device—as needed.