As we all know, more and more devices are being designed to be Internet-enabled. It's also common knowledge that Cisco predicts that 50-billion devices, such as automobiles, home automation devices, consumer electronics, medical devices, and wearables, will be connected to the Internet by 2020.
The sad fact of life, however, is that the creators of these devices often neglect the security aspects of their designs, thereby leaving them potentially susceptible to cyberattacks. Every day, we hear about new examples of things like hacking cars, hacking medical devices, and even a creep hacking a baby monitor to scream abuse at an infant and its parents.
All of this explains why the topic of security is at the forefront of the forthcoming Embedded Systems Conference (ESC) in Silicon Valley, July 20-22, Santa Clara, California. For example, consider just three of the security-related sessions:
One problem is that current security analysis software is targeted toward testing the embedded software, assuming the hardware is secure when it may not be. As more and more devices are designed to be Internet-enabled, the more we need to be concerned about hardware security, because hackers are starting to focus their attention on the underlying hardware.
In order to address this issue, startup Tortuga Logic has announced immediate availability of its comprehensive Prospect Hardware Security Design and Analysis Toolkit. Founded in 2013 by four PhD experts on hardware security with multiple patents protecting their core technology, Tortuga Logic derives its name from the Spanish word for turtle, Tortuga, which boasts a hard, impenetrable shell -- just what hardware needs in today’s uncertain world.
Tortuga Logic's goal is to solve security-specific problems and minimize security breaches in chips and systems by automating the process of verifying their security properties. Prospect is able to uncover hidden bugs and prove the absence of vulnerabilities in hardware designs.
This starts with the "blueprint" for the chip in the form of a hardware description language (HDL) representation in Verilog and/or SystemVerilog and/or VHDL. Following verification, this representation will be synthesized into the design file used to build a System-on-Chip (SoC) device or the configuration file used to program a Field-Programmable Gate Array (FPGA) component.
Without building security in from the beginning, it is not possible to create a secure system. As soon as an SoC or FPGA is deployed in a product, it becomes a target for attack by hackers.
Typical security practices for hardware design consist of manual code review, where security engineers sift through thousands of lines of HDL code written by a separate hardware design team trying to locate and identify any security vulnerabilities. If a security issue is found, the hardware design team implements changes and the cycle repeats. This is a less-than-reliable design and review process that does not scale well.
By comparison, Tortuga Logic's Prospect Hardware Security Design and Analysis Toolkit automates the process of perform hardware security analysis and enables it to scale. The result is hardware that is inherently safer and less vulnerable to cyberattacks.
Prospect reads the HDL description of the design and performs a thorough analysis to uncover a broad range of vulnerabilities. It does so by automatically generating System Verilog assertions and instrumentation from a high-level description of the security properties. This information is passed to an integrated formal verification platform, which is included as part of Prospect, and which performs an exhaustive proof evaluation. Issues can be debugged using a specialized GUI along with generated counter examples.
By means of this analysis, Prospect ensures that sensitive information -- including passwords, encryption keys, and biometric data such as fingerprints -- will only travel to parts of the system designated as “trusted,” thereby preserving confidentiality. Prospect can also prove functional isolation between critical and non-critical components of the systems to ensure integrity and safety. As an added benefit, many of the security properties built into the hardware eliminate an enormous class of software-based attacks.
For more information, please visit the TortugaLogic.com website.
— Max Maxfield, Editor of All Things Fun & Interesting
Join over 2,000 technical professionals and embedded systems hardware, software, and firmware developers at ESC Silicon Valley July 20-22, 2015 and learn about the latest techniques and tips for reducing time, cost, and complexity in the embedded development process.
Passes for the ESC Silicon Valley 2015 Technical Conference are available at the conference's official site with discounted advance pricing until July 17, 2015.
Make sure to follow updates about ESC Silicon Valley's talks, programs, and announcements via the Destination ESC blog on Embedded.com and social media accounts Twitter, Facebook, LinkedIn, and Google+.
The Embedded Systems Conference, EE Times, and Embedded.com are owned by UBM Canon.