DARPA Believes the Future of Security to be in Additional Processing Hardware

Raevenlord · Dec 26, 2017

DARPA seems to be taking to heart engineer and cyber-security experts' opinions that hardware-based security would be the best security. The Defense Advanced Research Agency (DARPA), which has appeared in every other sci-fi war movie, has started its System Security Integrated through Hardware and Firmware (SSITH) program, with an initial kick worth $3.6 million to the University of Michigan. The objective? To develop "unhackable" systems, with hardware-based security solutions that become impervious to most software exploits.

Electrical Engineering and Computer Science (EECS) of the University of Michigan Professor Todd Austin, lead researcher on the project, says his team's approach, currently code-named Morpheus, achieves hack-proof hardware by "changing the internal codes once a second". Austin likens Morpheus' defenses to requiring a would-be attacker to solve a new Rubik's Cube every second to crack the chip's security. In this way, the architecture should provide the maximum possible protection against intrusions, including hacks that exploit zero-day vulnerabilities, or those that cybersecurity experts have yet to discover. Morpheus thereby provides a future-proof solution, Austin said. "This race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software," SSITH program manager Linton Salmon of the Agency's Microsystems Technology Office.

This approach is a far cry from the usual "patch and pray" philosophy: "To break this cycle and thwart both today's and tomorrow's software attacks, the SSITH program challenges researchers to design security directly at the hardware architecture level," said Salmon. "Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today's software attacks."

The final Morpheus hardware will actually be a hardware version of the Morpheus algorithm that the University of Michigan has already developed, and bases its security chops by constantly changing the location of the protective firmware with hardware - hardware that also constantly scrambles the location of stored, encrypted passwords. A solution that's already being employed in software as of today; however, Austin believes that moving software efforts to a hardware-based solution can eliminate all classes of known vulnerabilities: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection.

Austin said that Morpheus will provide a future-proof solution for cybersecurity, though it's uncertain whether or not this confidence applies to the advent of quantum computing. Whether or not a hardware-solution based on conventional physics is enough to stop a quantum-based computer still remains contested in the field, but DARPA, and the University of Michigan, seem to have their ideas on the subject.

View at TechPowerUp Main Site

FordGT90Concept · Dec 26, 2017

In other words, a government sanctioned version of Intel Management Engine/AMD Secure Technology. I wouldn't be surprised if the vulnerabilities in those is what spurred DARPA to create this program.

lexluthermiester · Dec 27, 2017

FordGT90Concept said:
In other words, a government sanctioned version of Intel Management Engine/AMD Secure Technology. I wouldn't be surprised if the vulnerabilities in those is what spurred DARPA to create this program.

What they need is a platform built form the ground up that is code-compatible, but not code-dependent or code-vulnerable with current systems. Perhaps using a trinary code set instead of binary.

The real future of data security is, ironically, in the past. Data systems of critical concern need to be taken offline permanently and the feed and reteival information completely manual after strict vetting.

Fourstaff · Dec 27, 2017

lexluthermiester said:
Data systems of critical concern need to be taken offline permanently and the feed and reteival information completely manual after strict vetting.

Once you take data offline, it becomes quite a hassle to access on a regular basis though. I would very much like to see a secure system with the convenience of accessing it almost instantly.

lexluthermiester · Dec 27, 2017

Fourstaff said:
Once you take data offline, it becomes quite a hassle to access on a regular basis though. I would very much like to see a secure system with the convenience of accessing it almost instantly.

That would be nice. The reality though is that anytime you connect anything to the internet, it becomes inherently insecure to some degree. A completely isolated system might be cumbersome, but it is unhackable unless you are physically present, a condition which can be strictly controlled. An alternate solution is to have scheduled connection access, IE a system which is only connected at scheduled times and is then physically disconnected after. Or variation of that, a system which can be connected "on-demand" whereby those with clearence to connect and access use a form of secured communication to request connection, do the work needed and then disconnect upon completion.

_JP_ · Dec 27, 2017

Hardware-based security also means hardware-based exploits/backdoors like we've seen with Intel's ME recently (and with various SoCs).
Allegations like "provides a future-proof solution" must always be said to secure funding, but have been rendered null since forever because such is the nature of technology (be it security or feature-wise).
It might provide some level of novel security over what exists right now, be government approved and whatever, but not making it air-gapped alone makes it fully vulnerable, for example.
Also, no software patching means hardware revisions and field replacements. I'm sure the USA's government (or any other) funding can take care of that... :rolleyes:

R-T-B · Dec 27, 2017

FordGT90Concept said:
In other words, a government sanctioned version of Intel Management Engine/AMD Secure Technology. I wouldn't be surprised if the vulnerabilities in those is what spurred DARPA to create this program.

That's my first thought.

Unless they fully release the ASIC hardwares FPGA source, I won't trust it. And even then, I'm skeptical that's what's getting put in the chip.

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	BY-2021
Processor	AMD Ryzen 7 5800X (65w eco profile)
Motherboard	MSI B550 Gaming Plus
Cooling	Scythe Mugen (rev 5)
Memory	2 x Kingston HyperX DDR4-3200 32 GiB
Video Card(s)	AMD Radeon RX 7900 XT
Storage	Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM
Display(s)	Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI)
Case	Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay
Audio Device(s)	Realtek ALC1150, Micca OriGen+
Power Supply	Enermax Platimax 850w
Mouse	Nixeus REVEL-X
Keyboard	Tesoro Excalibur
Software	Windows 10 Home 64-bit
Benchmark Scores	Faster than the tortoise; slower than the hare.

System Name	Orange! // ItchyHands
Processor	3570K // 10400F
Motherboard	ASRock z77 Extreme4 // TUF Gaming B460M-Plus
Cooling	Stock // Stock
Memory	2x4Gb 1600Mhz CL9 Corsair XMS3 // 2x8Gb 3200 Mhz XPG D41
Video Card(s)	Sapphire Nitro+ RX 570 // Asus TUF RTX 2070
Storage	Samsung 840 250Gb // SX8200 480GB
Display(s)	LG 22EA53VQ // Philips 275M QHD
Case	NZXT Phantom 410 Black/Orange // Tecware Forge M
Power Supply	Corsair CXM500w // CM MWE 600w

System Name	LenovoⓇ ThinkPad™ T430
Processor	IntelⓇ Core™ i5-3210M processor (2 cores, 2.50GHz, 3MB cache), Intel Turbo Boost™ 2.0 (3.10GHz), HT™
Motherboard	Lenovo 2344 (Mobile Intel QM77 Express Chipset)
Cooling	Single-pipe heatsink + Delta fan
Memory	2x 8GB KingstonⓇ HyperX™ Impact 2133MHz DDR3L SO-DIMM
Video Card(s)	Intel HD Graphics™ 4000 (GPU clk: 1100MHz, vRAM clk: 1066MHz)
Storage	SamsungⓇ 860 EVO mSATA (250GB) + 850 EVO (500GB) SATA
Display(s)	14.0" (355mm) HD (1366x768) color, anti-glare, LED backlight, 200 nits, 16:9 aspect ratio, 300:1 co
Case	ThinkPad Roll Cage (one-piece magnesium frame)
Audio Device(s)	HD Audio, RealtekⓇ ALC3202 codec, DolbyⓇ Advanced Audio™ v2 / stereo speakers, 1W x 2
Power Supply	ThinkPad 65W AC Adapter + ThinkPad Battery 70++ (9-cell)
Mouse	TrackPointⓇ pointing device + UltraNav™, wide touchpad below keyboard + ThinkLight™
Keyboard	6-row, 84-key, ThinkVantage button, spill-resistant, multimedia Fn keys, LED backlight (PT Layout)
Software	MicrosoftⓇ WindowsⓇ 10 x86-64 (22H2)

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK)
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64, other office machines run Windows 11 Enterprise

DARPA Believes the Future of Security to be in Additional Processing Hardware

Raevenlord

News Editor

FordGT90Concept

"I go fast!1!11!1!"

lexluthermiester

Fourstaff

Moderator

lexluthermiester

_JP_

R-T-B