A Curious, New Hardware Fix for Cybersecurity Vulnerabilities

Jack Crosbie
MAY 10, 2018
memristor,memristor ucsb,cybersecurity hardware,hca news
Image has been cropped and resized. Courtesy of Brian Long/UCSB.

Cybersecurity is a constant arms race between bad actors and security researchers. As quickly as new programs or techniques come out, it seems, hackers find exploits around them. Recently, researchers at University of California, Santa Barbara (UCSB) announced that they may have an unorthodox method to prevent devices from cloning, a common hacking practice that creates a digital replication of a network and uses it to sabotage the original system.

The fix is called a memristor, and it’s not a program or code. Instead, it’s a physical object—a new format for computer chips that introduces a level of randomness to its design that makes any device using it very difficult to replicate. The paper, which was published in the March issue of Nature Electronics, refers to memristors as a kind of “black box,” impenetrable to cloning, hijacking, or replication.

The term itself, according to Dimitri Strukov, PhD, a computer science professor at UCSB and one of the paper’s authors, is a combination of the words “memory” and “resistor.” Strukov explained in a news release accompanying the study that memristors are a physical type of electrical resistance switch (a core component of any given computer circuit) that’s capable of “remembering” its state of resistance based on the history of voltage and current passing through it. Because of their unique structure, memristors can change how much current and voltage they output, adding another variable to the process. The more variables a computer network has, the harder it is to replicate.

>> LISTEN: Finding Orangeworm

"The idea is that it's hard to predict, and because it's hard to predict, it's hard to reproduce," Strukov said in the news release. Essentially, the unique memristors in a device would make it so difficult for a hacker to replicate (because they’d have to nail every unique variable in the system, not just figure out one pattern), it probably wouldn’t be time efficient to try to clone it.

It’s also particularly effective in beating machine-learning algorithms designed to clone or hijack complicated systems. In traditional systems, a hacker would only need to observe a portion of the inputs and outputs of a system, and a machine-learning algorithm could extrapolate the model and pattern being used to clone the device, as if it were guessing the next numbers in a simple 2, 4, 6, X pattern. With memristors, there are way too many variables to fill in those blanks.

The problem, lead study author Hussein Nili explained, is that memristors aren’t quite ready for widespread adoption yet. Nili told Healthcare Analytics News that major chip-making companies would have to put a lot of effort behind designing and fabricating integrated memristor circuits into their devices, scaling the technology and creating optimized, integrated arrays that link memristor systems to one another, forging “robust security primitives.”

“The big hurdle (as with any emerging technology), is to get large industry partners to commit resources to adopting the technology and creating systems around them,” Nili said in an email.

But when they do, it could completely change the landscape of personal and professional computing.

“The big idea is to have these circuits embedded in devices, chips, [etc.], to give them unique keys (or fingerprints) that are only theirs and can't be easily replicated,” Nili said.

Memristor devices would certify that the phone or computer you’re buying isn’t a counterfeit, or that the device accessing a wifi network is authorized (as opposed to a clone or impostor).

Nili said there’s a lot of research and development still to come. His team has filed several patents, but it’ll take a lot more resources and time before the technology is widespread.

“This is not a trivial task, but it is achievable,” Nili said. And in the future, it could make consumer and professional technology, like the systems every modern hospital network runs on, look much different.

Get the best insights in healthcare analytics directly to your inbox.

3 Things That Healthcare Must Understand About Cybersecurity
Is Blockchain the Answer to Healthcare’s Cybersecurity Concerns?
Survey: Healthcare Leads All Sectors (in Ransomware Infections)

Become a contributor