About Us

Microsoft Made its Secured-core Certification Generally Available

Microsoft is making its Edge Secured-core program for Windows-based IoT devices generally available, addressing security concerns associated with the growing popularity of edge computing. Edge Secured core is a new certification added to the Azure Certified Device program for IoT devices running a full operating system, such as Windows 10 IoT or Linux. While Windows 10 IoT support is generally available, it is still in preview for Linux.

IoT devices at the network edge pose a significant security challenge. IoT device networks that transmit data back to enterprise systems for analysis have several flaws.

Charles Broadfoot, Senior Program Manager at Microsoft expressed, “citing an in-house study conducted in collaboration with Poneman Institute that about 65% of companies adopting IoT solutions mentioned edge security as their topmost priority. Devices that are targeted in IoT attacks can be bricked, held for ransom, or exploited to launch further attacks. The common attacks associated with the IoT devices include stolen IP, data theft, and compromised regulatory status.”

Microsoft initially unveiled the Secured-core concept in 2019 to compete with Apple’s monopoly over its hardware and operating systems. Microsoft collaborated with Windows PC manufacturers as part of this initiative to gain some control over hardware security and have a say in how devices could prevent attacks from exploiting firmware dominance over the Windows kernel.

Microsoft expanded the program later in 2021 to include Windows servers and Azure stack hyperconverged infrastructure (HCI) servers.

Secured core was not intended to be branded on PCs, but rather to certify security for non-Microsoft hardware running Windows. Microsoft has listed devices that are part of the program, including edge and non-edge machines, in its Azure Certified Device catalog.

Apart from validating a hardware device for specific security hardware technology, the certification will ensure users that they are running an operating system with built-in security and that continuous threat monitoring with IoT services such as Microsoft Defender for IoT is being used.

Edge Secured-core will provide IoT device makers with a simple, low-cost differentiator that will allow customers to identify high-security configurations on their devices.

Read more articles:

What is IoT Security?

CrossBar Releases ReRAM, a New Hardware Security and Secure Computing Application

CrossBar Inc. world’s leading ReRAM technology company, introduced a new application of its Resistive RAM (ReRAM) technology for use as a physical unclonable function (PUF) in secure computing applications to create cryptographic keys.

CrossBar’s ReRAM technology, which was formerly used as a non-volatile semiconductor memory, is now launched for hardware security applications using its ReRAM-based cryptographic PUF keys, facilitating a more secure and cost-effective range of devices and systems.

“CrossBar is expanding the use cases of our Resistive RAM technology with a new class of secure computing. We believe the state-of-the-art use of our unique technology as PUF cryptographic keys will provide higher security for our customers’ products and open new markets for CrossBar’s technology,” said Mark Davis, President at CrossBar, Inc.

Computer, mobile phone, and infrastructure cyberattacks are on the rise. These attacks also put brand-name products in danger of counterfeiting. Devices are incorporating hidden cryptographic “keys” to provide secure communications and control in order to thwart such attacks. While there are a variety of technologies that can be used to create PUF keys, the most prevalent method relies on semiconductor static random access memory (SRAM). Unfortunately, there are a number of flaws in this technology that limit its security and usefulness. CrossBar’s latest ReRAM-based PUF cryptographic key technology has a higher level of randomness, lower bit error rate, is resistant to invasive attacks and can handle a variety of environmental variations without the use of fuzzy extractors, helper data, or heavy error correction code when compared to SRAM PUF.

The ReRAM keys are unique to each semiconductor integrated circuit (IC), taking advantage of the ReRAM technology’s inherent unpredictability. Identification, encryption/decryption, and authentication will all be done with these keys.

“After analyzing numerous PUF technologies, we believe CrossBar’s ReRAM has significant advantages for use as next generation physical unclonable function (PUF) keys. Due to its unique stochastic and electrical characteristics, CrossBar’s ReRAM PUF enables significantly more secure systems compared to incumbent PUF technologies,” said Dr. Bertrand Cambou, Professor of Nanotechnology and Cybersecurity at Northern Arizona University, and formerly a top executive at Gemplus and several other Silicon Valley technology companies.

CrossBar’s ReRAM PUF technology enables a new kind of safe computing by solving many of the shortcomings of other PUF implementations. ReRAM PUF is also an excellent choice for semiconductor applications that require both high security and embedded non-volatile memory (NVM), particularly in foundry nodes lower than 28nm, where embedded NVM is not widely available.

Sepio Systems released a New Index to assist businesses measure and understand Risk Exposure to Hardware-based Cyber Attacks

Sepio Systems announced the release of the Hardware Access Control Index (HACx), an objective assessment, based on a number of parameters that assists companies in determining their hardware security posture. As part of its HAC-1 solution, the firm offers a rogue hardware mitigation guarantee in collaboration with Munich Re Group (Munich Re), one of the world’s leading suppliers of reinsurance, primary insurance, and insurance-related risk solutions, under which Munich Re guarantees Sepio’s obligations. It is the only index of its kind to track these types of vulnerabilities across organizations and industries, backed by assurance.

Every year, a hardware security breach compromises a company. However, because this type of attack “lies” below the network layer, most cybersecurity mitigation techniques and tools that counter networking and software-based attacks are unaware of it. By providing CISOs with actionable intelligence that enables focused risk awareness, HACx bridges the information gap.

“Cybersecurity is not about achieving an absolute level of security – there is no 100% security level. It is about how your organization measures against other potential targets that cybercriminals are evaluating. CISOs need to verify that they are leading the pack and not following it, and to do that, they need to know how they measure up. As hardware-based attack campaigns are gaining more in popularity, HACx provides the required data for cross industry and cross vertical comparison,” said Bentsi Ben-atar, CMO and Co-founder, Sepio Systems.

HACx assesses a company’s cybersecurity posture in terms of Hardware Access Control in an objective and complete manner. Sepio Systems’ research team is leading the initiative, which is based on useful customer data and risk assessment scans.

“The HAC-1 solution fills an important gap in hardware security, like rogue device mitigation originating from internal abusers and supply chain attacks. By insuring Sepio’s guarantee for its rogue device mitigation service with our unique solution aiSure, we support a truly innovative company that is a pioneer in its field,” said Michael Berger, Head of AI Insurance at Munich Re.