Hackers keep harassing all types of computer processors, from individuals to organizations, as shown by the Colonial Pipeline crisis. Attackers and spies want knowledge and resources, and they can easily adjust to industry shifts, such as better hardware and software or more tech-savvy users.
Researchers are working to build unhackable processors (hardware and software), just as hackers attempt to manipulate any backdoor they can find in order to extort information or make quick money. The most significant development is Morpheus, a computer processor developed by the University of Michigan that is designed to prevent most low-level attempts at the hardware scale.
Morpheus isn’t completely unhackable, but it’s a huge step forward. It’s expected to be extremely difficult to get into, as per Todd Austin of the University of Michigan. As per IEEE Spectrum, 580 cybersecurity researchers attempted and failed to hack into Morpheus for 13,000 hours. It was developed as part of Security Integrated Through Hardware and firmware (SSITH) program of the US Defense Advanced Research Program Agency (DARPA).
According to Austin, the custom Morpheus CPU provides a puzzle for hackers who use encryption to hide from them in order to locate and target suspicious activities:
“Morpheus is a secure CPU that was designed at the University of Michigan by a group of graduate students and some faculty. It makes the computer into a puzzle that happens to compute. Our idea was that if we could make it really hard to make any exploit work on it, then we wouldn’t have to worry about individual exploits. We just would essentially make it so mind bogglingly terrible to understand that the attackers would be discouraged from attacking this particular target. The challenge is, how do you make it mind bogglingly difficult to understand for an attacker, but not affect the normal programmer?”
The processor distorts what the researcher refers to as “undefined semantics” in a processor:
“Think about driving a car: The defined semantics of your car are that it has a steering wheel; it has a left/right blinker; it may have a stick shift depending on the kind of car; it has as an on-off button. Once you know those basic features, you can drive your car. The undefined semantics are: Is it four cylinders or six cylinders? Does it run on diesel or electric? Does it have ABS braking or non-ABS braking? Attackers need to know all that underlying stuff, because they need to use that knowledge to step around the defenses. It is the telltale sign of an attack that it is dipping into the implementation details of a system.”
The researchers encrypt memory pointers by inserting “128 bits of randomness” into them:
“The key mechanism that’s under the hood here is making this machine change and change and change and never be the same ever again. It’s cryptography, just simple cryptography.”
Morpheus’ undefined semantics shift every few hundred milliseconds, making it impossible for hackers to prepare for them:
“The underlying implementation will be so unique that you will never see the one that you’re on now again, ever, on any other machine in the future. It is completely unique in time and space.”
The encryption is handled by a code named Simon, and it occurs every 100 milliseconds, making it extremely difficult for hackers to adjust. That time could eventually drop to 10 milliseconds, preventing information from leaving the building before changing, requiring attackers to be physically present near the targeted computer processors.
This technology – computer processors – might have prevented the notorious Spectre and Meltdown hacks of a few years ago, which exploited bugs in chips powering a wide range of computers, allowing hackers to target them. The cost of encryption is a 10% output hit, but Austin claims that large corporations like Intel, AMD, and ARM could reduce the burden to only a few percent.