A team from UC Santa Barbara (UCSB) are looking to address the issue of single, targeted attacks where cyber criminals control and manipulate several nodes in a network.

Professor Dmitri Strukov of UCSB and his team intend to place an extra layer of security on Internet-and Bluetooth-enabled devices, with a technology that aims to prevent cloning – the practice by which nodes in a network are replicated and then used to launch attacks from within the network.

Prof. Strukov describes it as a chip that deploys ionic memristor technology – an analog memory hardware solution to a digital problem.

"You can think of it as a black box," says Prof. Strukov. "Hardware-intrinsic security primitives enabled by analogue state and nonlinear conductance variations in integrated memristors.”

Due to its nature, Prof. Strukov claims the chip is physically ‘unclonable’ and can render a device invulnerable to hijacking, counterfeiting or replication by cyber criminals.

Key to this technology is the memristor, or memory resistor – an electrical resistance switch that can ‘remember’ its state of resistance based on its history of applied voltage and current. Not only can memristors can change their outputs in response to their histories, but each memristor, due to the physical structure of its material, also is unique in its response to applied voltage and current. Therefore, as Prof. Strukov explains, a circuit made of memristors results in a “black box”, with outputs extremely difficult to predict based on the inputs.

"The idea is that it's hard to predict, and because it's hard to predict, it's hard to reproduce," Strukov contends. The multitude of possible inputs can result in at least as many outputs – the more memristors, the more possibilities. Running each would take more time than an attacker may reasonably have to clone one device, let alone a network of them.

The researchers explain that their memristive black box can circumvent machine learning-enabled hacking, where artificial intelligence technology is trained to ‘learn’ and model inputs and outputs, then predict the next sequence based on its model.

"For instance, if you have 2 million outputs and the attacker sees 10,000 or 20,000 of these outputs, he can, based on that, train a model that can copy the system afterwards," explains Hussein Nili, the paper's lead author. According to the team, the black box makes the relationship between inputs and outputs look random enough to the outside world even as the circuits' internal mechanisms are repeatable enough to be reliable. "It has to look random, but it should also be deterministic," Nili adds.

Prof. Strukov and his team are now investigating whether there will be any drifts in the characteristics over time. They also are developing ‘strong’ security paths that require larger memristive circuits and additional techniques – suitable for sensitive military equipment or highly classified information. Along with creating ‘weak’ paths geared towards consumer electronics and everyday gadgets – situations in which it would likely not be worth an attacker's time to spend hours or days hacking into a device.