Researchers in the United States have developed a tool to protect connected objects hardware from security breaches.
With the increasingly widespread use of connected objects, standards of security are beginning to slip. As connected objects pioneer Olivier Mével commented in our recent study on everyday connected objects: "As soon as objects become cheaper, less data protection will be provided." Computer scientists at the Jacobs School of Engineering at the University of California, San Diego set out to tackle this problem and have developed a tool that allows hardware designers and system builders to make the Internet of Things more secure. The tool is based on the team’s research on Gate-level Information Flow Tracking (GLIFT), which is a first in its field. "Engineers traditionally design devices to be fast and use as little power as possible," points out Jonathan Valamehr, a postdoctoral researcher in the Department of Computer Science and Engineering at University of California San Diego, warning: "Oftentimes, they don’t design them with security in mind.".
A complete analytical tool
The GLIFT project, which started up in 2006, is intended to help developers understand the security aspects of their devices more clearly. This is often a complex issue, as they need to take into account both hardware and software aspects of their systems and inventions. GLIFT tags and tracks critical pieces in a hardware’s security system. The tool the team has developed makes use of this technology to detect security-specific properties within a hardware system. What is special about GLIFT is its ability to analyse and reveal the ‘true’ behaviour of the actual machine implementation and to unify and identify all potential digital information flows affecting the operating system. When it comes to hardware security, there are two main threats. The first is confidentiality. In some types of hardware, one can determine a device’s cryptographic key based on the amount of time it takes to encrypt information. The San Diego tool can detect these ‘timing’ channels that threaten to compromise a device’s security. The second threat is integrity, i.e. a critical subsystem within a device can be affected by non-critical ones.
A new player in the field
Jonathan Valamehr, Ryan Kastner, a professor of computer science, and post-doctoral researcher Jason Oberg, who all worked on the GLIFT project, have started up a company called Tortuga Logic to commercialise this technology. The team were recently awarded a $150,000 grant by the US National Science Foundation to grow their business and further their research. As their next step they intend to focus on the specific characteristics of two types of connected objects – medical devices and computers embedded in cars. Security issues are becoming increasingly important as the use of connected objects becomes more widespread. The GLIFT technology looks certain to play a valuable role in providing effective data protection solutions.