The past 3 years or so in the world of cybersecurity have really made clear that hackers have expanded their reach and capability in a big way over that time, and it’s fair to say that cyber security interests have struggled to keep pace in protecting digital interests from being hacked into. The single individual doesn’t have as much to worry about when it comes to being hacked as a business or large enterprise does, but that doesn’t mean that they should be unconcerned.
Here at 4GoodHosting we’re like any other good Canadian web hosting provider in that making sure our servers are as secure as possible, but when also know that we’ve got it pretty good in comparison to some others who have way, way more in the way of data that needs to be protected. Researchers have been stepping up their efforts to keep hackers more in check, and that’s a very good thing.
Specifically what’s happened recently is they’ve found a way to use chaos to help create digital fingerprints for electronic devices that may be so thoroughly unique that even the most sophisticated hackers can’t get past them. And that’s based on just the sheer volume of possible combinations that will be possible meaning it would take an incomprehensibly long time to go through and try every one of them.
How long? Well, we’ll get to that as we move further into discussing this very interesting development in web security.
That Long!
It’s believed that these Chaos fingerprints ahave so many layers of unique patterning to them that it would take longer than the lifetime of the universe to test for every possible combination available. Behind all of this is an emerging technology called physically unclonable functions – PUFs - which are built into computer chips.
We’re not quite there yet, but it’s possible that these new PUFs could possibly be used to create super-secure ID cards and reliably track goods in supply chains and as part of authentication applications. Ones where it is vital to know the individual you’re communicating or sharing information with is legit. The recent SolarWinds hack on the US Gov’t has really prompted interest groups to stop being complacent here and find much more reliable cyber security methods and approaches.
The key feature with PUFs here is that there are tiny manufacturing variations found in each computer chip, and they’re ones that are so small they aren't something the end user is going to notice. Often the variations are only seen at the atomic level, and in industry logo they’re starting to become known as ‘secrets’.
More Secrets Required
The shortcoming with current PUFs is that they only contain a limited number of secrets. Ones with anywhere between 1,000 or up to a million aren’t enough to prevent a hacker from getting it right if they’re got the will to persevere and eventually find their way in. Ones that have the right technology and enough time can figure out all the secrets on the chip.
But now it’s believed that chaos makes it possible to have an uncountably large number of secrets layered on top of each other, with so many of them and such unique detail between them that it’s going to be way too much of a challenge for even the most capable hackers.
What’s Chaos Then?
Right, before we go any further we need to define briefly what ‘chaos’ is when it comes to superconductor chips. A basic definition is when the output of a semiconductor laser and its parameters are tweaked – often by modulating the electric current pumping the laser or by feeding back some of the laser's light from an external mirror – to make the overall laser output chaotic and unpredictable.
Unpredictable is the key word there, there’s nothing in the way of patterns or logic to be determined, and so the hackers standard effective approaches aren’t effective anymore.
The recent noteworthy developments with all of this have been researchers creating a complex network in their PUFs using a web of randomly interconnected logic gates. By taking two electric signals and using them to create a new signal, a repeating variance pattern is established and the layers become increasingly unique and undecipherable.
This then amplifies the small manufacturing variations found on the chip. Every slight difference amplified by chaos generates an entirely new set of possible outcomes, and the layers then start to come in waves with each new one making it even more difficulty for a hacker to operate successfully.
Just Right
One thing that’s important with this new advance is to know just what’s the right amount of chaos to be implementing. It’s important to have chaos running for the right length of time, too little and you won’t get the security level you’re after, and too long and things then become way too chaotic.
It’s estimated that these new PUFs are capable of creating more than 1000 secrets EACH. That works out to even if a hacker could crack one secret every microsecond it would still take them about 20 billion years to crack every one of them factored into that single microchip.
The protection is far reaching too. Machine learning attacks, including deep learning-based methods and model-based attacks, all failed when put to the tests against these new digital fingerprints. The hope is that PUFs like this could massively enhance security against even the most sophisticated and well-armed hacker attacks that are backed up with a lot of computer resources.
It will be interesting to see how pervasive this cybersecurity technology becomes, but it’s easy to see how it would immediately appeal to Federal Governments in particular. And we can probably safely assume with widespread adoption it will be frustrating more than a few residents in the world’s geographically largest country.