T&VS is attending a Secure IOT event in Reading today, exhibiting our various solutions and expertise in IoT Security. There a number of great speakers including a great talk by on the security of Azure Sphere by Paul Tobin, Senior New Business Sales Manager, Microsoft. This product is based on Xbox which Paul revealed used to be regularly hacked but has been robust to attacks for several years now.
Paul talked us through “The Seven Properties of Highly Secure Devices” written at Microsoft Research NExT Operating Systems Technologies Group. Of course, Azure Sphere meets these properties hence we need to be careful of the marketing spin but it does give a very quick, easy to understand, a ready reckoner for building a secure product. The Seven Properties are
- Hardware-based Root of Trust: Does the device have a unique, unforgeable identity that is inseparable from the hardware?
- Small Trusted Computing Base: Is most of the device’s software outside the device’s trusted computing base?
- Defense in Depth: Is the device still protected if the security of one layer of device software is breached?
- Compartmentalization: Does a failure in one component of the device requires a reboot of the entire device to return to operation?
- Certificate-based Authentication: Does the device use certificates instead of passwords for authentication?
- Renewable Security: Is the device’s software updated automatically?
- Failure Reporting: Does the device report failures to its manufacturer?