Researchers at the University of Michigan have developed what they, probably inadvisedly, claim is an ‘unhackable‘ self-encrypting processor based on the RISC-V instruction set architecture (ISA). The open nature of the RISC-V instruction set architecture (ISA), one of a growing number of free and open source silicon (FOSSi) ISAs designed to bring competition to proprietary
Researchers at the University of Michigan have developed what they, probably inadvisedly, claim is an ‘unhackable‘ self-encrypting processor based on the RISC-V instruction set architecture (ISA).
The open nature of the RISC-V instruction set architecture (ISA), one of a growing number of free and open source silicon (FOSSi) ISAs designed to bring competition to proprietary architectures like x86 and Arm, makes it well-suited to use in research projects. Most of these projects concentrate on creating highly-scalable designs, but researchers at the University of Michigan have opted to concentrate on security – creating an ‘unhackable‘ processor, a claim which sounds like a challenge to security researchers the world over.
Dubbed Morpheus, the processor’s security is assured, the researchers claim, by a system which sees code and data internally encrypted and shuffled 20 times a second – ‘infinitely faster than a human hacker can work,‘ the University’s somewhat breathless press release claims, ‘and thousands of times faster than even the fastest electronic hacking techniques.‘
‘Today’s approach of eliminating security bugs one by one is a losing game,‘ claims Professor Todd Austin of his team’s work. ‘People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. With Morpheus, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.‘
Proven in prototype form and funded by the US Defence Advanced Research Projects Agency (DARPA), Morpheus is aimed at use in everything from mainstream laptops and desktops to embedded Internet of Things (IoT) and even military systems. ‘We’ve all seen how damaging an attack can be when it hits a computer that’s sitting on your desk,‘ Professor Austin explains. ‘But attacks on the computer in your car, in your smart lock or even in your body could place users at even greater risk.‘
The data and instruction ‘churn rate’ of 50 milliseconds, twenty times a second, is claimed to drop overall processor performance by around one percent; it is also joined by an ‘attack detector‘ which monitors for threats and increases the churn rate to protect the system accordingly.
The team’s work may not stay in the lab for long, either: It has partnered with Agita Labs, a startup founded by Professor Austin and colleague Professor Valeria Bertacco, to commercialise the technology, though has not yet offered a launch date for the first commercial Morpheus parts.
The team’s paper, ‘Morpheus: A Vulnerability-Tolerant Secure Architecture Based on Ensembles of Moving Target Defences with Churn,‘ was presented at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems and is available in the ASPLOS ’19 proceedings.