UoM creates 'unhackable' chip

[off wave surfer]

Summary

 

 A University of Michigan team has created and tested a purportedly unhackable chip.

 

Put to the test in a DARPA sponsored bug bounty, against 500+ hackers for 3 months, it remained secure.

 

'Morpheus' Block Diagram

 

Quotes

Quote

The U-M blog says Todd Austin was the team’s leader – he is the university's S. Jack Hu Collegiate Professor of Computer Science and Engineering. Trying to describe the chip's hack-proofing strategy in layman's terms Austin asks us to "Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink. That’s what hackers are up against with Morpheus," he asserted. "It makes the computer an unsolvable puzzle".

 

My thoughts

This is fairly topical given all the news about Nvidia's 'unhackable' mining limiters. Although this might have more truth to it, 500+ hackers trying for 3 months doesn't definitively mean 'unhackable' but it's impressive all the same.

And it makes me wonder if big tech companies will adopt 'unhackable' as a marketing buzz word now.

 

It also reminds me of those stereotypical scenes in movies where a hacker type says "The [program/AI/Computer/etc] is rewriting itself!". With the caveat that 'Morpheus' doesn't rewrite itself so much as rescramble its data.

 

Finally, 'Morpheus' I suspect may end up like graphene. A really cool discovery/invention many potential applications, but no practical method of mass production/deployment.

 

Sources

Hexus

Original Research Paper

[DexterSmythe]

This is some awesome tech that I do not fully understand! Looks like the bug bounty was from DARPA for this chip.

[off wave surfer]

4 minutes ago, DexterSmythe said:

This is some awesome tech that I do not fully understand! Looks like the bug bounty was from DARPA for this chip.

Added that to summary, nice catch I somehow missed that when reading the original article.

[Vishera]

Everything can be cracked and hacked,the question is how difficult is it to do so?

[Murasaki]

10 minutes ago, Vishera said:

Everything can be cracked and hacked,the question is how difficult is it to do so?

More like give it time and/or the right person/people. 

[Doobeedoo]

Would be neat to see more about it.

[Justaphysicsnerd]

Calling something un-hackable is wrong, just a calling something bullet proof is wrong. If a group or an individual really wants the information they will get to it, it may take great amount of time. You can never prevent hacking, you can just make it harder for the hackers to do so.

[Sauron]

1 hour ago, off wave surfer said:

makes me wonder if big tech companies will adopt 'unhackable' as a marketing buzz word now.

As if they hadn't so far... it's not exclusive to electronics either, plenty of locks are marketed as "pick proof".

1 hour ago, off wave surfer said:

This is fairly topical given all the news about Nvidia's 'unhackable' mining limiters.

Not really because nvidia's limiter is just software and the hardware itself has no such protections.

 

The idea is interesting, I would be concerned about the performance overhead of something like this on a normal system though. I guess it all depends on where your priorities lie.

 

Unfortunately the weak link in he security chain remains the user - often the largest "hacks" are just the result of someone letting the attackers steal their password.

[Bombastinator]

I suspect nothing is truly unhackable much as no lock is truly inviolate. Extremely difficult and no one knows how to at the moment I would believe.  It’s not quite the same thing though.  People have been developing “unpickable” locks for many many hundreds of years.  Basically every system now used was considered at one point undefeatable.  Many have worked for a time. They always seem to fall eventually though.  The best created so far have been time locks.  No key at all. People have still gone around them though.  They have been defeated with EMP, social engineering, or even just digging.  Some years ago “waterproof” was removed from the lexicon of product descriptors and replaced with “water resistant” 

[thorhammerz]

1 hour ago, Sauron said:

I would be concerned about the performance overhead of something like this on a normal system though. I guess it all depends on where your priorities lie.

Those prioritizing security uber alles, are typically not too stingy with whether the IPC and/or clocks are running at last decade's i3 speeds (or the sticker price, for that matter) .

[Sauron]

1 hour ago, thorhammerz said:

Those prioritizing security uber alles, are typically not too stingy with whether the IPC and/or clocks are running at last decade's i3 speeds (or the sticker price, for that matter) .

Well sure but many scurity-sensitive deployments also have high performance requirements...

[Fasterthannothing]

Ok if I understand this incorrectly then feel free to jump in. From reading this it seems like the testers (or hackers whatever you call them) were going about cracking this the wrong way. This doesn't to me anyway seem all that impossible to crack. First you need to purposefully probe the system to draw out the churn and dector function on the chip. Then at that point you can work to isolate the churn and detector function from the rest of the chip. Once the churn and detector function is rendered useless then you can begin analyzing the rest of the chip and extract the information since the churn function will no longer be switching the data underneath at a faster and faster rate.

[Master Disaster]

There's a simple equation that applies here...

 

Enough demand + enough time = nothing is unhackable.

[kvuj]

20 minutes ago, Master Disaster said:

There's a simple equation that applies here...

 

Enough demand + enough time = nothing is unhackable.

seL4 and formal verification would like to have a word with you (microkernel used by US DoD, planes, autonomous cars, and various high security embedded usecases, mathematically proven to be free of bugs with formal proof) Here's the whitepaper.

 

Not a single CVE in all of its existence (12 years).

 

Though this characteristic can be nullified if the hardware gets attacked (spectre/meltdown). But with an equally secure chip, it could be possible to achieve security nirvana for extreme cases (military, government, satellites, etc).

 

Hardware is sadly much harder to protect, because the various interactions between subsytems are often so complex that new class of attacks appear long after a release.

[Bombastinator]

20 minutes ago, kvuj said:

seL4 and formal verification would like to have a word with you (microkernel used by US DoD, planes, autonomous cars, and various high security embedded usecases, mathematically proven to be free of bugs with formal proof) Here's the whitepaper.

 

Not a single CVE in all of its existence (12 years).

 

Though this characteristic can be nullified if the hardware gets attacked (spectre/meltdown). But with an equally secure chip, it could be possible to achieve security nirvana for extreme cases (military, government, satellites, etc).

 

Hardware is sadly much harder to protect, because the various interactions between subsytems are often so complex that new class of attacks appear long after a release.

What about 1200 years?  Time is what keeps a lot of stuff secure.  There are locks that can be cracked but it takes half an hour, so they put a guard on the area that checks every 20 minutes for example.  One of the more famous bank vault heists involved defeating a time lock.  Some hairdresser pulled it off.  Theoretically uncrackable.  No key at all. He dug for 6 months. Made a tunnel to the vault around the locked door.  The titanic really was unsinkable.  Didn’t help though.  People were so sure it was impervious that the systems used to MAKE it unsinkable got ignored.  Watertight doors were blocked open for convenience for example.

Edited March 12, 2021 by Bombastinator

[kvuj]

11 minutes ago, Bombastinator said:

What about 1200 years?  Time is what keeps a lot of stuff secure.  There are locks that can be cracked but it takes half an hour, so they put a guard on the area that checks every 20 minutes for example.  One of the more famous bank vault heists involved defeating a time lock.  Some hairdresser pulled it off.  He dug for 6 months. 

By then Quantum computers will probably break standard AES-256 easily, so we will have other stuff to worry about.

 

But what NICTA did, was program a kernel that is software bug free. They did so by:

- Restricting themselves to a small suset of C

- Converting it to mathematical expression with Isabelle (their own open source tool)

- Verify that those mathematical expressions were apart of a certain specification

- Verify that the binary produced by GCC is valid

 

As I said above, this means hardware is the only thing to worry about now (which admittedly is quite tricky).

 

The beauty of seL4 is that if you know it won't run random binaries, you can trust it, which is an awesome achievement. As soon as you get physical access, the game might as well be over for a variety of other reasons (booting a different, compromised OS, installing a trojan in hardware, messing with the firmware, etc).

[BuckGup]

Using words like unhackable and unsolvable in statements makes you look like a complete idiot as it's simply not true and when it does get broken your credibility takes a hit

[Bombastinator]

6 minutes ago, kvuj said:

By then Quantum computers will probably break standard AES-256 easily, so we will have other stuff to worry about.

 

But what NICTA did, was program a kernel that is software bug free. They did so by:

- Restricting themselves to a small suset of C

- Converting it to mathematical expression with Isabelle (their own open source tool)

- Verify that those mathematical expressions were apart of a certain specification

- Verify that the binary produced by GCC is valid

 

As I said above, this means hardware is the only thing to worry about now (which admittedly is quite tricky).

 

The beauty of seL4 is that if you know it won't run random binaries, you can trust it, which is an awesome achievement. As soon as you get physical access, the game might as well be over for a variety of other reasons (booting a different, compromised OS, installing a trojan in hardware, messing with the firmware, etc).

Bugs are an easier way to hack something, but it doesn’t make it impossible. Just a lot harder.

[CarlBar]

15 hours ago, Bombastinator said:

Bugs are an easier way to hack something, but it doesn’t make it impossible. Just a lot harder.

 

Indeed. Even the best software is of no use if the hardware has flaws, and vice versa. And it's not just about the presence of flaws, but also how easy to exploit they are. There's a huge difference between a vulnerability that just needs the ability to plug a flash drive, or equivalent depending on system type), into it for a few second or minutes and something that needs hours/days/or more of access by someone trained in using the necessary tools.

 

The former is much easier to do against even passably competent physical security than the later.

[Master Disaster]

16 hours ago, kvuj said:

seL4 and formal verification would like to have a word with you (microkernel used by US DoD, planes, autonomous cars, and various high security embedded usecases, mathematically proven to be free of bugs with formal proof) Here's the whitepaper.

 

Not a single CVE in all of its existence (12 years).

 

Though this characteristic can be nullified if the hardware gets attacked (spectre/meltdown). But with an equally secure chip, it could be possible to achieve security nirvana for extreme cases (military, government, satellites, etc).

 

Hardware is sadly much harder to protect, because the various interactions between subsytems are often so complex that new class of attacks appear long after a release.

As others have pointed out, all this means is nobody has thought of the correct solution yet. The ingenuity of criminals is amazing.

[JamesTheFolf]

4 hours ago, Master Disaster said:

As others have pointed out, all this means is nobody has thought of the correct solution yet. The ingenuity of criminals is amazing.

This is very true, look at all of Intel's vulnerabilities. They only came to light after a few years, once people had enough time to find a vulnerability. I'd like to see if this chip is still unhackable in a decade.