The US military is working on a new project with an aim to challenge hackers in their own game. Its Defense Advanced Research Projects Agency (DARPA) is now backing a team of scientists at the University of Michigan to create an unhackable computer with circuits behaving like unsolved puzzles.
As part of its recently-announced $50 million programme to improve cybersecurity, DARPA will spend $3.6 million on the new project, dubbed "MORPHEUS." Unlike today's software-based cybersecurity approach, the new system will be baked right into the hardware to pull the plug on vulnerabilities that could lead to patchy "software doors."
The year 2017 witnessed an array of notorious cyberattacks, with the most notable one being the unprecedented WannaCry ransomware attack which infected hundreds of thousands of computers around the globe in May. Although the malware was eliminated within a few days of its outbreak, it managed to cause severe disruptions across hospitals, banks and businesses worldwide.
The world was hardly recovering from the WannaCry mayhem when another virus, called NotPetya, created havoc barely a month later by locking thousands of computers across the world.
Hackers carry out such cyberattacks mostly by exploiting backdoors in software. But DARPA said that over 40 percent of these "software doors" would be closed if security researchers could eliminate seven classes of hardware weaknesses, including permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection.
While DARPA is aiming to render these attacks impossible within five years, MORPHEUS, if successfully developed, could do it right away, according to Todd Austin, U-M professor of computer science and engineering and the project's leader.
"Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today's software attacks," Linton Salmon, manager of DARPA's System Security Integrated Through Hardware and Firmware (SSITH) program, said in a statement.
To make hackers' life tougher, the scientists have devised a new hardware design that shuffles information around the computer rapidly and randomly while also destroying past versions as it goes. However, it's not just the targeted data that will be shuffled; any bug that could be exploited will also be a moving target, as would any passwords.
"Typically, the location of this data never changes, so once attackers solve the puzzle of where the bug is and where to find the data, it's 'game over'," Austin said. "We are making the computer an unsolvable puzzle. It's like if you're solving a Rubik's Cube and every time you blink, I rearrange it."
A working MORPHEUS computer is expected to prevent hackers from accessing critical information they need to construct a successful attack. The technology, therefore, could protect against future threats that have yet to be identified, according to the scientists.
"What's incredibly exciting about the project is that it will fix tomorrow's vulnerabilities," Austin said. "I've never known any security system that could be future proof."
