Microsoft"s insistence on security in an "always connected world" has given birth to a new project aimed at low-cost IoT devices. Project Sopris, as it is called, is targeting one of the most "ill-prepared" devices in terms of security, microcontrollers.
A team of researchers consisting of George Letey, Ed Nightingale, and Galen Hunt aim to "secure the vast number of low-cost internet connected devices coming online" under the initiative. Their first Technical Report, The Seven Properties of Highly Secure Devices, outlines the seven properties that are required in all highly secure devices (their assertion) in addition to working with MediaTek to revise one of their microcontrollers, the Wi-Fi-enabled MT7687, to create a highly secure microcontroller prototype.
The report"s abstract reads:
Our group has begun a research agenda to bring high-value security to low-cost devices. We are especially concerned with the tens of billions of devices powered by microcontrollers. This class of devices is particularly ill-prepared for the security challenges of internet connectivity. Insufficient investments in the security needs of these and other price-sensitive devices have left consumers and society critically exposed to device security and privacy failures.
The Sopris team is also inviting the research community to test its latest experiment, the Sopris security kit, in the form of the Project Sopris Challenge with bounties in the range of $2,500 to $15,000 to find vulnerabilities with the kit. The team is optimistic about its scope and seeking to engage the broader security community in the project.