Proteus: A Morpheus II Extension for System-Level Moving-Target Defense and Key-Exposure Hardening
Conference
Knickerbocker, J, Hasan, SR, Hilal, A et al. (2026). Proteus: A Morpheus II Extension for System-Level Moving-Target Defense and Key-Exposure Hardening
. PROCEEDINGS OF THE SEVENTEENTH INTERNATIONAL SYMPOSIUM ON QUALITY ELECTRONIC DESIGN ISQED 2016, 10.1109/ISQED69900.2026.11534731
Knickerbocker, J, Hasan, SR, Hilal, A et al. (2026). Proteus: A Morpheus II Extension for System-Level Moving-Target Defense and Key-Exposure Hardening
. PROCEEDINGS OF THE SEVENTEENTH INTERNATIONAL SYMPOSIUM ON QUALITY ELECTRONIC DESIGN ISQED 2016, 10.1109/ISQED69900.2026.11534731
Lightweight block ciphers, such as SIMON, are widely used in embedded and Internet of Things (IoT) systems that must balance security with limited hardware and energy budgets. The Morpheus II processor employs a 12-round SIMON core to protect architectural metadata and support moving-target defense (MTD). However, the core encrypts only at startup or upon fault detection, leaving long intervals where ciphertext in memory remains static. In Supervisory Control and Data Acquisition (SCADA)-connected IoT devices, adversaries with read and write access to main memory can exploit these intervals to analyze or manipulate encrypted state, leaving Morpheus II vulnerable to prolonged observation and control-flow manipulation. This work modifies the Morpheus II encryption core to reintroduce proactive churn, making Morpheus II suitable for IoT environments. The modified core, called Proteus, retains SIMON's Feistel structure and key schedule but replaces its fixed round function with predefined rotation sets selected by a system-controlled perepoch schedule. Rotation sets can be mapped to memory regions, enabling cipher-level MTD. Initial cryptanalysis evaluation shows configuration-dependent improvements in differential behavior relative to the 12 -round SIMON baseline, at a modest cost of area and performance.
