Students to hack hardware, software and data to build security skills

Mar 19, 2014

Come fall, students at Case Western Reserve University and Cleveland State University will begin hacking computers—for credit.

Each university is offering the first of three courses in a new curriculum in which engineering and students will learn how to break into—and then protect—hardware, software and data. The goal is for students to understand how they can then protect their own, or their employer's, computers from viruses, phishing attacks, so-called Trojan horses and other .

"We're doing a lot of computer security research, but we've failed in the need to educate and train students—the future users, developers and controllers of these systems," said Swarup Bhunia, associate professor of electrical engineering and computer science at Case Western Reserve, who will teach the hardware security class here.

Bhunia teamed with Cleveland State colleagues Sanchita Mal-Sarkar, associate lecturer of computer and information science, and Chansu Yu, chair of electrical and computer engineering, to devise a curriculum that is among the first comprehensive cybersecurity education programs in the country offered to undergraduates. The universities plan to offer versions of the courses to graduate students as well.

"The curriculum is comprehensive and uses a hands-on teaching approach to learning software, hardware, network and information security," Mal-Sarkar said. Cyber attacks, she explained, differ in each arena.

The National Science Foundation awarded a total of $200,000 in grants to the researchers to develop and support the courses.

The scale of the world's cybersecurity problems has become daily news, from the theft of millions of Target customers' personal data to the infiltration of The New York Times computer systems for four months.

The public, businesses and governments are increasingly vulnerable.

Experts estimate that as many as one in 14 downloads from the Internet carry a virus or . The global electronic piracy market is estimated at more than $1 billion per day, according to the VSI Alliance, which set standards for intellectual property protection in the electronics industry, in 2000.

Hardware was thought to be the safe haven of the digital world, but that was proved wrong when the United States military found more than 1 million counterfeit electronic components, including chips embedded with Trojan circuits, in a review of supply chains in 2009 and 2010.

And Computerworld magazine reported last fall that a team of security researchers from the U.S. and Europe showed that integrated circuits used in computers, military equipment and other critical systems can be compromised during the manufacturing process through virtually undetectable changes made in transistors—the switches used in logic circuits.

"Chips, boards and circuits are often made overseas," Yu said. "The military, government and businesses have expressed concern over their lack of control of the ."

The courses will teach students how to analyze, validate and build secure computer hardware and systems.

In all three courses, students will perform about a dozen hands-on experiments that will show them how and where the systems are vulnerable and how they can be protected.

Pairs of students will each be given a circuit board to hack. For example, they may be assigned to hack communications between the memory and processor. If they can hack into the system, they can snoop—see what information is being passed from one to the other. The students may be asked to hack in and introduce a "time bomb" or spy in the hardware, or infect software with malicious code.

If they can hack it, they can figure out how to protect it, Bhunia said. "We agreed this is the best way to learn," he said.

Yu and Mal-Sarkar plan to team-teach the first course in computer science and electrical and computer engineering departments at CSU this fall.

After completing each course, will finish with a grand project called "Can You Hack It?" in which teams will challenge each other in hacking and protecting a system.

Explore further: States face health law cybersecurity challenges

add to favorites email to friend print save as pdf

Related Stories

States face health law cybersecurity challenges

Feb 25, 2014

(AP)—Security experts working for the government on the rollout of President Barack Obama's health care law worried that state computer systems could become a back door for hackers.

Platform would protect smartphones from cyber criminals

Mar 06, 2014

Criminals don't have to pick your pocket to get what they want out of your mobile. But a certifiably secure operating platform is being developed by Swedish researchers so that consumers can be confident that their mobile ...

Calling all girls: Coding is cool!

Jan 14, 2014

The San Diego Supercomputer Center (SDSC) at the University of California, San Diego, in a partnership with other local universities and industry support groups, is launching a non-profit collaborative community program aimed ...

Recommended for you

What's causing the recent string of data breaches?

16 hours ago

It's Cyber Security Awareness month, which has me wondering: are we doing all we can to protect our data? To help answer this question, I sat down with Girish Bhat of Wave Systems—an important collaborator of Micron's—to ...

Court: UK spies get bulk access to NSA data

Oct 29, 2014

The British government's insistence that its spies don't use the vast espionage powers of the U.S. National Security Agency to sidestep U.K. restrictions on domestic eavesdropping was called into question by a court document ...

Georgia Tech releases 2015 Emerging Cyber Threats Report

Oct 29, 2014

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspac ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.