LAKE WALES, Fla. — Cybersecurity experts have long preached that the only way to make computers “unhackable” is with on-chip hardware, but no one has done it yet. The Defense Advanced Research Agency (DARPA) is pursuing the goal under such efforts as its High-Assurance Cyber Military Systems program and the Cyber Grand Challenge. Most recently, under its System Security Integrated through Hardware and Firmware (SSITH) program, DARPA has doled out $3.6 million to the University of Michigan for continued development of a microarchitecture that its creators say is unhackable.
Instead of the usual “patch and pray” software method of plugging security holes, DARPA wants to leverage new technologies to develop integrated circuits that are inherently impervious to software “end runs,” said Linton Salmon, program manager at the agency’s Microsystems Technology Office.
Intel has provided on-chip V-Pro security hardware in its Xeon microprocessor family for years. But DARPA is looking for a higher degree of protection, especially for military field computers, as a hardware security breach in the field could put soldiers’ lives at risk.
Michigan professor Todd Austin
DARPA’s stated goal of “hack resistance” appears to hedge a bit on whether truly unhackable hardware is achievable. But Michigan EECS professor Todd Austin, lead researcher on the project, claims his team’s approach, called Morpheus, achieves hack-proof hardware by changing the internal codes once a second. Austin likens Morpheus’ defenses to requiring a would-be attacker to solve a new Rubik’s Cube every second to crack the chip’s security. In this way, the architecture provides the maximum possible protection against intrusions, including hacks that exploit zero-day vulnerabilities, or those that cybersecurity experts have yet to discover. Morpheus thereby provides a future-proof solution, Austin said.
Morpheus works its magic by constantly changing the location of the protective firmware with hardware that also constantly scrambles the location of stored passwords. Because passwords are encrypted — which takes time for hackers to decode — even the fastest hacker cannot find the vulnerability a second time after decryption.
The technique used in Morpheus is already being used by military computers today in software. By casting key operations in hardware, however, Austin believes he can eliminate all classes of known vulnerabilities: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection.
Austin and his team will use the DARPA funding to design the hardware version of the Morpheus protection algorithm into affordable hardware in order to limit the cost impact of unhackable microprocessors. Morpheus is one of nine projects DARPA has funded under SSITH.
Collaborating with Austin on the project are fellow Michigan EECS professor Valeria Bertacco; Mohit Tiwari, an assistant professor in the electrical and computer engineering department at the University of Texas at Austin; and Sharad Malik, an EE professor and chairman of the EE department at Princeton University. Read the details of their work here.
— R. Colin Johnson, Advanced Technology Editor, EE Times