Computers

Morphing computer chip repels hundreds of professional DARPA hackers

Morphing computer chip repels hundreds of professional DARPA hackers
Trying to hack the "unhackable" Morpheus system is described as like trying to solve a Rubik's Cube that is constantly being rearranged
Trying to hack the "unhackable" Morpheus system is described as like trying to solve a Rubik's Cube that is constantly being rearranged
View 2 Images
Trying to hack the "unhackable" Morpheus system is described as like trying to solve a Rubik's Cube that is constantly being rearranged
1/2
Trying to hack the "unhackable" Morpheus system is described as like trying to solve a Rubik's Cube that is constantly being rearranged
The Morpheus processor – the white square under the fan – has succeeded in its most challenging test yet
2/2
The Morpheus processor – the white square under the fan – has succeeded in its most challenging test yet

Engineers have designed a computer processor that thwarts hackers by randomly changing its microarchitecture every few milliseconds. Known as Morpheus, the puzzling processor has now aced its first major tests, repelling hundreds of professional hackers in a DARPA security challenge.

In 2017, DARPA backed the University of Michigan’s Morpheus project with US$3.6 million in funding, and now the novel processor has been put to the test. Over four months in 2020, DARPA ran a bug bounty program called Finding Exploits to Thwart Tampering (FETT), pitting 525 professional security researchers against Morpheus and a range of other processors.

The goal of the program was to test new hardware-based security systems, which could protect data no matter how vulnerable the underlying software was. Morpheus was mocked up to resemble a medical database, complete with software vulnerabilities – and yet, not a single attack made it through its defenses.

There’s basically no such thing as bug-free software, and in many cases these bugs can be exploited by hackers. Software developers will usually patch them up when they find them, but that often doesn’t happen until after an attack, and hackers will just move onto the next vulnerability. The cycle continues in a never-ending arms race between hackers and developers.

More recently, computer scientists are realizing that hardware can play an important role in security. To design a piece of malware, hackers need to understand the microarchitecture of a processor, so they can figure out where to inject their malicious code. Locking down the system at the hardware level could potentially end the arms race once and for all.

The Morpheus processor – the white square under the fan – has succeeded in its most challenging test yet
The Morpheus processor – the white square under the fan – has succeeded in its most challenging test yet

That was the design philosophy behind Morpheus. Essentially, the processor starts by encrypting key information, such as the location, format and content of data. But that’s not enough on its own – a dedicated hacker could still crack that code within a few hours.

And that’s where Morpheus gets clever – the system shuffles that encryption randomly every few hundred milliseconds. That way, even if a hacker somehow manages to get a picture of the entire processor, it’ll completely change before they have a chance to act on it.

“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” says Todd Austin, lead researcher on the Morpheus project. “That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”

Importantly, this difficulty doesn’t apply to programmers or users, because the card shuffling happens at a level that legitimate users of the system don’t directly interact with. The main side effect is that apparently Morpheus runs about 10 percent slower than an otherwise equivalent system would, but that’s a pretty good trade-off for a virtually unhackable processor. Plus, the team says that further refinement could speed the system up.

With its tough shell now proven, the Morpheus team says that the next steps for the project are to adapt the technology to use it to try to protect data in the cloud.

Sources: University of Michigan via The Conversation, IEEE Spectrum

9 comments
9 comments
paul314
Cool! For most people a 10% performance penalty is way down in the noise.
NikBennewitz
Skynet when ?
Fred Ege
This is a major breakthrough in defense of every computer. wishing the team the best in bringing it forward. Modern computers are so fast now it's hard to detect a slight increase in processing time...
Fred
Kevin Ritchey
I have a hatred for hackers who can’t find a better use of their time. Make something creative (and profitable) rather than maliciously tear down another’s efforts. Death is too kind.
DJ's "Feed Me Doggie"
paul314, That, unfortunately, was the exact logic my ex-wife used with her new boyfriend.
joe46
I hate to burst your bubble, but there is no such thing as "a virtually unhackable processor" I'm afraid all you have done is buy yourself some time :)
Eggbones
So when someone does figure out how to crack Morpheus, they feast on all the lazy applications that were convinced that the need for diligent security was a thing of the past.

A real hacker wouldn't tell if they cracked Morpheus - they'd wait in glee for it to be depended upon.
ChairmanLMAO
525 hackers don't know about a 5$ wrench attack?
James Jeansonne
This can easily be avoided. Just have to figure out how to "sniff out" the seed to it's "randomness". Then use that just like a RSA coder.