Tortuga Logic: Hardware Security

For the Internet of Things to really get rolling, it has to be bulletproof. And given the number of very high-profile security breaches in recent months, it has a long way to go before consumers or businesses will feel comfortable using any of a new wave of smart devices

That concern has prompted a wave of acquisitions from companies such as Intel (McAffee), Cadence (Jasper Design Automation), Synopsys (Codenomicon). It also has been the impetus for new solutions—both internally developed or through partnerships—involving companies such as Mentor Graphics, Sonics and Arteris. It also has prompted some interesting deals between companies such as Qualcomm and NXP over secure modules.

But in perhaps the latest indication of just how serious this issue has become, there are startups being formed on every continent to address security in multiple areas, ranging from software to networking to hardware. One such startup, Tortuga Logic, emerged from stealth mode in mid-May to focus on security from the verification side—basically using linting at the RTL, SystemVerilog and VHDL levels to find and debug security holes.

This approach has been hinted at by a number of big EDA vendors for several years, saying that to solve the security problem in hardware requires the same kind of tooling as verification—particularly formal verification. Getting it to work on a broad enough scale, though. The problem isn’t just plugging holes. It’s understanding where the holes are, in the first place, so that assertions can be written to find and fix them.

This is where Tortuga Logic has staked its claim. Founded by academic researchers from the University of California at Santa Barbara and San Diego, the company has been working on a beta tool based upon security research done over the past decade at both of those schools.

“There are a lot of companies that are focused on the software side,” said Jason Oberg, the company’s co-founder and CEO. “Our goal was to focus all attention on hardware—to find and debug security at an early stage, whether that’s RTL or SystemVerilog. If you look at smart phones these days, there is a location on the chip where they store fingerprint data and that’s not supposed to leak beyond a secure area. We can validate if that’s the case. Chipmakers have big security teams in place, and they have conversations with the hardware design teams and visually inspect the RTL for potential problems. We can automate that.”

One other big concern inside of chips is that the chip doesn’t do anything other than what it was designed to do, a problem that has been exacerbated by the widespread adoption of third-party IP and counterfeiting of that IP.

“The Trojan issue is a big concern,” he said. “Based on an information flow analysis you can make sure information from A does not leak to B. You can frame unintended functionality.”

The company was formed in 2013 with support from the EvoNexus incubator founded by Peregrine Semiconductor’s Rory Moore. It was supported through funding from the National Science Foundation and angel investors. It has been in stealth mode for the past two years.