As home security solutions such as security cameras are now used in several households, there is an increasing need for AI (Artificial Intelligence) inferencing at the edge. Typically, the security solution relies on machine learning models to identify objects or faces in the CCTV footage – for example differentiating between a cat and a human. The data is then sent to the cloud for analysis and sent back to the device. But this can be problematic when there is poor internet connectivity.
Ergo, a tiny 7x7mm Edge AI chip from a company called Perceive, aims to solve issues with AI inferencing at the edge. The chip enables rapid processing on edge devices, for example facial recognition, or alerting to certain sounds, such as glass breaking or a dog barking. This can trigger actions without resorting to cloud-based systems. This type of solution can also offer enhanced data security and user privacy, as the data does not leave the device. The edge AI inference chips can be used in connected devices such as smart speakers as well, where many commands can be processed on the device, rather referring to the cloud. There can be many other applications in the future including drones, autonomous vehicles, and much more.
In the latest episode of ‘The Counterpoint Podcast’, host Peter Richardson is joined by David McIntyre, VP of Marketing at Perceive. David talks about AI inferencing at the edge using a tiny chip called Ergo. He deep dives into problems solved by inferencing on edge devices over the cloud, use cases, and savings made related to space onboard, costs and power. The podcast discussion also focuses on potential applications where solutions like Perceive’s Ergo chip can be used.
Traditionally, security circled around securing network and software applications. However, as more devices get connected to the internet, and threats rise, there is an unprecedented need to secure hardware alongside the data flow from edge devices to the cloud. Hence, integrating security across all four layers (hardware, software, network, and cloud) becomes vital for a secure IoT deployment. We are already seeing this being adopted across data-centric devices such as smartphones.
What are the options to enable hardware security?
The key is to secure the hardware at the chipset (MCU/SoC) level to first secure the data flowing through the internal bus. This can be done by embedding Secure Elements (SE) such as Physical Unclonable Function PUFs, Trusted Platform Module (TPMs), or Hardware Security Module (HSM) to the system within the devices. Further, key injection in the secure enclave/PUF along with cryptographic key management to ensure the secure identity of the devices and to create secure tunneling of data flowing within the device and then from the device to the cloud.
How will secure hardware help Microsoft?
Microsoft is theleading end-to-end IoT platform provider globally connecting millions of edge IoT devices across tens of thousands of enterprises to its Azure cloud via its Azure IoT platform. Microsoft also has been offering Azure Edge IoT software to enable computing and intelligent decision making at the edge. As a result, Microsoft must ensure the millions of devices running its Azure instances are not compromised and securely connected to its cloud.
In light of this, Microsoft has been looking to build secure chips with silicon partners to create a “hardware-based root of trust”. This will help solve cloning and counterfeit issues and will also establish secure authentication with its IoT hub platform via a unique trusted identity.
To achieve this goal, back in 2018, Microsoft announced Azure Sphere to build multi-layered end-to-end security. Since then Microsoft Azure Sphere has evolved and constitutes three key elements:
Source: Microsoft
Hardware: Azure Sphere embeds secure keys (public) within a secure MCU/MPU powered by its Pluton security subsystem.
Pluton includes a security processor unit with a random number generator (RNG)
Tamper and side-channel attack resistant
Other cryptography and encryption tools
Secure booting for remote attestation and certificate-based security
As an example, the MediaTek MT3620 contains an isolated security subsystem with its own Arm Cortex-M4F core that handles secure boot and secure system operation. This M4F security processor features a 128kB secured TCM and a 64kB secured mask ROM bootloader.
Source: Microsoft
Software: Azure Sphere OS:
Azure Sphere OS is made up of a custom Linux kernel, which runs on 2.4MB code storage, which is carefully tuned for the flash and RAM footprint of the Azure Sphere MCU to reduce its attack surface.
The OS communicates with the Azure Sphere Security service in the cloud for secure device authentication, network management, application management for all outbound traffic.
It undertakes secure monitoring to protect memory, flash and other MCU resources limiting exposure.
The OS includes Microsoft-provided application runtime to restrict access to file I/O or shell access.
It also includes a high-level application platform which is signed by Microsoft Certificate Authority (CA) through a trusted pipeline to maintain all software other than the device-specific applications.
Cloud: Azure Sphere Security Service
Azure Sphere Security Service brokers trust for device-to-cloud communication, detects threats, and renews device security via CA based-authentication, failure reporting and automatic updates for OS.
Azure Sphere in the cloud thus embeds with a private key that enables asymmetric encryption and authenticates devices with paired public keys at the time of the manufacturing process.
Further, Azure Sentinel provides cloud security through Artificial Intelligence.
The integration of all three elements enables the hardware root of trust with asymmetric encryption. Further, it creates a secure tunnel for the secure flow of data from chip to cloud ensuring both the data security at rest and in transit.
Following chart depicts Azure Sphere running on a Guardian IoT module for a brownfield IoT deployment
Source: Microsoft
Growing Partner Ecosystem:
Chipsets:
In 2018, ST Micro’s STM32, a secure MCU embed with a secure element and integrated with Azure IoT C SDK, which enables direct and secure connectivity to the Azure IoT Hub, as well as full support for Azure device management.
In mid-2019, NXP’sMX 8 series, integrates Microsoft’s Azure Sphere security architecture and Pluton Security Subsystem.
MediaTek MT3620 is Azure Sphere ready
At the end of 2019, Qualcomm’s 9205 LTE multimode modem supporting both LTE-M / NB-IoT was integrated with Microsoft’s Azure Sphere.
Modules
Avnet and qiio offer Avnet Guardian 100 and qiio q200 Guardian (add-on) modules for retrofitting on exiting brownfield devices which lack connectivity and security but need to be connected to the Internet.
Other modules include Avnet AES-MS-MT3620, AI-Link WF-M620-RSC1 and USI Wi-Fi module with Bluetooth option.
With this approach, Microsoft is building a highly scalable and secure approach to onboard, manage and connect IoT devices and ensure the data is securely transmitted from device to cloud. This eliminates the need for most IoT customers to hire expensive security professionals.
Case Study: Starbucks
Starbucks has deployed Azure Sphere across its stores in North America. Each Starbucks store has around ten to twelve pieces of equipment that are operational for more than fifteen hours a day and are needed to be connected to the cloud for beverage related data (10 to 12 data points worth 5MB generated per beverage), asset monitoring and any predictive maintenance to avoid disruptions. This is important as any equipment breakdown is directly proportional to the store’s performance, its business and customer dissatisfaction. Starbucks has therefore been using the guardian modules deployed by Azure Sphere with the help of Microsoft across all its brownfield equipment to securely connect and aggregate the data to the cloud.
Source: Microsoft
Chip-to-Cloud Security is the Gold Standard
Security and privacy are global concerns around IoT, irrespective of country. Security is one of the major roadblocks for IoT. However, in the past two years, we have seen the adoption of chip-to-cloud security due to an increase in awareness of the threats and its scalable solution. The end-to-end security will be critical to the success of any future IoT deployments to protect the asset as well as the data which, in most cases, is even more valuable.
In order to access
Counterpoint Technology Market Research Limited (Company or We hereafter) Web sites, you may be asked to complete a registration form. You are required to provide contact information which is used to enhance the user experience and determine whether you are a paid subscriber or not.
Personal Information
When you register on we ask you for personal information. We use this information to provide you with the best advice and highest-quality service as well as with offers that we think are relevant to you. We may also contact you regarding a Web site problem or other customer service-related issues. We do not sell, share or rent personal information about you collected on Company Web sites.
How to unsubscribe and Termination
You may request to terminate your account or unsubscribe to any email subscriptions or mailing lists at any time.
In accessing and using this Website, User agrees to comply with all applicable laws and agrees not to take any action that would compromise the security or viability of this Website. The Company may terminate User’s access to this Website at any time for any reason. The terms hereunder regarding Accuracy of Information and Third Party Rights shall survive termination.
Website Content and Copyright
This Website is the property of Counterpoint and is protected by international copyright law and conventions. We grant users the right to access and use the Website, so long as such use is for internal information purposes, and User does not alter, copy, disseminate, redistribute or republish any content or feature of this Website. User acknowledges that access to and use of this Website is subject to these TERMS OF USE and any expanded access or use must be approved in writing by the Company.
– Passwords are for user’s individual use
– Passwords may not be shared with others
– Users may not store documents in shared folders.
– Users may not redistribute documents to non-users unless otherwise stated in their contract terms.
Changes or Updates to the Website
The Company reserves the right to change, update or discontinue any aspect of this Website at any time without notice. Your continued use of the Website after any such change constitutes your agreement to these TERMS OF USE, as modified.
Accuracy of Information:
While the information contained on this Website has been obtained from sources believed to be reliable, We disclaims all warranties as to the accuracy, completeness or adequacy of such information. User assumes sole responsibility for the use it makes of this Website to achieve his/her intended results.
Third Party Links:
This Website may contain links to other third party websites, which are provided as additional resources for the convenience of Users. We do not endorse, sponsor or accept any responsibility for these third party websites, User agrees to direct any concerns relating to these third party websites to the relevant website administrator.
Cookies and Tracking
We may monitor how you use our Web sites. It is used solely for purposes of enabling us to provide you with a personalized Web site experience.
This data may also be used in the aggregate, to identify appropriate product offerings and subscription plans. Cookies may be set in order to identify you and determine your access privileges. Cookies are simply identifiers. You have the ability to delete cookie files from your hard disk drive.
Source: Microsoft
