Ozgur Sinanoglu is obsessed with computer chips — a passion born at age 10 when his father brought home a Commodore 64. Now 42 and the associate dean of engineering at New York University Abu Dhabi, Sinanoglu claims that he and his colleagues have designed an unhackable chip. Given last year’s Meltdown and Spectre — security flaws that researchers are calling catastrophic because they could affect nearly every computer chip manufactured in the past 20 years — producing a chip capable of repelling attacks would restore peace of mind to everyone from government agencies to private companies.
Sinanoglu, director of the Design for Excellence Lab at NYU Abu Dhabi, is not the first to make the claim. Because chips combined in central processing units (CPUs) are essentially the brains of computers, savvy engineers around the world have come up with all manner of tricks to keep hackers at bay. And most designs ultimately join the ranks of “good effort, but not good enough.” In 2010, former U.S. Army computer specialist Christopher Tarnovsky hacked into Infineon’s allegedly unhackable SLE66 CL PE chip used in PCs, gaming consoles and e-cards. Granted, he used a $70,000 electron microscope, tiny conductive needles and acid to siphon off critical data, but the point was made: not unhackable.
What sets Sinanoglu apart — besides his roughly 20 issued or pending patents — are his heavyweight backers, from the National Science Foundation to the U.S. Department of Defense, which is supporting his research through its Defense Advanced Research Projects Agency (DARPA). Boasting a 15-page résumé of academic accomplishments, the Turkish engineer is most concerned with chips fabricated in foundries, or “fabs,” where designers can’t monitor the manufacturing process. When chips are fabricated at these third-party facilities, can we really trust the end result? No, Sinanoglu asserts, making it critical that we add defenses to make them resistant to theft or tampering by those seeking financial gain, so-called hacktivists or nefarious state actors.
After analyzing the myriad threats, Sinanoglu and his team added locks to their chip that are comparable to computer passwords except that they’re made up of a unique combination of binary code (0’s and 1’s). Fortheir first design, released in fall 2017, the team added logic, or processing information, to obscure the design. Only people with a special key could hack into the chip and replicate, steal or tamper with it. The NYU team issued a public invitation to hackers to hack away — a move that turned out to be premature. By October, they realized the logic they’d added gave away information about the key. Sure enough, the following April, a group from China’s Wuhan University hacked the chip.
Humbled but not disheartened, Sinanoglu set to work again. As he recounts what came next, he becomes visibly animated, his speech speeding up. The team revisited its process, posing new questions and finding stealthier paths to protecting the chip. Their conclusion? They needed to strip out all logic and leave no structural traces. Hackers could identify the chip design, but they would have no sense of its logic or functionality without the special key of 0’s and 1’s. The functionality, says Sinanoglu, is buried in the secret key.They unveiled the subtractive version of their chip in December 2018, and once again invited hackers to have at it. Since then, Sinanoglu says, no one has found the key.
As steeped as he is in cybersecurity now, Sinanoglu started on a different course. As a Ph.D. student in computer engineering at the University of California, San Diego, he was keenly interested in the environmental factors and manufacturing defects that affect chip functionality. After graduating in 2004, he took a job with Qualcomm, a huge multinational chipmaker, as a senior design and test engineer. Then, in 2006, with a new baby and wishing to be closer to his family in Turkey, he accepted an offer to teach computer science at Kuwait University. That gig ended in 2010 with a new job that would change the trajectory of Sinanoglu’s career.
Hired as a visiting assistant professor under the guidance of Ramesh Karri, a professor of electrical and computer engineering at NYU’s Tandon School of Engineering, Sinanoglu got hooked on the challenge of staying ahead of bad actors with malicious intent. “It’s a whole different game,” he says, one that requires constantly outpacing hackers’ creativity and intelligence. “It’s actually a more fun game,” he’s quick to add with a grin.
Karri says that most people in cybersecurity — himself included — are “a little more cautious”than his colleaguesabout claiming the existence of an unhackable chip. But “if anybody can make one, it’s Ozgur and JV,” he says, referring to Jeyavijayan “JV” Rajendran, an assistant professor of electrical and computer engineering at Texas A&M University who’s working closely with Sinanoglu on the DARPA project. But Dan Goldberg, founder of Castlerock Cyber Security and an information security consultant in Virginia, expresses skepticism that anything “as complex as a microprocessor or general purpose computing device” can be truly unhackable.
For starters, Goldberg worries about key discipline: Who has access to the key and what happens when that access is revoked? Could a spurned employee exact revenge? What if the key is lost?Goldberg’s approach is to design networks and systems that follow a “defense in-depth” model. “If a malicious actor gets access to one aspect of the system, they don’t immediately have access to everything,” he explains. Sinanoglu acknowledges that, for now, they can only secure their chip at the hardware layer, but when the hardware is compromised, the whole system is compromised — which is why he considers his team’s latest iteration the unhackable ideal he has been working toward for most of his life.
Sinanoglu clearly recalls the day in Izmir when his father, a petroleum engineer, presented him with that ancient 8-bit home computer. His younger brother, Yigit, who works as a product control manager in Switzerland, says Ozgur was glued to the device, and his competitive drive (nurtured by a natural aptitude for sports) pushed him to master every detail. “Whatever he was doing, he wanted to beat the other guys,” Yigit recalls. The “other guys” now in his sights are bad actors in the chip business.
Assuming his new design withstands scrutiny, Sinanoglu plans to deploy the technology more widely, making it both scalable and practical. Can this competitive computer nerd thwart the world’s hackers? The jury’s still out, but listening to him, it’s easy to believe the future of chip security is now.