Andreas Kuehlmann, Tortuga Logic: “electronic product buyers should demand detailed security documentation”
Software often seems like the most important thing that makes the digital world go round, but we often forget that hardware is also in the picture.
And as we make sure to secure our digital lives with password managers, virtual private networks, and whatnot, few tend to stop and think about how to protect the devices that we use to access the digital world.
To discuss the importance of securing hardware and firmware in the early stages of development, and other challenges in security verification processes, Cybernews reached out to Andreas Kuehlmann, the CEO at Tortuga Logic, a hardware security solutions provider.
How did Tortuga Logic evolve since its launch in 2014?
Founded in 2014 with headquarters in San Jose, CA., Tortuga Logic is a hardware-focused cybersecurity company that offers comprehensive security assurance during the design and development of semiconductor chips.
When the company started, the cybersecurity industry was mostly focused on software and various logistical/operational aspects that make electronic systems vulnerable to cyberattacks. Hardware vulnerabilities were still esoteric, since with few exceptions, they required physical access to the device for performing intrusive or non-intrusive attacks. In 2018, this changed overnight with the discovery of Spectre and Meltdown, two security vulnerabilities impacting all microprocessors using speculative execution that could potentially be exploited remotely.
Additionally, over the past years, semiconductor chips increasingly added security support to hardware for functions such as data encryption, unique ID creation, secure asset management, etc. These functions created new attack surfaces for extracting secrets from a chip, for example, by data leakage via physical or architectural “side channels.” Tortuga Logic helps semiconductor development teams to address security in “pre-silicon,” i.e., identifying and remediating hardware security vulnerabilities before the chip goes to manufacturing.
In its first years, Tortuga Logic was mostly funded by the US government through research awards and grants as well as early adoption in advanced defense chip projects. Over the past two years, the company experienced significant growth in the commercial semiconductor sector as well, reflecting the rapidly increasing need for security assurance across the industry.
Can you introduce us to your Radix solution? What are the main issues it helps solve?
The Radix™ line of products helps semiconductor development organizations to develop comprehensive security requirements and validate them as part of the design process before the chip is “taped out,” i.e., sent to the fab for manufacturing. Similar to the “shift left” initiative in software application security testing (AST) that shifts finding and remediating security vulnerabilities earlier in code development, Radix helps chip design teams to handle security proactively as early as possible thus making security assurance significantly more effective and efficient while preventing late surprises.
Radix utilizes advanced Information Flow Analysis (IFA) to predict where security assets can travel during chip operation and whether there is any unintended behavior that could possibly lead to security vulnerabilities such as secret data leakage. It is used by customers in three areas: (1) It first helps to understand the flow of security assets and develop crisp and verifiable security requirements expressed as Radix Rules. (2) It is then applied to verify the Radix Rules during the entire development process from functional block to full chip level including software/firmware. In case of a rule failure, it helps understanding and remediating its root cause. (3) And third, Radix is used to drive security assurance closure through security signoff ensuring that all requirements are met before clearing the design for tape-out. Radix is applicable to all semiconductor designs, including microprocessors, Systems on a Chip (SoC), Application Specific Integrated Circuits (ASIC), and Field Programmable Gate Arrays (FPGA).
What are the differences between emulation and simulation-based security verification?
Radix anchors on commonly used functional verification tools and flows for semiconductors design and integrates smoothly into existing development processes. The two main technologies it leverages are “logic simulation” and “logic emulation.” Logic simulation is based on a software model of the chip’s logic that is executed on a general-purpose computer for inspecting its intended behavior. It is most efficient on block and sub-system levels while the resource requirements grow rapidly for full chips. Radix-S leverages the logic simulation execution platform to perform information flow analysis for security verification. It supports all industry-standard simulation products and works on any chip model that is supported by them. In addition, Radix has a set of analysis capabilities that help understand the flow of security assets, debug unintended behavior and security vulnerabilities, and validate any remediation of issues.
Logic emulation and “Hardware Acceleration” execute the chip models on dedicated hardware built from FPGAs or dedicated chips. It offers orders of magnitude higher performance and capacity and can run an entire system including software, for example, to boot the SoC and then the system operating system. Radix-M utilizes emulators to perform security analysis on that system level and can identify complex security vulnerabilities that are, for example, triggered by unintended interaction of the chip’s firmware with the underlying hardware. Radix-M supports all industry-standard emulators.
What recent global events affect your field of work? Were there any new challenges you had to adapt to?
There are two recent global trends that emphasize the importance of Tortuga Logic’s work. First, a significant bottleneck in the development and manufacturing of semiconductor chips triggered a broadly visible shortage of semiconductors that is impacting many industries. Second, the increasing threats of cyberattacks on our infrastructure and the broader economy and the emergence of security vulnerabilities in hardware – the foundation of all electronic systems – creates substantial urgency to develop all product components with cybersecurity in mind. Tortuga Logic operates in the intersection of these two areas and is uniquely positioned to help chip development organizations assure semiconductor security in the most effective and productive manner thus supporting them to get secure chips faster out the door.
Besides hardware security, what other solutions or practices do you believe every product company should consider nowadays?
Protection from cyberattacks is a broad topic ranging from operational security aspects to product and system security. Over the past years, a lot of attention was given to software application security, i.e. making sure that the software in your products does not have security flaws that can be exploited. It is critical for product companies to view security holistically – products are only as secure as their weakest part. One needs to consider all components that go into a product, traditionally referred to as the Bill of Material (BOM), and make sure that each one of them has been developed with cybersecurity in mind. A good starting point is to ask component suppliers how they ensure the security of their deliverables and demand detailed evidence and documentation of the security development and testing processes.
What details do you think are often overlooked in the hardware design and development process?
Whereas security across the software development life cycle has been an industry focus since the early 2000s, security in semiconductor design has not yet “shifted left.” Many chip design organizations have not adopted the processes and tools to move the security focus earlier and cover every stage of the development cycle. “Shifting left” involving semiconductor devices is particularly vital since once the chips are in manufacturing, the design can no longer be changed. The only option is to update the firmware, which is only applicable if a security vulnerability can be fixed that way, or to deprecate selected chip capabilities resulting in loss of product functions. Both are very costly and create significant logistical challenges once the chips are deployed in products.
What cyber threats do you think will become a prominent problem in the upcoming years?
Cyberattacks are constantly growing in their sophistication, complexity, and impact. The most advanced attacks will increasingly exploit a combination of security weaknesses in a product or system. As an abstract example, it could involve social engineering to first get access to a platform followed by exploiting a software application vulnerability to attack the underlying hardware to ultimately gain privileged access to the entire system. The goal of improving cyber readiness proactively is to make such attacks more costly and less likely by eliminating as many security weaknesses as possible in every software and hardware component. This way the options to “thread” multiple weaknesses is drastically reduced thus making the system much harder to attack.
What cybersecurity measures do you think average individuals should have in place to combat these new threats?
Besides continuously applying cyber hygiene such as using secure passwords and multi-factor authentication, not clicking on suspicious web links, etc., every consumer should start inquiring about the security of products used on a daily or non-daily basis. Like labels listing food ingredients for consumers to examine their quality and health, customers of electronic products should demand detailed security documentation that supports an educated purchase decision. This would drastically increase the pressure on product development and manufacturing companies to address cyber security as a first principle rather than an afterthought. Ultimately, such documentation needs to be standardized and regulated by industry and government policies, but active customers are an important first step on that journey.
Would you like to share what’s next for Tortuga Logic?
We see ourselves as a vital component to build security products from the ground up. It is exciting to see that the industry is rapidly adopting hardware security and that we can help development organizations proactively address security in the development process. We have an aggressive roadmap for our solutions that further increases our capabilities in the coming months.