How to use an Azure Sphere starter kit for IoT security
Any Internet of Things (IoT) deployment is particularly hard to secure because of three main impetuses: a green-field market which means speed is crucial (the antithesis of a slow and steady security approach); custom solutions which require specialized security considerations across hardware, software and firmware; as well as resources that often get spent in design and development, leaving little left over for security.
However, security is one of the main reasons why end users will be reticent to explore the possibilities of a new IoT application. With more hacks every day, it’s easy to see why users would shy away from a well built, but less than secure product, thwarting the very reason we worked hard to be a first mover to market.
The only problem? Whipping up an IoT security solution is much more easily said than done. Or it was until now.
The Avnet Azure Sphere Starter Kit and Azure Sphere developer resources allowed me to quickly develop a no-compromise secure IoT application. Using available resources, it was easy to add a GPIO controlled relay and access the UART signals that were used to establish communication to a MCP39F511A power monitor development kit. A working sample project and Azure connectivity details provided by the “Add Connected Service” wizard in Visual Studio even helped me to securely connect my starter kit and application to Azure, allowing me send telemetry messages and receive Device Twin updates.
Here’s how I did it.
Azure Sphere basics
As background, Microsoft is partnering with silicon vendors to design, develop and manufacture Azure Sphere MCUs. The first device available is the MT3620. The MT3620 is a secure, connected (Wi-Fi), crossover MCU that allows engineering organizations to quickly and easily develop, deploy and maintain highly secure IoT implementations.
The Azure Sphere Solution includes a secure connected MCU, a secure OS, and the Azure Sphere Security Service. The secure MCU piece is fulfilled by the MT3620. The secure OS is a Linux kernel modified and maintained by Microsoft.
The Azure Sphere Security Service runs in the cloud and provides critical functionality including a Public Key Infrastructure (PKI), over-the-air (OTA) updates and error reporting. Microsoft provides and maintains all of this infrastructure for you so that you can focus on adding differentiating features to your product design while giving you the flexibility to securely deploy software updates to your product at any point in time.
Having all this functionality and infrastructure provided by the Azure Sphere Solution means that your organization does not need PKI, OS, or OTA update engineers involved. In addition, Microsoft has provided a complete SDK that integrates with Visual Studio 2017 or 2019 and publishes working Azure Sphere projects on GitHub. The Azure Sphere SDK provides real-time debugging, Azure connectivity, and hardware APIs. For more details about the Azure Sphere Solution I recommend visiting the Azure Sphere product page.
To help developers bring Azure Sphere to life, Avnet developed a pre-certified, commercial-off-the-shelf (COTS) Azure Sphere Module that development teams can include in their hardware designs to reduce engineering efforts and non-recurring engineering (NRE) costs in an Azure Sphere Starter Kit that can be used for development and proof of concept efforts.
The Starter Kit includes on-board sensors (3D accelerometer/gyro, temperature, pressure, and ambient light), user LEDs and buttons as well as common interfaces for Click Modules and Grove Sensors. Additionally, MT3620 interfaces are accessible including GPIOs, UART, I2C, SPI, ADC, PWM, as well as a header for an I2C OLED display and a PMOD device. The Starter Kit makes it easy to prototype and create proof of concept (POC) systems to reduce overall system risks before you commit to building any of your own printed-circuit boards and hardware designs.
Example project: Power Monitor
Overview: The Power Monitor IoT solution is a hardware/software solution that can be used to collect power data from any device that plugs into a standard 120V outlet. We use a UART to send register read commands to a MCP39F511A power monitor device and parse the response to capture voltage, current, and frequency measurements. We send this power telemetry data to an IoT Hub in Azure. Additionally, we use Device Twins in Azure to control a relay on the Starter Kit from the cloud. A Device Twin is a digital representation of the IoT device properties that lives in the cloud and allows you to view and request device property changes from the cloud.
Development environment: For my development environment, I need a Windows 10 computer, Visual Studio 2017, and the Azure Sphere SDK.
Wiring: The wiring for this solution is very simple. Basically, we just need to wire the UART and 3.3V power between the boards (see the wiring specifics table). Note that the wiring for the Click Relay is achieved by just plugging the Click module into click socket #1. In addition to the signal wiring between the boards, I modify the MCP39F511A board by creating an open circuit on the neutral trace for the 120V load. I solder wires to either side of this open circuit and wire them to the Click Relay. When the relay is open, the device plugged into the solution will be powered off. When the relay is closed, the circuit will be closed and the device will be powered on.
|Signal||Avnet Starter Kit||MCP39F511A|
|UART TX||Click Socket #2: TX||J5: TX|
|UART RX||Click Socket #2: RX||J5: RX|
|3.3 V||Click Socket #2: +3.3V||J5: 5V|
|Ground||Click Socket #2: GND||J5: GND|