Microsoft ready to share secure MCU

April 04, 2017 // By Peter Clarke
Microsoft Research has embarked on Project Sopris with the intention of improving the security provision within microcontrollers.

Having designed the Sopris microcontroller with the help of silicon partner MediaTek Inc. Microsoft is now putting that microcontroller on a development board together with software that it is prepared to share with other researchers and security experts in academia and industry.

Microsoft is calling for others to get involved in Project Sopris this way and to drive a fundamental upgrade in electronic security. The researchers argue if this is not done it will leave microcontrollers unfit for purpose in the era of the Internet of Things and leave society vulnerable. The project is aimed at security for low-cost devices generally, recognizing that if security requires too much die area or resources it will not be affordable in numerous applications.

In particular Microsoft claims that traditional microcontrollers are "particularly ill-prepared for the security challenges of internet connectivity."

Seven pillars of security

The Project Sopris group has begun by identifying what it considers are the seven properties required in highly secure devices and has conducted an experiment with silicon partner to revise one of MediaTek's MCUs to create a prototype secure microcontroller.

The seven properties are: hardware-based root of trust; small trusted computing base; multi-layered and multi-vectored defense in depth; compartmentalization; certificate-based authentication; renewable security and failure reporting.

Microsoft has designed hardware security module it calls Pluton and states that adding Pluton or an equivalently-featured security module to a design is a necessary step towards creating a highly secure device.

The Pluton root of trust subsystem includes a security processor, cryptographic enginers, a hardware random number generator, a key store and a cryptographic operation engine.

The cryptographic engines in Pluton include an AES symmetric-key decryption and encryption engine, a SHA hashing engine used for measuring code and checking certificates, and a public key engine for accelerating RSA and ECC public key operations.

Next: Working with MediaTek