Cybersecurity researchers are developing a new CPU named Morpheus that turns a PC into a complex puzzle to prevent attackers from hacking the system.
Designed by researchers at the University of Michigan, the new processor took part in a U.S. Defense Advanced Research Program Agency (DARPA) program called Security Integrated Through Hardware and firmware (SSITH). During a trial, 580 cybersecurity researchers spent 13,000 hours trying to hack into the CPU, and every one of them failed.
- Windows 10 has a secret anti-ransomware feature — switch it on now
- The best laptop deals in May 2021
- Best laptops in 2021
As seen in an interview with Michigan professor of electrical engineering and computer science Todd Austin on IEEE Spectrum (via BGR), Morpheus is a secure CPU that "makes the computer into a puzzle that happens to compute."
Austin states the CPU would have stopped past side-channel attacks including the Spectre and Meltdown hacks a few years ago, along with other hacks that rely on pointers and code.
The professor explains how “undefined semantics” are used to bewilder attackers but ensure things seem normal for the casual programmer.
"Think about driving a car: The defined semantics of your car are that it has a steering wheel; it has a left/right blinker; it may have a stick shift depending on the kind of car; it has as an on-off button," Austin explains. "Once you know those basic features, you can drive your car. The undefined semantics are: Is it four cylinders or six cylinders? Does it run on diesel or electric? Does it have ABS braking or non-ABS braking? Attackers need to know all that underlying stuff.
The processor uses a cipher named Simon as its key mechanism for cryptography. Encryption changes happen every 100 milliseconds, making it nearly impossible for hackers to attempt to infiltrate the chips.
However, Austin also states the CPU currently would not be able to stop more sophisticated attacks such as hacks done via web browser — like the recent zero-day flaw found on Google Chrome. That said, he states it can prevent "the crown jewels of vulnerabilities" such as remote code execution (RCE).
While the CPU is still in development, other CPU processors from Intel, AMD and Apple's M1 chip could take a few design cues from it. For a better look at how Morpheus works, check out Austin's full interview.