2 stories
today

Project Sopris is Microsoft’s latest attempt to secure low-cost internet connected devices

As we move towards an era when almost all devices from toys to appliances to vehicles are all connecting to the internet, Microsoft wants to meet the transition head on to alleviate any security issues that might arise. Thus the Project Sopris team are searching for ways to bring low-cost internet connected devices safely online.

As mentioned by the team, “Tens of billions of these devices are controlled by microcontrollers, a class of device particularly ill-prepared for the security challenges of internet connectivity.” The statement came out Friday along with the release of the Project Sopris team’s first technical report titled “The Seven Properties of Highly Secure Devices”.

The publication, which can be found on Microsoft.com, outlines the team’s results. The Project Sopris team has tested different device securities and have concluded that for the best security, these low-cost devices will need to be rooted into hardware for updated security software. In fact, they estimate that most industries adding these network connections will see security failure in the long run.

The seven properties that the Project Sopris team believe will lead to highly secure devices are:

  • Hardware-based Root of Trust
  • Small Trusted Computing Base
  • Defense in Depth
  • Compartmentalization
  • Certificate-based Authentication
  • Renewable Security
  • Failure Reporting

All of these aren’t supported by the traditional memory protection unit (MPU) found in most microcontrollers. However, through a modified MT7687, which is a WiFi enabled microcontroller from MediaTek, the Sopris prototype has proven to be efficient in each of these areas.

“Based on our preliminary experimental experience, we are hopeful that almost any device can be redesigned to achieve high levels of device security—levels that will be critical to society’s safety in the near-future,” the technical report finishes on a positive note.

Further reading: , ,

Will Project Sopris be the next standard microcrontroller?