Students to hack hardware, software and data to build security skills

Mar 19, 2014

Come fall, students at Case Western Reserve University and Cleveland State University will begin hacking computers—for credit.

Each university is offering the first of three courses in a new curriculum in which engineering and students will learn how to break into—and then protect—hardware, software and data. The goal is for students to understand how they can then protect their own, or their employer's, computers from viruses, phishing attacks, so-called Trojan horses and other .

"We're doing a lot of computer security research, but we've failed in the need to educate and train students—the future users, developers and controllers of these systems," said Swarup Bhunia, associate professor of electrical engineering and computer science at Case Western Reserve, who will teach the hardware security class here.

Bhunia teamed with Cleveland State colleagues Sanchita Mal-Sarkar, associate lecturer of computer and information science, and Chansu Yu, chair of electrical and computer engineering, to devise a curriculum that is among the first comprehensive cybersecurity education programs in the country offered to undergraduates. The universities plan to offer versions of the courses to graduate students as well.

"The curriculum is comprehensive and uses a hands-on teaching approach to learning software, hardware, network and information security," Mal-Sarkar said. Cyber attacks, she explained, differ in each arena.

The National Science Foundation awarded a total of $200,000 in grants to the researchers to develop and support the courses.

The scale of the world's cybersecurity problems has become daily news, from the theft of millions of Target customers' personal data to the infiltration of The New York Times computer systems for four months.

The public, businesses and governments are increasingly vulnerable.

Experts estimate that as many as one in 14 downloads from the Internet carry a virus or . The global electronic piracy market is estimated at more than $1 billion per day, according to the VSI Alliance, which set standards for intellectual property protection in the electronics industry, in 2000.

Hardware was thought to be the safe haven of the digital world, but that was proved wrong when the United States military found more than 1 million counterfeit electronic components, including chips embedded with Trojan circuits, in a review of supply chains in 2009 and 2010.

And Computerworld magazine reported last fall that a team of security researchers from the U.S. and Europe showed that integrated circuits used in computers, military equipment and other critical systems can be compromised during the manufacturing process through virtually undetectable changes made in transistors—the switches used in logic circuits.

"Chips, boards and circuits are often made overseas," Yu said. "The military, government and businesses have expressed concern over their lack of control of the ."

The courses will teach students how to analyze, validate and build secure computer hardware and systems.

In all three courses, students will perform about a dozen hands-on experiments that will show them how and where the systems are vulnerable and how they can be protected.

Pairs of students will each be given a circuit board to hack. For example, they may be assigned to hack communications between the memory and processor. If they can hack into the system, they can snoop—see what information is being passed from one to the other. The students may be asked to hack in and introduce a "time bomb" or spy in the hardware, or infect software with malicious code.

If they can hack it, they can figure out how to protect it, Bhunia said. "We agreed this is the best way to learn," he said.

Yu and Mal-Sarkar plan to team-teach the first course in computer science and electrical and computer engineering departments at CSU this fall.

After completing each course, will finish with a grand project called "Can You Hack It?" in which teams will challenge each other in hacking and protecting a system.

Explore further: States face health law cybersecurity challenges

add to favorites email to friend print save as pdf

Related Stories

States face health law cybersecurity challenges

Feb 25, 2014

(AP)—Security experts working for the government on the rollout of President Barack Obama's health care law worried that state computer systems could become a back door for hackers.

Platform would protect smartphones from cyber criminals

Mar 06, 2014

Criminals don't have to pick your pocket to get what they want out of your mobile. But a certifiably secure operating platform is being developed by Swedish researchers so that consumers can be confident that their mobile ...

Calling all girls: Coding is cool!

Jan 14, 2014

The San Diego Supercomputer Center (SDSC) at the University of California, San Diego, in a partnership with other local universities and industry support groups, is launching a non-profit collaborative community program aimed ...

Recommended for you

Apple sees iCloud attacks; China hack reported

9 hours ago

Apple said Tuesday its iCloud server has been the target of "intermittent" attacks, hours after a security blog said Chinese authorities had been trying to hack into the system.

HP supercomputer at NREL garners top honor

12 hours ago

A supercomputer created by Hewlett-Packard (HP) and the Energy Department's National Renewable Energy Laboratory (NREL) that uses warm water to cool its servers, and then re-uses that water to heat its building, has been ...

User comments : 0