In recent years, computer hardware has faced an ever-evolving variety of cyberattacks that aim to access privileged information or take over a system’s operations. Unfortunately, academia has had trouble keeping pace, offering few – if any – courses that prepare students to make use of next-generation cybersecurity tools. One young researcher is trying to change that, and his course may be the blueprint for similar efforts elsewhere.
“There are many kinds of attacks that take advantage of hardware vulnerabilities and that have garnered widespread attention – from side channel attacks that can steal encryption keys to micro-architectural attacks, such as Spectre and Meltdown,” says Aydin Aysu, creator of the novel cryptographic hardware design course and an assistant professor in NC State’s Department of Electrical and Computer Engineering.
“At the same time, academic and private sector researchers are constantly working to develop new tools to secure hardware from these attacks,” Aysu says. “Many universities are doing a good job of teaching students about the established security tools and theory, but I’m not aware of any other classes that focus explicitly on giving students experience using the up-and-coming security algorithms and techniques that will prepare them to tackle emerging threats – and will be relevant five or ten years from now.”
Since Aysu didn’t see this work being taught elsewhere, he decided to create his own course. He taught it for the first time in fall 2018, and had no trouble finding students who were interested.
“We had to increase the class size in order to meet the demand,” Aysu says.
The class addressed the full range of hardware security threats, but what set it apart was its focus on post-quantum cryptosystems – which are at the leading edge of hardware security systems.
“The big challenge on the horizon is quantum computing,” Aysu says. “The concern is that when quantum computing systems become a publicly-available reality – which many people think will be soon – then those quantum computers will be able to crack the cryptographic systems in widespread use today.”
To address security challenges associated with quantum computing, many researchers in the public and private sectors are working to develop post-quantum cryptosystems. But even after they are developed, it will take time to standardize and deploy such systems.
“This is where our course comes in,” Aysu says. “We want to be sure that students are not only familiar with emerging tools, but are comfortable implementing them efficiently and securely. They are going to have to do it, so we need to start teaching them now.”
Aysu presented a paper outlining the course at the GLS-VLSI tech conference in Washington, D.C., in early May. After his presentation, Aysu was approached by university and private sector experts who had questions about developing similar courses elsewhere.
“The cybersecurity talent gap is an obvious problem, and the response I got was that there need to be more courses like this one,” Aysu says. “My goal is to give people an outline for developing similar courses. It’s not just about deciding to teach the subject – you need to have the relevant infrastructure and materials to give students hands-on experience.
“That’s what this paper is about: the challenges and necessity of adequately training the next generation of cryptographic hardware engineers.”
Aysu is already working on ways to improve the course for his on-campus students in Raleigh (he’s teaching the course again in fall 2019), but he thinks the obvious next step is to take the course online.
“That’s how you can scale this up to reach the number of students we really need to reach.”