• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

DARPA Believes the Future of Security to be in Additional Processing Hardware

Raevenlord

News Editor
Joined
Aug 12, 2016
Messages
3,755 (1.35/day)
Location
Portugal
System Name The Ryzening
Processor AMD Ryzen 9 5900X
Motherboard MSI X570 MAG TOMAHAWK
Cooling Lian Li Galahad 360mm AIO
Memory 32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s) Gigabyte RTX 3070 Ti
Storage Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s) Acer Nitro VG270UP (1440p 144 Hz IPS)
Case Lian Li O11DX Dynamic White
Audio Device(s) iFi Audio Zen DAC
Power Supply Seasonic Focus+ 750 W
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
DARPA seems to be taking to heart engineer and cyber-security experts' opinions that hardware-based security would be the best security. The Defense Advanced Research Agency (DARPA), which has appeared in every other sci-fi war movie, has started its System Security Integrated through Hardware and Firmware (SSITH) program, with an initial kick worth $3.6 million to the University of Michigan. The objective? To develop "unhackable" systems, with hardware-based security solutions that become impervious to most software exploits.

Electrical Engineering and Computer Science (EECS) of the University of Michigan Professor Todd Austin, lead researcher on the project, says his team's approach, currently code-named Morpheus, achieves hack-proof hardware by "changing the internal codes once a second". Austin likens Morpheus' defenses to requiring a would-be attacker to solve a new Rubik's Cube every second to crack the chip's security. In this way, the architecture should provide the maximum possible protection against intrusions, including hacks that exploit zero-day vulnerabilities, or those that cybersecurity experts have yet to discover. Morpheus thereby provides a future-proof solution, Austin said. "This race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software," SSITH program manager Linton Salmon of the Agency's Microsystems Technology Office.





This approach is a far cry from the usual "patch and pray" philosophy: "To break this cycle and thwart both today's and tomorrow's software attacks, the SSITH program challenges researchers to design security directly at the hardware architecture level," said Salmon. "Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today's software attacks."

The final Morpheus hardware will actually be a hardware version of the Morpheus algorithm that the University of Michigan has already developed, and bases its security chops by constantly changing the location of the protective firmware with hardware - hardware that also constantly scrambles the location of stored, encrypted passwords. A solution that's already being employed in software as of today; however, Austin believes that moving software efforts to a hardware-based solution can eliminate all classes of known vulnerabilities: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection.



Austin said that Morpheus will provide a future-proof solution for cybersecurity, though it's uncertain whether or not this confidence applies to the advent of quantum computing. Whether or not a hardware-solution based on conventional physics is enough to stop a quantum-based computer still remains contested in the field, but DARPA, and the University of Michigan, seem to have their ideas on the subject.

View at TechPowerUp Main Site
 

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
26,259 (4.65/day)
Location
IA, USA
System Name BY-2021
Processor AMD Ryzen 7 5800X (65w eco profile)
Motherboard MSI B550 Gaming Plus
Cooling Scythe Mugen (rev 5)
Memory 2 x Kingston HyperX DDR4-3200 32 GiB
Video Card(s) AMD Radeon RX 7900 XT
Storage Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM
Display(s) Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay
Audio Device(s) Realtek ALC1150, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse Nixeus REVEL-X
Keyboard Tesoro Excalibur
Software Windows 10 Home 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
In other words, a government sanctioned version of Intel Management Engine/AMD Secure Technology. I wouldn't be surprised if the vulnerabilities in those is what spurred DARPA to create this program.
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
In other words, a government sanctioned version of Intel Management Engine/AMD Secure Technology. I wouldn't be surprised if the vulnerabilities in those is what spurred DARPA to create this program.
What they need is a platform built form the ground up that is code-compatible, but not code-dependent or code-vulnerable with current systems. Perhaps using a trinary code set instead of binary.

The real future of data security is, ironically, in the past. Data systems of critical concern need to be taken offline permanently and the feed and reteival information completely manual after strict vetting.
 

Fourstaff

Moderator
Staff member
Joined
Nov 29, 2009
Messages
10,020 (1.91/day)
Location
Home
System Name Orange! // ItchyHands
Processor 3570K // 10400F
Motherboard ASRock z77 Extreme4 // TUF Gaming B460M-Plus
Cooling Stock // Stock
Memory 2x4Gb 1600Mhz CL9 Corsair XMS3 // 2x8Gb 3200 Mhz XPG D41
Video Card(s) Sapphire Nitro+ RX 570 // Asus TUF RTX 2070
Storage Samsung 840 250Gb // SX8200 480GB
Display(s) LG 22EA53VQ // Philips 275M QHD
Case NZXT Phantom 410 Black/Orange // Tecware Forge M
Power Supply Corsair CXM500w // CM MWE 600w
Data systems of critical concern need to be taken offline permanently and the feed and reteival information completely manual after strict vetting.
Once you take data offline, it becomes quite a hassle to access on a regular basis though. I would very much like to see a secure system with the convenience of accessing it almost instantly.
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
Once you take data offline, it becomes quite a hassle to access on a regular basis though. I would very much like to see a secure system with the convenience of accessing it almost instantly.
That would be nice. The reality though is that anytime you connect anything to the internet, it becomes inherently insecure to some degree. A completely isolated system might be cumbersome, but it is unhackable unless you are physically present, a condition which can be strictly controlled. An alternate solution is to have scheduled connection access, IE a system which is only connected at scheduled times and is then physically disconnected after. Or variation of that, a system which can be connected "on-demand" whereby those with clearence to connect and access use a form of secured communication to request connection, do the work needed and then disconnect upon completion.
 
Joined
Apr 16, 2010
Messages
3,455 (0.68/day)
Location
Portugal
System Name LenovoⓇ ThinkPad™ T430
Processor IntelⓇ Core™ i5-3210M processor (2 cores, 2.50GHz, 3MB cache), Intel Turbo Boost™ 2.0 (3.10GHz), HT™
Motherboard Lenovo 2344 (Mobile Intel QM77 Express Chipset)
Cooling Single-pipe heatsink + Delta fan
Memory 2x 8GB KingstonⓇ HyperX™ Impact 2133MHz DDR3L SO-DIMM
Video Card(s) Intel HD Graphics™ 4000 (GPU clk: 1100MHz, vRAM clk: 1066MHz)
Storage SamsungⓇ 860 EVO mSATA (250GB) + 850 EVO (500GB) SATA
Display(s) 14.0" (355mm) HD (1366x768) color, anti-glare, LED backlight, 200 nits, 16:9 aspect ratio, 300:1 co
Case ThinkPad Roll Cage (one-piece magnesium frame)
Audio Device(s) HD Audio, RealtekⓇ ALC3202 codec, DolbyⓇ Advanced Audio™ v2 / stereo speakers, 1W x 2
Power Supply ThinkPad 65W AC Adapter + ThinkPad Battery 70++ (9-cell)
Mouse TrackPointⓇ pointing device + UltraNav™, wide touchpad below keyboard + ThinkLight™
Keyboard 6-row, 84-key, ThinkVantage button, spill-resistant, multimedia Fn keys, LED backlight (PT Layout)
Software MicrosoftⓇ WindowsⓇ 10 x86-64 (22H2)
Hardware-based security also means hardware-based exploits/backdoors like we've seen with Intel's ME recently (and with various SoCs).
Allegations like "provides a future-proof solution" must always be said to secure funding, but have been rendered null since forever because such is the nature of technology (be it security or feature-wise).
It might provide some level of novel security over what exists right now, be government approved and whatever, but not making it air-gapped alone makes it fully vulnerable, for example.
Also, no software patching means hardware revisions and field replacements. I'm sure the USA's government (or any other) funding can take care of that... :rolleyes:
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
In other words, a government sanctioned version of Intel Management Engine/AMD Secure Technology. I wouldn't be surprised if the vulnerabilities in those is what spurred DARPA to create this program.

That's my first thought.

Unless they fully release the ASIC hardwares FPGA source, I won't trust it. And even then, I'm skeptical that's what's getting put in the chip.
 
Top