Researchers at the Johns Hopkins University and four other prominent institutions will spend the next five years trying to turn a theoretical "next-generation" form of encryption into a practical way to better protect software from hackers.
Hopkins, the University of California, Los Angeles, Stanford University, the University of Texas and Columbia University are forming the Center for Encrypted Functionalities through a $5 million grant from the National Science Foundation. They are exploring a strategy known as obfuscation, which can hide the inner workings of programs from outsiders.
Computer scientists say obfuscation could help add barriers for hackers, if not make programs "hack-proof" as Hopkins officials said Friday. But the technology is unwieldy for programmers to use practically, and it does nothing to fix other security holes like weak or compromised passwords and programming flaws.
"We have proofs of concept that it's possible, but it's far from practical," said Susan Hohenberger, an associate research professor of computer science at Hopkins who is leading the university's team. Obfuscation can make programs so large that they are slow to operate, for example, so "efficiency is a big goal," she said.
The idea behind obfuscation is that programmers can encrypt software in such a way that hackers can't reverse-engineer its code to copy it or to find flaws, but so that it still works seamlessly for users, without requiring them to do any decryption.
"You want to modify the program so that somebody else can run it, but they can't figure out anything about how the program is working," said Jonathan Katz, director of the Maryland Cybersecurity Center at the University of Maryland, College Park.
Hohenberger said the strategy could be enough to stop most hackers. Her research will focus on what a practical version of obfuscation could make possible in the future, like better versions of software designed for trial or limited use, she said.
Other researchers will be exploring obfuscation techniques.
"There is promise to this sort of technology, and it's not surprising to see NSF investing in this sort of research," said Richard Forno, assistant director of the University of Maryland, Baltimore County Center for Cybersecurity.
While the technology could, in theory, "raise the bar to make it more difficult for bad things to happen," it's not a guarantee of blocking hackers, he said.
"Will it be the end all, be all? I doubt that," Forno said. "There's always going to be some new vector of attack."