U.C. San Diego researchers build tool to help secure IoT
Small embedded computer systems built around microcontrollers are becoming more common as device makers look for ways to connect to the Internet of Things. But the devices, including medical instruments, cell phones, cars and smart grid technology, remain vulnerable to security breaches.
Now a group of computer scientists at the University of California, San Diego, has developed a tool that lets hardware designers and system builders test the security of embedded devices.
It’s a first for the field, according to researchers at the UCSD’s Jacobs School of Engineering.
“Engineers traditionally design devices to be fast and use as little power as possible,” said Jonathan Valamehr, a postdoctoral researcher in the Department of Computer Science and Engineering at UCSD. “Oftentimes, they don’t design them with security in mind.”
The tool is based on the team’s research on Gate-level Information Flow Tracking, or GLIFT, which tags and then tracks critical pieces through hardware’s security system.
Researchers say the tool can detect security-specific properties within a hardware system, such as ensuring that a cryptographic key does not leak outside a chip’s cryptographic core. And in some types of hardware, one can determine a device’s cryptographic key based on the amount of time it takes to encrypt information. The tool can detect these timing channels that can compromise a device’s security.
Another threat is integrity, where a critical subsystem within a device can be affected by non-critical ones. For example, a car’s brakes can be affected by its CD player. The tool can detect these integrity violations as well.
Valamehr, Ryan Kastner, a professor of computer science at UCSD, and Ph.D. candidate Jason Oberg started a company named Tortuga Logic to commercialize the technology. The firm was recently awarded a $150,000 grant from the National Science Foundation to further their research.
Tortuga Logic is a member of the Medical Device Innovation Safety and Security committee, a nonprofit professional organization and of the Vehicle Electrical System Security Committee.
Connect with the GCN staff on Twitter @GCNtech.