Finally, Secure IoT!

The Internet of Things (IoT) is a term used to describe the steadily expanding network of internet-connected devices. These devices exchange data and information to provide insights and solutions for consumers. IoT now extends far beyond handheld devices & home appliances, making its mark within agriculture, smart cities and healthcare. The IoT industry has seen rapid growth in recent years. Statista states, the market size of IoT reached 100 billion dollars in market revenue in 2017 and suggests that this figure will rise to around 1.6 trillion by 2025.

The market size of IoT (in Billion US$) 2017–2025

The number of active IoT devices has also rapidly increased due to several key factors:

• 5G improving the connectivity of devices
• An increase in the suppliers of household IoT devices
• Reduction in IoT device costs
• The emergence of IoT Edge devices

There is still one large factor responsible for delaying the advancement of IoT — sufficient cybersecurity protection. IoT devices are generally inadequately protected, mainly due to poorly maintained firmware leaving them vulnerable infiltration. Gartner reports that by 2020, 25% of all cyber-attacks will involve IoT devices.

A particular IoT cybersecurity incident that stands out is how a hacker stole 10GB worth of sensitive data from a Casino. This was possible by breaching an internet-connected fish tank monitor which had no device security. The hackers accessed the Casino network and jumped from resource to resource, taking data as they moved along. This demonstrates the importance of establishing sufficient security within IoT devices; a small breach can be seen as an unlocked door for hackers and lead to malicious situations such as this.

The Azure Sphere

With the dire need for security within IoT becoming more apparent, Microsoft believes that they have an answer for these security concerns, the Azure Sphere.

This is a secured microcontroller unit (MCU) with built-in communication and security features for internet-connected devices. It aims to provide enhanced security, productivity, and opportunity. The Azure Sphere serves as a high-level application platform that can be programmed to behave in customisable ways, e.g. securely collect and transmit sensitive data to Azure.

The Azure Sphere’s 3 fundamental components

The Azure Sphere is composed of 3 key components:

• An MT3620 MCU that combines real-time and application processors with built-in Microsoft security
• A secured Operating System (OS) built for security and agility to create a trustworthy platform for IoT experiences
• A cloud-based security service, using the Azure Sphere Security Service (AS3) to establish trust between devices, update device security and identify emerging threats

The Azure Sphere MT3620 comes in 3 different forms currently:

(left to right) Avnet Development Board, Mini Development Board, Seeed Development Board

The capabilities of each of these boards vary. The Avnet and Seeed development boards are similar in performance but differ in their structure. Throughout my development, it was vital to have access to the I/O components to connect an environmental sensor. This is something which the Avnet possessed, but the Seeed required a Grove Shield to facilitate its connections. The Mini Development Board is a lighter version of the Seeed Development Board with less powerful processing.

Value

The security concerns circling IoT is one of the critical blockers for adoption. By using the Azure Sphere, developers can withdraw their duty of establishing and managing security for their IoT devices; this process is completely managed by the Azure Sphere.

The device includes I/O components which allow developers to connect certified external devices to the board, such as environmental IoT sensors. This offers a range of freedom for customising the use of the device. The Azure Sphere uses these sensors to gather and securely send data to Azure. Here, the data can be collected, visualised and processed through Azure IoT Central.

Azure IoT Central dashboard visualising temperature & humidity data

IoT Central is an Azure Cloud tool used to manage and collect data from devices. The data can be visualised through custom dashboards, allowing developers to personalise and prioritise the data they want to view. Through having direct integration with Azure, data can be extracted from IoT Central and transformed to extend value. For example, extract data to Azure Machine Learning or Time Series Insights to determine when air quality within an environment may reach an unsafe level, long before it transpires.

Use Cases

1. Gojo uses the Azure Sphere with their hand sanitiser sensors to monitor hand hygiene to prevent infections, providing end-to-end security for the monitoring and analysis of their system.
2. E.ON adopted the Azure Sphere within their energy solutions, securing how their household energy sources communicate with one another.
3. Starbucks is utilising the Azure Sphere to securely monitor and transmit the status of equipment within its stores. Changing from a reactive approach to a proactive one by predicting when equipment may malfunction. This has enabled Starbucks to arrange repairs without removing focus from providing high-quality service to customers.

Development

Having been intrigued at the prospect of finally having a secure IoT device, I had to acquire one for myself to get some hands-on experience. I wanted to see how easy it was to set-up a concept with the Azure Sphere and how far I could push the limits of the device.

There are two key segments of the Azure Sphere development process:

• Establishing an IoT Central environment on Azure to serve as an endpoint for transmitted data from the Azure Sphere
• Writing and uploading code to the Azure Sphere board, completed on Visual Studio

The first step was getting started, Microsoft provided extensive documentation and tutorials for these stages:

• Device set-up
• Building a high-level application
• Creating a cloud deployment
• Building a real-time application

A benefit of the Azure Sphere is its capability to connect a range of IoT sensors. How this is accomplished isn’t described in the documentation to any extent.

As a result, I had to seek support from external developers that had experience with the Azure Sphere. I utilised Microsoft’s Q&A support resource where the developer community were fantastic at providing advise and connecting me with others that could help.

They connected me with Dave Glover (Microsoft Cloud Developer Advocate) on GitHub. He created a project to improve health, wellbeing and productivity by making a CO2 monitoring system with the Azure Sphere. Dave achieved this by connecting the CO2 sensor with the Azure Sphere to collect CO2 levels within an environment and flag when it reaches unhealthy levels. I felt that this was a relevant subject considering my home working schedule since 2020. High levels of CO2 within an environment can be responsible for making you feel tired and lethargic, so I thought why not try to reduce the likelihood of this occurring in my home office space?

Similar to most Azure Sphere sample projects, Dave’s project relied on an outdated version of the Azure Sphere SDK that was no longer compatible. I often found myself opening fresh GitHub projects to find 100s of errors which wasn’t the most reassuring. Unfortunately, this was a common pattern that I found throughout. Projects that were several months old were no longer functional due to new SDK updates. I reached out to Dave Glover and we got chatting about the Azure Sphere. He provided me with an updated version of the solution which was compatible. Allowing me to successfully collect local environment data with the Azure Sphere and send it to an IoT Central application where it was visualised using my customised dashboard. Through analysing this, it found that the CO2 levels in the workspace were generally safe to work within, although gradually throughout the day it would rise. To mitigate this, I would open the window for around an hour and observe the CO2 levels lower again.

The next goal is to push the limits of the Azure Sphere by connecting a camera to the device. The aim is to capture and upload images to Azure, where Computer Vision can extract insights. I could find only one example of a Developer that had achieved success in connecting a camera to the Azure Sphere, a Developer known as ‘Neo’ on GitHub.

I used his GitHub repository as a guide. Neo used an Arducam Mini SPI camera to capture images and programmed the Azure Sphere to upload these to Blob Storage on Azure. After uploading these images to Azure, this opens the potential of attaching additional Azure tools, such as Computer Vision. Having the capability to extract insights from images that have been captured, transferred and analysed securely will offer valuable use-cases. Images are often sensitive pieces of data in most cases, having the reassurance that the Azure Sphere is securing the data stream will be a vital piece of the development. This development is still in progress, I can provide further updates after its completion.

Summary

I believe that the Azure Sphere is a valuable piece of hardware that certainly carries worth, especially for businesses that operate within the IoT sector and require adequate device security for handling sensitive data. The Azure Sphere’s ability to establish and maintain end-to-end security gives it the potential to improve the standard of cybersecurity in IoT. The process of establishing an IoT Central application on Azure is well structured and documented, providing little opportunity for errors. However, I believe that the development required for the Azure Sphere on Visual Studio is still a brave distance away from being developer-friendly and this factor will limit its’ potential.

When connecting external IoT sensors, I was dependant on GitHub repositories from Microsoft developers that had integrated sensors with the Azure Sphere. With limited support for integrating sensors with the Azure Sphere’s I/O components, it’s difficult for developers to not only build solutions but ensure that a possible SDK update in 6 months won’t break the project entirely. For the Azure Sphere to succeed, there needs to be much more guidance for this area of development.

Microsoft has a large development community that was also very supportive for me, yet there doesn’t seem to be much output from its developers using the Azure Sphere. This may indicate that other developers are encountering similar issues with limited guidance.

Lastly, I’d like to give a HUGE thank you to Dave Glover for his help, he was fantastically supportive and kept me on the right track throughout. For anyone wishing to get started with the Azure Sphere, I recommended having a look at Dave’s GitHub resources and he’ll be happy enough to answer any queries if you reach out to him.