Engineers from the University of Michigan designed a computer chip, called Morpheus, that is practically unhackable, a press statement from the developers explained.
The processor — which changes its own microarchitecture every few milliseconds — was tested by hundreds of professional hackers in a DARPA security challenge. None of them were able to breach the system.
The system, which draws comparisons to security systems imagined in science fiction, has been likened to trying to crack a Rubik’s Cube that constantly rearranges itself.
Early ‘cyberspace’ premonitions coming true
In 1984, the godfather of cyberpunk, William Gibson, released his first novel, Neuromancer, which predicted the rise of the internet and popularized the term “cyberspace.” One of the concepts in that sci-fi novel, called “ICE”, was a technology within the “cyberspace” that took on the virtual shape of hacker-proof walls.
The novel was also a large inspiration for the popular sci-fi movie The Matrix, which surely inspired the name of the University of Michigan’s Morpheus project.
It’s telling that the University of Michigan presents its new findings alongside an image of virtual cube-like systems that recall Gibson’s fictional “ICE.”
The university’s new “Morpheus” system was tested in 2020, over the course of four months, by hundreds of the world’s most proficient hackers, working for DARPA — the organization backed the system with $3.6 million in 2017.
The Morpheus system has all the hallmarks of a technology imagined in science fiction, as it was unhackable, despite the best attempts of more than 500 hackers.
Last year, DARPA’s bug bounty program, called Finding Exploits to Thwart Tampering (FETT), pitted 525 professional cybersecurity researchers against Morpheus, as well as other systems.
Morpheus system is ‘an unsolvable puzzle’
The goal of the FETT program was to test new hardware-based security systems that could protect data against common hardware vulnerabilities typically exploited by software.
During the tests, the Morpheus system was utilized to protect a mock medical database with software vulnerabilities. Not a single attack penetrated the system.
The Morpheus system, essentially, encrypts key data much in the same way as many other cybersecurity systems. It goes one step further, however, by shuffling that encryption randomly every few hundred milliseconds.
“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Todd Austin, lead researcher on the Morpheus project, explained. “That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”
Of course, those with access to the system don’t interact with the same process and are presented with the unencrypted data on their own screens.
According to the University of Michigan statement, the one trade-off for end users, is the fact that the Morpheus system runs approximately 10 percent slower than equivalent systems. However, the team explained that it aims to refine the system to make it faster in the future.
Ending ‘patch and pray’ and strengthening future cyber defenses
Todd Austin also explained that systems like Morpheus could stop the never-ending loop of “patch and pray,” which sees developers patch their systems once vulnerabilities have already been discovered and, quite often, exploited.
“Today’s approach of eliminating security bugs one by one is a losing game,” Austin explained. “Developers are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. With MORPHEUS, even if a hacker finds a bug, the information needed to exploit it vanishes within milliseconds. It’s perhaps the closest thing to a future-proof secure system.”
Systems such as the University of Michigan’s Morpheus chip are an increasing necessity in the current climate — a fact driven home by last year’s record $7.8 billion invested in cybersecurity globally.
Just this month, a vital US fuel pipeline’s operation was halted by a ransomware attack, and Ireland’s health service was targeted by hackers, forcing the country’s hospitals to cancel numerous medical appointments and shut down its IT infrastructure.
The FETT program also tested systems by MIT, Cambridge University, and Lockheed Martin, meaning that many of the world’s best minds are building systems aimed at securing future databases against malicious hackers.
In a world that’s increasingly reliant on data to run transportation systems, research analysis, and even medical infrastructures, these new systems could literally mean life or death.