By turning computer circuits into unsolvable puzzles, a University of Michigan team aims to create an unhackable computer with a new $3.6 million grant from the Defense Advanced Research Projects Agency.
Todd Austin, U-M professor of computer science and engineering, leads the project, called MORPHEUS. Its cybersecurity approach is dramatically different from today’s, which relies on software—specifically software patches to vulnerabilities that have already been identified. It’s been called the “patch and pray” model, and it’s not ideal.
This spring, DARPA announced a $50 million program in search of cybersecurity solutions that would be baked into hardware.
“Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” said Linton Salmon, manager of DARPA’s System Security Integrated Through Hardware and Firmware program.
The U-M grant is one of nine that DARPA has recently funded through SSITH.
MORPHEUS outlines a new way to design hardware so that information is rapidly and randomly moved and destroyed. The technology works to elude attackers from the critical information they need to construct a successful attack. It could protect both hardware and software.
“We are making the computer an unsolvable puzzle,” Austin said. “It’s like if you’re solving a Rubik’s Cube and every time you blink, I rearrange it.”
In this way, MORPHEUS could protect against future threats that have yet to be identified, a dreaded vulnerability that the security industry called a “zero day exploit.”
“What’s incredibly exciting about the project is that it will fix tomorrow’s vulnerabilities,” Austin said. “I’ve never known any security system that could be future proof.”
Austin said his approach could have protected against the Heartbleed bug discovered in 2014. Heartbleed allowed attackers to read the passwords and other critical information on machines.
“Typically, the location of this data never changes, so once attackers solve the puzzle of where the bug is and where to find the data, it’s ‘game over,'” Austin said.
Under MORPHEUS, the location of the bug would constantly change and the location of the passwords would change, he said. And even if an attacker were quick enough to locate the data, secondary defenses in the form of encryption and domain enforcement would throw up additional roadblocks. The bug would still be there, but it wouldn’t matter. The attacker won’t have the time or the resources to exploit it.
“These protections don’t exist today because they are too expensive to implement in software, but with DARPA’s support we can take the offensive against attackers with new defenses in hardware and implement then with virtually no impact to software,” Austin said.
More than 40 percent of the “software doors” that hackers have available to them today would be closed if researchers could eliminate seven classes of hardware weaknesses, according to DARPA. The hardware weakness classes have been identified by a crowd-source listing of security vulnerabilities called the Common Weakness Enumeration. The classes are: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection.
DARPA is aiming to render these attacks impossible within five years. If developed, MORPHEUS could do it now, Austin said.
While the complexity required might sound expensive, Austin said he’s confident his team can make it possible at low cost.
The Latest on: Unhackable computer
- Office Devices You Least Expect to Be at Risk of a Security Hackon November 24, 2019 at 5:07 am
There are now smart coffee makers, smart computer monitors with video cameras ... thereby accessing valuable data. While no connected device is unhackable, there are steps a company can take to ...
- Computer System Is Another Way Cattle Producers Can Connect With Consumerson November 11, 2019 at 8:51 am
The bitcoin system employs "cryptography," a computer term for code, which, once entered, cannot be altered. Since its inception, blockchain has proven to be "unhackable." In the beef industry, ...
- Hacking an unhackable computeron October 28, 2019 at 5:00 pm
So you might think that to have a totally secure computer - like a computer used for finance - you should make sure it isn't connected to any network at all. That's what many companies and government ...
- Unhackable internet system for smart cities?on September 8, 2019 at 6:41 pm
Smart cities of future need to graduate to a new internet paradigm for safety of people whose lives are dependent on government computer infrastructure ... to have developed a new “impregnable” and ...
- Soldiers may 'wear' unhackable computers into combaton September 3, 2019 at 9:14 am
Vulnerability to certain individual systems could increase if all technologies were connected to a central computer network because an intruder would have wide-ranging access across a range of systems ...
- MICROSafeX Launches Kickstarter Campaign for World's First 'Unhackable' Computeron June 19, 2019 at 10:16 pm
(MENAFN - Send2Press Newswire) LOS ANGELES, Calif., June 19, 2019 (SEND2PRESS NEWSWIRE) –- MICROSafeX announces a newly patented 'unhackable' security technology / computer platform and it's working ...
- MICROSafeX Launches Kickstarter Campaign for World’s First ‘Unhackable’ Computeron June 19, 2019 at 1:04 pm
LOS ANGELES, Calif., June 19, 2019 (SEND2PRESS NEWSWIRE) –- MICROSafeX announces a newly patented “unhackable” security technology / computer platform and it’s working to raise money through a ...
- Unhackable? New chip makes the computer an unsolvable puzzleon May 6, 2019 at 10:30 pm
A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has ...
- Researchers unveil 'unhackable' Morpheus processoron May 3, 2019 at 4:11 am
Researchers at the University of Michigan have developed what they, probably inadvisedly, claim is an 'unhackable' self-encrypting processor ... We've all seen how damaging an attack can be when it ...
- Should cyber-security be more chameleon, less rhino?on April 8, 2019 at 5:00 pm
But while such approaches show promise, Check Point's Neatsun Ziv concludes that: "There is no such thing as an unhackable computer, the only thing that exists is the gap between what you build and ...
via Google News and Bing News