SBIR Phase I: Vulnerability-Agnostic Secure Systems

SBIR Phase I: Vulnerability-Agnostic Secure Systems

Award Information
Agency: National Science Foundation
Branch: N/A
Contract: 1845552
Agency Tracking Number: 1845552
Amount: $224,725.00
Phase: Phase I
Program: SBIR
Awards Year: 2019
Solicitation Year: 2018
Solicitation Topic Code: IT
Solicitation Number: N/A
Small Business Information
1218 OLIVIA AVE, ANN ARBOR, MI, 48104
DUNS: 116915705
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Todd Austin
 (734) 644-2749
 todd.m.austin@gmail.com
Business Contact
 Todd Austin
Phone: (734) 644-2749
Email: todd.m.austin@gmail.com
Research Institution
N/A
Abstract
The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project will be safer and more secure IoT platforms that will contribute to the growth of the IoT market. Current security technologies in the IoT arena are either weak or expensive (usually both). The weakness in conventional approaches lies in their impractical goal of finding and fixing all security vulnerabilities. Modern systems have complexity that vastly outstrips the capabilities of any human or verification tool to find all the security vulnerabilities. The only way to somewhat mitigate this weakness is to throw significant resources at the problem, which is very expensive and still yields an imperfect result. The proposed technology developed in this SBIR Phase I project will provide practical and strong security. It gains these important properties by assuming that all systems are riddled with vulnerabilities, so it builds in security by making IoT computing devices that are unsolvable puzzles to attackers. In addition, it doesn't rely on IoT developers to deploy hand-crafted defenses; instead, developers simply build their applications on the proposed platform, and they receive all of its security benefits. This Small Business Innovation Research (SBIR) Phase I project will develop a new direction in IoT security. Unlike the world of IoT security today, where developers and tools are attempting to find and fix every last security vulnerability (and always failing), the technology being developed is a hardware-based secure IoT technology that is impractically difficult to penetrate. It achieves this by engaging ensembles of moving target defenses (EMTDs) on the runtime information that attackers need to build their attacks. To overcome EMTDs, attackers must extensively probe the system to acquire the run-time information obscured by moving target defenses. To stop these probes, the technology utilizes a technology called churn to re-key moving target defenses while the system is in operation. Once the churn mechanism is engaged, attackers will have to start their attack over again from scratch. With churn cycles of 50ms (or less), the proposed secure IoT platform becomes impractically difficult to breach, across a broad array of attack classes. The work proposed in this SBIR Phase I project will advance the technology from simulation to a real hardware implementation, which will allow the technology to be deployed into the IoT marketplace. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government