The Internet of Things security crisis persists, as billions of inadequately secured webcams, refrigerators, and more flood homes around the world. But IoT security researchers at Microsoft Research have their eye on an even larger problem: the billions of gadgets that already run on simple microcontrollers—small, low-power computers on a single chip—that will gradually gain connectivity over the years, exponentially expanding the internet of things population. And that connected electric toothbrush needs protection, too.
The challenge with internet of things security so far has been the cost of implementing hardened features. It’s cheaper and faster to develop a product without spending time and resources on security. Devices rush off the line without adequate protections, often riddled with bugs, and rarely have a mechanism for manufacturers to distribute patches. An attacker who penetrates those IoT devices can potentially steal data, rope the unit into a botnet, or even use it as a jumping off point to infiltrate other parts of a network.
At least for those full-featured IoT devices, fixes exist, even if they’re rarely or poorly implemented. Smaller peripheral devices that run on microcontrollers, though, don’t have the compute power to spare on security steps like encrypting data, or scanning for anomalous behavior. So Microsoft Research has poured its IoT efforts into Project Sopris, placing the IoT security focus to microcontrollers, while keeping costs down.
“Everything you interact with that you don’t typically think of as a computer has some kind of microcontroller in it, and over the next five to 10 years we believe that those devices will all be replaced by versions of the devices that will be interconnected,” says Galen Hunt, the managing director of Project Sopris. Think blenders, hair dryers, and other unlikely but inevitable connected accessories. “The manufacturers of those devices are very woefully unprepared for the security challenges of the internet. So what we set out to do was see if we could figure out how to help those devices be secure and also accelerate the learning of the manufacturers of the devices.”
7 Habits of Highly Effective Microprocessors
The Project Sopris microcontroller prototype is designed to incorporate what Microsoft terms the “Seven Properties of Highly Secure Devices,” a common-sense melange of best practices. It includes the usual suspects, like enabling regular software updates, and requiring devices to store cryptographic keys in a secure part of the hardware. Hunt says they built the chip with “recognition that you build in security and then you also have to have mechanisms so that if in the future hackers get more clever, you are able to—without the consumer doing anything—be able to update and improve the security on the device.”
Stuffing so many elements onto a microcontroller asks a lot of such a tiny processor, so the Sopris chip includes a secondary security processor that handles much of the cryptographic overhead. That specialized processor also does periodic software audits to check for deviations or any misbehavior. If it finds something, it can reset individual processes—or the whole device—as needed.
This type of mechanism matters, because many IoT devices—think routers, connected printers—are essentially on all the time. When’s the last time you rebooted your printer? So attackers can currently rely on compromises that are effective, but not persistent after a reboot, because they’re typically not in immediate danger of losing their foothold into the device.
The Sopris chip also incorporates the concept of software compartmentalization. Or put another way, apps! Microcontrollers do such relatively basic computing that they aren’t typically architected to separate different processes; everything just runs together as one big, open program. That creates security issues, though, because it means that a problem in one process impacts all software. By keeping that software separated, a bug or glitch in one portion doesn’t need to taint the whole system, and can be corrected in isolation. It’s like how one app crashing on your smartphone doesn’t bring the whole system down.
“Security really needs to be at the foundation of system design,” says Vikram Dendi, the head of technical strategy for Project Sopris. “Everyone is touting that they are secure, but we know that there is no such thing as truly secure. The best you can hope for is have you ‘secured’ it? So if there are compromises and attempts to compromise—and there will be inevitably—that you can resist and that you can recover.”
So far, Microsoft’s solution has held up under scrutiny; in a challenge organized through bug bounty facilitator HackerOne, 150 security researchers failed to crack Project Sopris.
“It’s stupidly easy to hack most IoT devices, but this was very different,” says a researcher, who goes by HexDecimal, who participated in the challenge. The chip was “definitely built for security from the ground up. One of the noteworthy things would be the lack of information. The board and its web server were very closed off, nothing that would hint at an exploit. I only started to get a foothold after decompiling one of the setup tools that came with it. But I never managed to find anything and neither did anyone else in the challenge.”
Hunt says the team was actually disappointed that the penetration testers didn’t find more flaws; better to find out under controlled conditions than in the wild. Project Sopris has another security challenge planned, in which the attack surface for the chip will be a bit larger, giving hackers more avenues in, like connection to cloud services.
And the researchers say that they someday hope to make full schematics for the Sopris chip open-source, though there’s no clear timeline. Offering such a robust product for free could truly make a radical impact in facilitating better IoT security for all products at low cost. The Sopris chips still haven’t been produced at scale, but Hunt says it seems possible, based on the preliminary work, to eventually make a secure microcontroller nearly as cheap as a regular one. That would be a critical step to widespread adoption; IoT security often fails because it’s significantly cheaper not to care.
In fact, that applies to consumers, too. It’s hard enough to keep your smartphone and laptop updated and secure, much less devices you didn’t even know had an internet connection. The biggest potential benefit of Project Sopris? You’ll never notice it. In fact, you’ll never have to think of it at all.