Morpheus chip foils attacks from 500 cybersecurity experts

A new processor has beaten off sustained attacks from more than 500 cybersecurity experts, as part of a bug bounty programme.

The ‘Finding Exploits to Thwart Tampering’ (FETT) programme was organised jointly by the US Department of Defence‘s DARPA (Defence Advanced Research Projects Agency), the Defense Digital Service (DDS), and crowdsourced security platform Synack in mid-2020.

As part of the FETT programme, DARPA offered tens of thousands of dollars to cybersecurity experts to try and hack certain experimental computer processors, including the new Morpheus chip.

Researchers at the University of Michigan (U-M) built the new chip, aiming to develop more effective processor security.

The team says Morpheus makes it difficult for hackers to compromise chips by rapidly randomising elements of the code and data, which attackers need access to to gain control of the hardware.

Todd Austin, University of Michigan team leader, says the team has been able to get the chip’s code ‘churning’ once every 50 milliseconds – much faster than needed to foil hacking attempts from the most powerful automated tools.

So even if attackers discover a vulnerability, the information required to exploit it disappears almost instantly.

“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Austin said.

“That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”

The U-M team had previously demonstrated Morpheus’ capabilities in lab environment, but the FETT programme marks the first time the chip has been exposed to a group of external cybersecurity experts.

“I‘m excited to see how MORPHEUS evolves now that it has proven itself in FETT, and as security becomes a more and more pressing challenge in the tech world,” Austin said.

“We are adapting the technology to protect the most sensitive data in the cloud, including medical and genomic data, biometrics and financial credentials.”

Since the Morpheus chip managed to foil every attack thrown against it, DARPA has awarded it with an A rating: ‘Approved for Public Release, Distribution Unlimited’.

Morpheus research was supported by DARPA as part of the System Security Integration Through Hardware and Firmware (SSITH) programme.

Earlier this week, chip-maker Intel also announced that it had signed an agreement with DARPA to participate in its Data Protection in Virtual Environments (DPRIVE) programme.

This programme aims to tackle the ‘final frontier’ in data privacy by creating an accelerator for fully homomorphic encryption (FHE), enabling applications to work with encrypted data and process information without needing to decrypt data during analysis.

Intel has been tasked with developing a dedicated application-specific integrated circuit (ASIC) that is optimised for FHE, to reduce the computational overhead over current CPU-based methods. The target is to cut processing time compared to existing techniques by up to five orders of magnitude.

Intel is workin with Microsoft as part of the programme. Microsoft has said it will test Intel’s technology it in its cloud offerings, including Azure and JEDI cloud, with the US government.