500 hackers spent three months trying to hack a radical new computer chip and failed

WHY THIS MATTERS IN BRIEF

Cyber attacks will only get bigger and bolder and today’s technologies can’t stop them. The MORPHEUS computer chip is a radical new solution that so far hasn’t been hacked.

 

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential Universityconnect, watch a keynote, or browse my blog.

Over the years I’ve seen a lot of researchers promote new innovations that they say are unhackable, from unhackable code and self-destructing algorithms, right through to unhackable quantum encryption technologies. But, as all good security experts will tell you there’s no such thing as an unhackable product – only things that we haven’t figured out how to hack yet. The latter example is a case in – quantum encryption is perceived by many people, both in the upper echelons of the US government as well as the NSA, as a truly unhackable technology, yet recently it got hacked by a team of Chinese researchers who discovered a new way to clone photons and hack the seed of the laser used in the communications process. And just in case you’re wondering, that’s impressive.

 

READ
Lockheed shoots drones out of the sky with it's newest laser weapon

 

One other unhackable technology that’s I’ve been talking and writing about recently is the MORPHEUS computer chip, a revolutionary new type of computer chip developed hand in glove with DARPA and the US military that reconfigures itself hundreds of times a minute, like a Rubiks cube, to thwart hackers. And now that “unhackable” computer chip has lived up to its name in its first bug bounty competition, foiling over 500 cybersecurity researchers who were offered tens of thousands of dollars to analyze it and three other secure processor technologies for vulnerabilities.

MORPHEUS, developed by computer science researchers at the University of Michigan, weathered the three-month virtual bug bounty program DARPA dubbed the Finding Exploits to Thwart Tampering – or FETT – Bug Bounty without a single successful attack. DARPA partnered with the Department of Defense’s Defense Digital Service (DDS) and Synack, a crowdsourced security platform, to conduct FETT, and they also tested technologies from MIT, Cambridge University, Lockheed Martin and non-profit tech institute SRI International.

The UoM team achieved its results by abandoning a cornerstone of traditional computer security – finding and eliminating software bugs, explained Todd Austin, the team’s leader and the S. Jack Hu Collegiate Professor of Computer Science and Engineering. MORPHEUS works by reconfiguring key bits of its code and data hundreds of times per second, turning any vulnerabilities into dead ends for hackers.

 

READ
Inside Google’s plan to make sure AI is safe

 

“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Austin said. “That’s what hackers are up against with MORPHEUS. It makes the computer an unsolvable puzzle.”

MORPHEUS has previously proven itself in the lab, but the FETT Bug Bounty marks the first time that it was exposed to a group of skilled cybersecurity researchers from around the globe. Austin says its success is further proof that computer security needs to move away from its traditional bugs-and-patches paradigm.

“Today’s approach of eliminating security bugs one by one is a losing game,” Austin said. “Developers are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. With MORPHEUS, even if a hacker finds a bug, the information needed to exploit it vanishes within milliseconds. It’s perhaps the closest thing to a future-proof secure system.”

For FETT, the MORPHEUS architecture was built into a computer system that housed a mock medical database; computer experts were invited to try to breach it remotely. MORPHEUS was the second-most popular target of the seven processors evaluated under FETT.

 

READ
Scientists have grown a brain in a jar

 

Even though it presents a fortress to attackers, Austin says MORPHEUS is transparent to software developers and end users. This is because it focuses on randomizing bits of data known as “undefined semantics.” Undefined semantics are nooks and crannies of the computing architecture – for example the location, format, and content of program code. They’re part of a processor’s most basic machinery, and legitimate programmers don’t generally interact with them. But hackers can reverse-engineer them to uncover vulnerabilities.

The MORPHEUS chip protects undefined semantics through what Austin calls “encryption and churn.” Encryption randomizes the important undefined semantics that hackers need to launch a successful attack, while churn re-randomizes them while the system is running. This puts attackers in a race against the clock to discover the information that they need. Austin said that the churn rate is normally kept low to keep system performance high. But when a would-be hacker exercises an undefined semantic in an attempted attack, the churn rate spikes, stopping attackers in their tracks.

 

READ
US Navy shows off first of a kind laser weapon by destroying drones over the Pacific

 

MORPHEUS participated in the FETT Bug Bounty as part of DARPA’s System Security Integration Through Hardware and Firmware (SSITH) program, designed to develop technologies that protect electronic systems against common classes of hardware vulnerabilities exploited through software. While its participation in that program has ended, MORPHEUS is continuing to advance through Agita Labs, a UoM spinoff company founded by Arthur Thurnau and Professor Valeria Bertacco.

“I’m excited to see how MORPHEUS evolves now that it has proven itself in FETT, and as security becomes a more and more pressing challenge in the tech world,” Austin said. “We are adapting the technology to protect the most sensitive data in the cloud, including medical and genomic data, biometrics and financial credentials.”

The MORPHEUS architecture is detailed in a 2019 paper titled “MORPHEUS: A Vulnerability-Tolerant Secure Architecture Based on Ensembles of Moving Target Defenses with Churn.”

Related Posts

Leave a comment

Get your FREE! XPU Introduction to EXPONENTIAL THINKING course now. No registration, no catches, just awesome knowledge.FUTURE PROOF ME
+

Get the latest futuristic news delivered directly to your inbox!

Awesome! You're now subscribed.

Pin It on Pinterest

Share This