Why Varoa Our Technology Team Get in Touch
Hero Image
ARCHITECTURE SPECIFICATION

The Actuation-Level Security Architecture.

We engineer a hardware-enforced root of trust to protect robotics systems against cyber-physical security threats at the actuation level.

THE SOLUTION: ACTUATION-LEVEL PROTECTION

Actuation-Level Protection

Varoa Enforcer protects robotics systems against cyber-physical security threats by moving the security perimeter directly to the physical boundary: the actuation level. By deploying Intelligent Actuation Nodes (IAN) at each motor and joint, both inbound commands and return telemetry are cryptographically authenticated at the hardware layer.

ENFORCER PASS
> SYSLOG_PARSE: ATTESTATION VERIFIED
> SECURE_BUS: ENFORCER_NODE_01 ACTIVE
> DRIVE_CMD: STATUS_NOMINAL=1
Close up of a clean, protected robotic actuator operating safely under the verification of the Varoa security module.
SECURE: ENFORCED_STATE
hub

Architectural Insight

"The bus is contested space."

Assuming the internal communication bus (CAN-FD, EtherCAT, etc.) is contested space, security cannot reside in the controller alone. It must be distributed directly to the actuation level. Varoa Enforcer establishes cryptographic verification and a hardware-controlled authority boundary at the actuator. Reference designs may use galvanic isolation where required by the electrical, safety, or threat model.

THE PROBLEM, IN PLAIN TERMS

Inside a robot, the actuator bus is a shared highway

Many deployed actuator networks rely primarily on bus access and protocol conformance rather than per-actuator cryptographic authority. Where command authentication and freshness are absent, a device with bus access may be able to inject or replay traffic that appears structurally valid.

lan

One way in, access to everything

A shared bus is a highway. Reach it through a service port, a physical tap, or one weak peripheral, and you can talk to every joint on that segment.

terminal

Injection is cheap

Standard buses carry commands in the clear. Inexpensive, off-the-shelf hardware is enough to listen in and inject commands that look legitimate to the motors.

replay

Replay works

Without per-command freshness, a captured "move" or "release brake" sequence can be played back later to cause unauthorized motion.

fingerprint

No proof of identity

An unsecured bus can't tell a genuine controller or motor from a swapped-in clone. Trust is assumed, not verified.

menu_book PUBLIC RECORD

The comfortable assumption - 'the enclosure is sealed and the network is secured, so the bus is safe' - does not hold. U.S. GAO report 19-128 found that security testers routinely bypassed network defenses, and once inside, the control bus was wide open.

Varoa starts from the opposite assumption: the bus is contested space.

WHY IT'S DIFFERENT

From "trust by default" to "verify everything"

Who can command a motor

Typical robot today

Anything that reaches the wire or bus

With Varoa

Only an authenticated source the actuator already trusts

Command integrity

Typical robot today

Often none - commands taken at face value

With Varoa

Every command is cryptographically authenticated

Replaying old commands

Typical robot today

Usually possible

With Varoa

Rejected - commands have to be fresh

Feedback / telemetry

Typical robot today

One-way or unverified

With Varoa

Authenticated two-way, so the readings can be trusted too

Component identity

Typical robot today

Assumed

With Varoa

Hardware-bound identity for every actuator

Electrical noise / interference

Typical robot today

Can be misread as real commands → erratic motion

With Varoa

Spurious signals cannot pass authentication; physics-informed analysis provides additional evidence for interference-versus-suspicious-activity triage

Behavior under attack

Typical robot today

Unpredictable - runaway or hard crash

With Varoa

Graduated security states ending in a hardware-enforced security lockout; distinct from functional-safety STO

Same robot, same motors. The difference is whether the last inch of control trusts everything by default - or verifies everything by design.

SYSTEM COMPONENTS

Technical Breakdown

memory NODE_01

IAN

Intelligent Actuation Node

  • Hardware-isolated security domains
  • Cryptographic command validation
  • Isolated sensor monitoring path
router CTRL_00

AAC

Actuation Authority Controller

  • Coordinated fleet policy control
  • High-availability command routing
  • Unalterable audit trail logs
bolt PWR_GATE

Energy Gating

Hardware-Enforced Isolation

Hardware-enforced safe state overriding software commands. Uses high-speed galvanic isolation at the actuation level to de-assert drive systems independently of the software controller, securing against unauthorized physical movement.

STATE ENVELOPE

Security State Machine

State Condition Response Indicator
NORMAL Attested credentials; nominal operation Full operating envelope ACTIVE
DEGRADED Minor environmental anomalies Reduced authority; automatic recovery WARN
ALERT Repeated anomalies / suspected interference Further reduced authority; controlled motion ALERT
LOCKOUT Confirmed attack / integrity failure Hardware energy gate de-asserted; re-auth needed HALT

These are cybersecurity states. They are distinct from functional-safety Safe Torque Off (STO) - Varoa complements your safety architecture and does not replace it.

Physics-informed filtering and cross-signal analysis provide additional evidence for separating likely environmental interference from suspicious manipulation. Calibration and validation are specific to the actuator and deployment environment. Complete diagnostic, integration, and verification specifications are available in our secure Customer Portal.

About Us

Varoa is a 100% Canadian-owned robotics security startup headquartered in Edmonton, Alberta. We are dedicated to securing robotics systems against cyber-physical threats at the actuation level. Through hardware-enforced trust mechanisms, we protect next-generation autonomous systems and fleets. The core technology powering Varoa Enforcer is patent pending with the USPTO.

Get in Touch

Contact our engineering team to request technical documents, reference designs, firmware integration guides, or licensing information.