Pages

31 May 2014

DARPA’s Four Big Things

Posted on May 28, 2014 by jtozer

When it comes to cyber security, the Defense Department has their work cut out for them. Hackers, adversaries, network security breaches, information obfuscation and confiscation – these are just a few of the constant threats to our military and government networks. In defense against these dangers, DARPA is doing their part to ensure network protection and information security.

And they’re using FOUR BIG THINGS to do it.
(DoD graphic illustration by Jessica L. Tozer/Released)

These four revolutionary programs will teach computers to think and learn. They will stop hackers in their digital tracks. They’re going to make the future more exciting, and more innovative, than ever before.

“I really think there are two wars that are happening,” says Dan Kaufman, DARPA’s Information Innovation Office director. “The one war, which we’re sort of familiar with [is] the kinetic war. On the network warfare, I think it’s sort of a new war. It’s this crossover between criminal organizations and terrorists organizations.”

So let’s talk cyber warfare.

When you hear about cyber stuff, most people tend to think about their PC, or their home computer system. That’s obviously important, but it’s not even the half of it. In fact, about 98% of microprocessors are embedded, Dan says.

“Think about it: everything in the world today has a computer. Your phone, your TV, your insulin pumps, all our weapons systems. These are all computerized and DARPA sees huge promise in it. We get these wonderful benefits from network technology.”

But how are they going to protect these systems? So glad you asked…

The FIRST BIG THING is called HACMS (pronounced like “Hack ’ems”). It stands for High-assurance Cyber Military Systems.

“Think about computers,” Dan says. “A computer is the only thing that we buy today where the day you buy it, it’s fundamentally broken.”

What he means by that is this:

When you buy your computer, one of the first things they tell you is to “go home and patch it.”
“Well okay,” you might say, “but didn’t I just pay you three-thousand dollars?”
So you patch it, and you say, “Now it’s fixed.”
And they say “No, next Tuesday there will be more patches.”
You say, “Will it ever be fixed?”
They say “No.”

That’s a little bit crazy, don’t you think? DARPA does, too.

“If you think about this even broader,” Dan continues, “how are we going to apply that type of a security model to anything? The 7th fleet. 10th mountain. You know, ‘Can you all come home for Patch Tuesday’? It doesn’t make a whole lot of sense.”

To this, DARPA has an idea. What if they could actually make a computer that’s safe from the get-go? Designed with security in mind. One that hackers would actually notbe able to get into? Novel idea, sure, but not possible, right?

Wrong.

“We’re just starting to build that,” Dan says. “[HACMS is designed] to make all your vehicles and everything safe.”

But even if HACMS is successful in making safe computers, not everything is going to be made with that technology. How they’re going to scale that system up to computers is admittedly not clear yet. The next step in the plan, however, involves computer antivirus.

That brings us to BIG THING TWO. It’s called the Cyber Grand Challenge.

This is how antivirus programs work today: Every program has a big list of all badness (the technical term, I’m led to believe). The attackers come in, look at this badness list and if the software recognizes the threat it blocks that threat. If it doesn’t recognize the threat, then the virus comes through. It’s fundamentally, and unfortunately, flawed in that sense.

“People are infinitely clever, so the things that come through are almost never on the list, and so that’s why we’re vulnerable,” Dan says.

To deal with this, DARPA wants to create a piece of software that is so smart it could actually go head-to-head with the best hackers in the world. Actually sit there and catch those threats at the entry point. You know, actually make your system safe.

“And before you laugh too much,” Dan says confidently, “we know that this was considered impossible in chess. Back in the 1970s, there was this idea that computers could never play a chess champion, and we had to set up an all-computer chess league. But then after seven years, we beat a grand master. A year after that, we beat [Garry] Kasparov. From then on, humans play for second place.”

But that’s only chess, right? Just a game. Computers couldn’t possibly do a human endeavor. Like Jeopardy.

“Just ask Ken Jennings how well he does [against Watson],” Dan points out.

But that’s not all. DARPA is taking this idea to the next level. The big leagues, if you will.

There’s a conference in Las Vegas called DEF CON, the biggest hacker conference in the world. They play this huge tournament called “capture the flag”. DARPA seeks to emulate this tournament. As a matter of fact, they’re working on that at this very moment.

“One day we imagine that we will enter a tournament like that,” Dan says, “and then hackers too, will fall.”

Which brings me to BIG THING THREE. I call it “Computer Individuality”.

Attackers always have the advantage. Why? Because one attack hits millions of our machines. Most people have either a Mac or a PC. We run almost all the same applications, so one attack can hit many, many of us.

So DARPA gets to ask, “What if you could make every computer different?”

If you made every computer unique, antivirus programs could work much like human immune systems, Dan says. Sure, they function similarly, but our immune systems work for us individually. This is why we all didn’t get wiped out by the bubonic plague.

Imagine if the human race faced an epidemic with a networked immune system. It would not have worked out well for us. But, if every computer was different –distinctive – it would make attacks much harder to accomplish on a broad scale. The attacker would, essentially, need a special attack for every computer.

“What if we went even further?” Dan asks. “What if the attack that worked yesterday didn’t work today because we mutated over time.”

Basically, what if the computer could learn to fend off cyber attacks like our bodies learn to fend off certain viruses? That would be, well, revolutionary. Sounds great, right?

Sure, unless you’re an IT person.

The IT people are looking at this and thinking, “So let me get this straight, DARPA. I have a hard time managing my network today, and your plan is to give me all completely different computers?”

To you, DARPA is saying, “Yes, but we think we can do it at the low-level where attackers come in.”

This means that things at the high level, like where you would use Word or Office or PowerPoint, would stay exactly the same. So essentially it would be easy to maintain, and yet it would be completely different for everybody.

And here comes the FOURTH BIG THING.

The coup de grâce, if you will. “If you’re in the cyber world you always want to believe that there’s a cyber-answer, but at DARPA you can ask brave and scary questions like, well, ‘What if we can’t succeed?’”

Good question. What if the plans fail? What if the attackers find a way in our system, or supply chain, regardless of all the efforts to stop them?

To handle this, DARPA is working on an incredible way to revolutionize encrypting data. One that might actually keep secure data from being seen by the wrong people.

Here’s the problem with normal encryption: You take a piece of data and encrypt it. It gets sent down the wire to a different computer and then decrypted. A function is performed on it, and then the data re-encrypted and sent back.

“Well that sounds fine except that, obviously, if somebody owns that other box, when you decrypted it they just saw it,” Dan points out.

How does DARPA propose we deal with this problem? It starts by attempting to make the impossible…possible.

“There was this crazy idea in the seventies called fully homomorphic encryption,” Dan explains. “It sounds very fancy but it’s a simple idea. Impossible to do, but a simple idea: take a piece of data and encrypt it. Send it down the wire, never decrypt it. Still perform the function on it, and then send it back. At no point would it be decrypted.”

Computer scientists thought it sounded crazy. The theory itself was considered ludicrous…Until 2009, when a Stanford professor, Dr. Craig Gentry, proved that mathematically it was possible.

“We have a program that we have been working on called PROCEED. What we’re trying to do with that is to make fully homomorphic encryption fast enough. Right now it works but it’s so slow you would never in a million years want to use it. We’re trying to get it fast enough so that we can use it.”

DARPA is using FOUR BIG THINGS to get to a place where the DoD can be comfortable in cyberspace. Where there’s a sense that we’re at least relatively protected. Whether that involves one, two or all four of their big things is yet to be seen, but one thing is for sure.

It’s game on for cyber warfare, and DARPA is starting to seriously hit back.

Jessica L. Tozer is a blogger for DoDLive and Armed with Science. She is an Army veteran and an avid science fiction fan, both of which contribute to her enthusiasm for science and technology in the military.

Follow Armed with Science on Facebook and Twitter!

Disclaimer: The appearance of hyperlinks does not constitute endorsement by the Department of Defense of this website or the information, products or services contained therein. For other than authorized activities such as military exchanges and Morale, Welfare and Recreation sites, the Department of Defense does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DOD website.

No comments:

Post a Comment