A professor and a group of graduate students at UM spent six years building Morpheus, a computer chip that sought to defeat the sort of cyberattacks that threaten Americans every day, from banking and financial systems to computer security and medical data.
The UM chip was put to the test from June through August in a competition called FETT (finding exploits to thwart tampering) from the U.S. Department of Defense.
More than 500 hackers were offered up to $50,000 to try to crack Morpheus in a mock medical database.
None succeeded.
"What our chip does is it actually protects software from hacking," said Todd Austin, the professor who led the project.
"Computer security is not in a very good state. It seems like there's the attackers and the protectors, and the attackers definitely have the upper hand right now. ... The goal is to try and stop people from hacking into databases and stealing sensitive information."
Because of Morpheus' success in thwarting the hackers, Austin and a colleague plan to pursue efforts to turn the chip into a commercial venture that can benefit companies and perhaps consumers.
According to UM, the Defense Advanced Research Projects Agency, known as DARPA, partnered with the Department of Defense's Defense Digital Service and Synack, a crowdsourced security platform, to conduct FETT.
"Winning a DARPA competition is a big deal," said James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies, a Washington, D.C., think tank. It shows the technology has the potential to make it in the real world, perhaps on a larger-scale basis.
Cyberattacks have plagued governments, companies and enterprises for years. The attacks are increasing, though often under-reported, according to ISACA, an international association focused on information technology governance.
In 2015, the UM team started to work with DARPA to design and develop a computer chip and test its security.
More than 500 hackers around the world were offered up to $50,000 last summer by DARPA to crack UM's computer chip and four others.
Not one of the cybersecurity researchers was able to get into the Morpheus system, thanks to technology that allows the computer chip to change its coding every time it senses an attack.
"What's really unique about Morpheus is it can stop attacks that it doesn't know about," Austin said. "If it thinks someone's attacking, it starts changing really, really quickly ... and that makes it hard for attackers because one thing attackers need to do, they need to understand how the system is built."
It was named for its attributes: the ability to morph whenever there is a cyberattack.
Austin said the idea came from the human immune system. Whenever the human body realizes a virus has entered, the immune system immediately goes into a specialized attack to tryto get rid of it.
Morpheus also goes into defense mode under attack. Instead of the research team creating one stagnant defense for a very specific cyberattack, as most computer chips do, Morpheus changes its coding every 100th millisecond whenever it senses an attack, making it almost impossible for a hacker to have time to learn its technology.
"What was really nice about working with DARPA is they put in all the money to incentivize all these attackers to test our security claims and, in the end, nobody was able to penetrate Morpheus," Austin said.
Four other institutions participated in the program: the Massachusetts Institute of Technology; the University of Cambridge in England; nonprofit tech institute SRI International; and defense contractor Lockheed Martin.
DARPA did not release the results of how each participant's computer chip held up against the hackers, though participants could announce the results themselves. The agency said overall, hackers found 10 vulnerabilities. None of those came from Morpheus.
But for Morpheus to have a real-world impact, the UM researchers need to commercialize the technology, Lewis said.
The challenges of getting Morpheus into real-world applications are two-fold, according to security experts.
"The ... first is you have to commercialize it. If it's just a research project, it won't get us anywhere," Lewis said. "The second issue is scale. ... It will still take some time before it shows up in enough devices to make a difference, but there's a big demand for this stuff. Everyone's tired of being hacked."
Austin said Morpheus has the potential to help industries protect information on databases such as emails and logins to medical and financial information.
He and another UM computer science and engineering professor, Valeria Bertacco, started Agita Labs to continue to advance Morpheus and seek to commercialize it.
There have been discussions with Amazon and Microsoft to use Morpheus to protect cloud space, Austin said.
"I'm excited to see how Morpheus evolves now that it has proven itself in FETT and as security becomes a more and more pressing challenge in the tech world," Austin said.
"We are adapting the technology to protect the most sensitive data in the cloud, including medical and genomic data, biometrics and financial credentials."
(c)2021 The Detroit News Distributed by Tribune Content Agency, LLC.
