Software isn’t the only computing tool that can be hacked. Hardware security can also be breached. Tortuga Logic, Inc. has developed a tool based on technology developed at two UC campuses for hardware designers to test security-specific properties in the physical components of medical devices, aircraft navigation systems, cell phones, cars – anything that software hackers might try to penetrate.
“You can either make a piece of hardware secure from the beginning,” explained Jonathan Valamehr, Ph.D., Tortuga Logic co-founder and Chief Operating Officer, “or you can try and duct tape it after problems arise. And that could cost billions of dollars.”
A device’s cryptographic key can sometimes be determined by measuring the amount of time it takes to encrypt information. That can give hackers enough information to find and exploit hardware encryption vulnerability. Tortuga Logic’s tool locates these exposed timing channels so design engineers can develop a way to secure them. The tool can also be used to find integrity leaks across hardware subsystems, such as a car’s braking system being affected by signals from its telematics unit that are used for wireless connectivity.
“It’s foreseeable that building in security from the beginning could prevent attacks on pacemakers and insulin pumps,” said Tortuga Logic co-founder and CEO Jason Oberg, Ph.D. “And the same is true when you think about safety issues in cars, trains, aircraft, and defense equipment.”
Engineering researchers from UC San Diego and UC Santa Barbara tackled the security problems of the hardware/software interface in 2006, and their extended research effort has resulted in GLIFT: Gate Level Information Flow Tracking. This is the first method for analyzing, statistically verifying, and dynamically managing the information-flow behavior of mixed hardware/software systems. Computer chips typically include Commercial Off the Shelf hardware (COTS) that are not designed or tested with security in mind.
Ryan Kastner, Ph.D., a professor of computer science and engineering at the Jacobs School, along with his then-Ph.D. student Oberg, postdoctoral researcher Valamehr, and UC Santa Barbara computer scientist Tim Sherwood, established Tortuga Logic in 2013 to fill this void. Using GLIFT, the company can analyze and verify the security properties of a COTS component as well as design components with confidentiality and integrity guaranteed.
“There’s starting to be a significant awareness raised at hardware companies like Intel, Qualcomm, Samsung, anyone designing devices we use,” Kastner told the International Business Times recently. “They are realizing that if they don’t take into account the security of the hardware, potentially a huge issue could happen.”
A $50,000 National Science Foundation “Innovation Corps” grant allowed Oberg and Kastner to travel in search of market validation, holding 15 interviews a week for eight weeks before potential customers across the country, including in Washington DC, Portland, Oregon, and the San Francisco Bay Area. A subsequent Phase I Small Business Innovation Research $150,000 grant has helped support the company, which has five employees. Tortuga Logic currently has two pending patents, and the start-up is running beta tests with three different companies.
Oberg and Valamehr also are striving to ratchet up their business and sales skills to match their scientific acumen. They recently won a $2,000 Case Competition finalist award at Chapman University’s 2014 California Dreamin’ Entrepreneurship Conference and Competition.
“We want to provide solutions to solve meaningful problems and cater to specific needs,” said Oberg. “It’s important to listen to what people are telling you they need, even if it contradicts the vision in your head. You can’t just say, ‘Well, they don’t get it.’ If they’re not getting your vision, you may have to change your vision.”
3231 Hill St, San Diego, CA 92106
Jonathan Valamehr, Ph.D – Co-Founder, CFO/COO
Ryan Kastner, Ph.D – Co-Founder
Tim Sherwood, Ph. D – Co-Founder
Jason Oberg, Ph.D
Ryan Kastner, Ph.D