The Colonial Pipeline disaster is just the latest example proving that hacks are all around us, and hackers continue to harass all sorts of targets, from individuals to institutions. Attackers and spies want information and money, and they can quickly adapt to the changes in the industry, whether it’s better hardware and software or tech-savvy users. But just as hackers try to exploit every vulnerability they can find to extort information or make instant profits, researchers are looking to create unhackable hardware and software.
The latest such initiative is a computer processor from the University of Michigan called Morpheus that’s meant to stop most of the low-level attacks hackers might attempt at this hardware level.
Morpheus isn’t quite unhackable, but it’s a major step in the right direction. According to University of Michigan’s researcher Todd Austin, it’s supposed to be incredibly difficult to break into. According to IEEE Spectrum, some 580 cybersecurity researchers spent 13,000 hours trying to break into Morpheus and failed. It was part of a project from the U.S. Defense Advanced Research Program Agency (DARPA), the Security Integrated Through Hardware and firmware (SSITH) program.
The custom Morpheus CPU creates a puzzle for hackers using encryption to hide from them to find and attack exploits — this is how Austin describes it:
Morpheus is a secure CPU that was designed at the University of Michigan by a group of graduate students and some faculty. It makes the computer into a puzzle that happens to compute. Our idea was that if we could make it really hard to make any exploit work on it, then we wouldn’t have to worry about individual exploits. We just would essentially make it so mind bogglingly terrible to understand that the attackers would be discouraged from attacking this particular target. The challenge is, how do you make it mind bogglingly difficult to understand for an attacker, but not affect the normal programmer?
The researcher explained that the processor obfuscates what he calls “undefined semantics” in a processor:
Think about driving a car: The defined semantics of your car are that it has a steering wheel; it has a left/right blinker; it may have a stick shift depending on the kind of car; it has as an on-off button. Once you know those basic features, you can drive your car. The undefined semantics are: Is it four cylinders or six cylinders? Does it run on diesel or electric? Does it have ABS braking or non-ABS braking? Attackers need to know all that underlying stuff, because they need to use that knowledge to step around the defenses. It is the telltale sign of an attack that it is dipping into the implementation details of a system.
With undefined semantics in Morpheus change every few hundred milliseconds in such a way that hackers can’t plan for these changes:
The underlying implementation will be so unique that you will never see the one that you’re on now again, ever, on any other machine in the future. It is completely unique in time and space.
The researchers encrypt pointers in memory, placing “128 bits of randomness” in the pointers:
The key mechanism that’s under the hood here is making this machine change and change and change and never be the same ever again. It’s cryptography, just simple cryptography.
A cipher called Simon handles the cryptography, and the encryption happens every 100 milliseconds to make it really hard for hackers to adapt to it. Eventually, that time might drop all the way to 10 milliseconds, so the information can’t leave the building before changing, which would force attackers to have to be present in the vicinity of the targeted computer.
This kind of technology would have stopped the infamous Spectre and Meltdown hacks from a few years ago, flaws in chips powering all sorts of computers that allowed hackers to attack the devices. The price to pay for that encryption is a performance impact of 10%, but Austin explained that big companies like Intel, AMD, and ARM could shave the overhead to a few percent.
The researcher explained that the custom chip couldn’t stop more sophisticated attacks like SQL injection and attacks in the web browser. But it targets low-level hacks like remote code execution (RCE), which are the “crown jewels of vulnerabilities:”
What RCE means is that I can get code onto your machine without you knowing about it. And I don’t have to phish you. I don’t have to convince you to run a program. I don’t have to trick you into running my program. I just inject it to your machine.
Austin explained that his team is also working on processors that can handle encrypted data without decrypting it first, a feature that might come in handy for hiding the raw data from programmers or other companies while still allowing computers to process it. That’s also the kind of technology that might advance privacy features in addition to improving security.
No matter how great Morpheus might be at thwarting attacks targeting a computer’s processor, there must be hackers out there exclaiming “Challenge Accepted” as Austin and his team publicize their work. Also, it might take a long while until we see Morpheus-like chips inside commercial devices. IEEE Spectrum’s full report is worth a read in full at this link.
