Last year’s revelations of security holes that affect billions of chips have spurred researchers to seek more effective ways of securing semiconductors. Todd Austin, a professor at the University of Michigan, is working on an approach known as Morpheus that aims to frustrate hackers trying to gain control of microchips by presenting them with a rapidly changing target.
At a conference in Detroit this week organized by the US Defense Department’s Defense Advanced Research Projects Agency (DARPA), Austin described how the prototype Morpheus chip works.
The aim is to make it incredibly difficult for hackers to exploit key software that helps govern the chip's operation. Morpheus does this by repeatedly randomizing elements of the code that attackers need access to in order to compromise the hardware. This can be achieved without disrupting the software applications that are powered by the processor.
Austin has been able to get the chip's code “churning” to happen once every 50 milliseconds—way faster than needed to frustrate the most powerful automated hacking tools. So even if hackers find a vulnerability, the information needed to exploit it disappears in the blink of an eye.
Linton Salmon of DARPA, who oversees the agency's project that backs Morpheus, says a big advantage of the technology is that it can defend against a wide range of cyberattacks. The prototype chip also boasts software that aims to spot new kinds of digital assaults, adjusting its churn rate according to the severity of the threat.
Cost versus benefits
There’s a cost to all this: the technology causes a slight drop in performance and requires somewhat bigger chips. The military may accept this trade-off in return for greater security on the battlefield, but it could limit Morpheus’s appeal to businesses and consumers.
Austin and Valeria Bertacco, a colleague at the University of Michigan, have cofounded a startup called Agita Labs to commercialize Morpheus, whose prototype is based on the popular open-source RISC-V chip architecture.
Potential buyers will want proof that the technology works. Austin said a prototype has already resisted every known variant of a widely-used hacking technique known as a control-flow attack, which does things like tampering with the way a processor handles memory in order to allow hackers to sneak in malware.
More tests lie ahead. A team of US national security experts will soon begin probing the prototype chip to see if they can compromise its defenses, and Austin also plans to post some of Morpheus's code online so that other researchers can try to find flaws in it, too.
Quantum computing has a hype problem
Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.
These hackers showed just how easy it is to target critical infrastructure
Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.
Russia hacked an American satellite company one hour before the Ukraine invasion
The attack on Viasat showcases cyber’s emerging role in modern warfare.
Russia is risking the creation of a “splinternet”—and it could be irreversible
If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.