Microsoft outlines the best ways to build secure Windows IoT Core apps

Kareem Anderson

azureiothub

Observers have simplified Microsoft’s single operating system yet multi-platform experience to three primary consumer-facing categories that include PC, Mobile, and Interactive whether it be HoloLens or Xbox.

However, Microsoft’s cohesive OS strategy involves a fourth larger prong rarely discussed and that is IoT. Perhaps due to Microsoft’s seemingly laissez-faire handling of the topic or the public’s limited interest in understanding the underpinnings of IoT infrastructure, the discussion appears to be a tempered one.

Windows 10 IoT
Windows 10 IoT

Not quite. Microsoft seems set to ignite a fire under developers interested in creating secure IoT experiences for Windows. The Windows Apps team has issued a blog post walking would be IoT developers through the process of crafting secure communications between cloud infrastructures and sensory devices.

The post is a bit lengthy but very informative. Interested developers will find answers to questions such as what cryptographic protocols are best used when validating an identity, or how using Azure leads to better protection of security-sensitive information.

Other highlighted points of interest could also include a brief tutorial on device provisioning with Azure, using the inherent Windows 10 Trusted Platform Module to offer enterprise-level security to IoT devices and finally reconfiguring devices using Windows Device Portal.

Storing secure information, such as a password or a certificate, on a device could make it vulnerable to exposure. A leaked password is a surefire way to compromise the security of a device or an entire system. Human operators take pains to avoid divulging secret information and IoT devices should too, but they must do it better than humans.”

Also included in today’s blog post walkthrough are several step-by-step examples that include snippets of test code and links to Microsoft.Devices.Tpm libraries as NuGet package. Developers are encouraged to grab an SAS token to create a DeviceClient to begin testing the security aspects of Windows IoT Core.

DeviceClient.Create code
DeviceClient.Create code

For those who read the above as a bunch of acronyms and gobbly-goop, the simple takeaway is that Microsoft is treating its IoT service similar to its Windows 10 operating system for the desktop. With the promise of Windows 10 everywhere, it’s no wonder that security (to which Windows has had an arguably checkered past with) is put front and center of the company’s focus on the devices that contain user’s most sensitive data.