Loading...

Assured Security at the Edge

Demonstration of Secure Azure IoT Edge Gateway with Microchip SAMA5D2

Demonstration Details

Sequitur Labs' solution combines hardware security components with software to deliver a strong security foundation for devices deploying Docker containers and microservices. The solution simplifies the process of establishing a hardware-based secure domain to isolate security critical functions, resources and peripherals. Sequitur’s EmSPARKTM Security Suite software supports hardware isolation technology from Arm that is critical to building a secure edge gateway.

The demonstration illustrates how Azure IoT Edge-based Gateways running microservices and Docker containers can be easily secured using available hardware security. The demo shows:

  • Secure container provisioning to a SAMA5D2 based gateway
  • Edge node attestation
  • Container integrity checking and remediation
  • HW crypto operations
  • Certificate and key management in secured key store

Demonstration Components

The demonstration comprises a temperature sensor that connects to an IoT gateway running Azure IoT Edge and Sequitur’s EmSPARKTM Security Suite. The Suite handles establishing the secure domain and implementing Sequitur’s trusted execution environment CoreTEETM. CoreTEE provides a programmable, isolated environment for executing security critical functions and storing sensitive material such as keys and certificates. The solution also includes Sequitur’s CoreLockrTM—a software “middleware” layer comprising easy to use APIs for developers to access services and peripherals isolated by CoreTEE. The components include:

IoT Gateway:

Microchip SAMA5D2 microprocessor

Security:

Sequitur Labs’ EmSPARKTM Security Suite for SAMA5D2 and CoreLockr APIs

Sensor:

Temperature sensor unit with Microchip SAME54 microcontroller

Monitoring Docker Containers for Malware

The demonstration uses SAMA5D2’s Integrity Check Monitor (ICM) to monitor the integrity of the OS hosting the Docker container by responding to and remediating a malicious code injection into the kernel. In this scenario, the malicious code injection invokes the ICM, causing an interrupt in the secure enclave that is detected by Sequitur’s CoreTEE. CoreTEE solves the security breach by rolling the kernel back to a known and trusted image. A second scenario demonstrates using hardware security to authenticate the leaf node using TrustZone based secure enclave on the SAMA5D2 and the hardware crypto engine on the SAM E54.

Secure the Edge Diagram Microchip

Secure Connectivity to Azure Cloud and Leaf Node Authentication

A critical requirement for any IoT device is to have secure connectivity to IoT clouds such as Azure. For gateways in particular, an equally important function involves authentication of sensor (a.k.a. Leaf) nodes. In the first case, the gateway connects to Azure IoT cloud securely via TLS using cryptography assets and key material implemented in the secure domain. This effectively makes the connection tamper-proof. The secure domain is also instrumental in securely exchanging key material between the leaf node and the gateway delivering a high assurance authentication mechanism.

Explore Our Products

For further information, please Email us.