Tyler O'Neal, Staff Editor ACADEMIA

KU researcher wins NSF grant to develop hardware-cybersecurity education program

Phishing attacks, malware, distributed denial-of-service (DDoS) attacks, zero-day exploits. Many commonly reported cyberattacks focus on computer software vulnerabilities. But what about computer hardware? As complex global supply chains are stressed by the pandemic, risks increase of corporate or state espionage via hardware, such as malicious “trojan” circuits hidden on a motherboard by a shady third-party vendor.

Now, a new effort based at the University of Kansas School of Engineering aims to design course modules to train students in building and maintaining more secure computer hardware. The work is supported by a $400,000 grant from the National Science Foundation’s Secure and Trustworthy Cyberspace (SaTC) program. Of that, $163,000 will come to KU.

“When we think about cybersecurity, we think about software and network security, but hardware has become an important aspect of security — especially because the supply chain of electronic devices has become globalized,” said Tamzidul Hoque, principal investigator of the new grant and assistant professor of electrical engineering & computer science at KU. “Today, hardware is designed and manufactured by a number of different vendors, not just one specific vendor. For example, the Apple iPhone that you are using has components from untrusted vendors all over the world — that means security of the hardware is very critical.” Tamzidul Hoque, assistant professor of electrical engineering & computer science, discusses a simulation of hardware attacks with his graduate and undergraduate mentees. Hogue will manage KU's portion of a $400,000 grant from the National Science Foundation to design course modules that train college students to build and maintain more secure computer hardware. CREDIT Tamzidul Hoque

Yet, most college and university curricula for electrical and computer engineering and computer science focus on software security rather than hardware security.

“Some universities are trying to offer courses so that students get training on hardware security and then can join the industry,” Hoque said. “But the problem is these courses are often hard to propose or develop by institutions that don’t have a lot of resources. You need to hire a faculty member who’s an expert on hardware security to develop such a new course — and because these courses are usually elective courses, only a few students take them.”

Hoque and his colleagues, Swarup Bhunia of the University of Florida and Tauhidur Rahman of Florida International University, plan to change this by developing course modules on hardware security that can plug seamlessly into existing courses. Once the modules are tested and evaluated at their own institutions, the team plans to offer them free to colleges and universities across the United States. The team considers it as a new paradigm of cybersecurity education that enables the foundational training on security, without offering a new course.

Their efforts could result in a new generation of computer engineers trained to build more secure computer equipment and detect the hardware that may be compromised or counterfeit.

“We want to include fundamental concepts of hardware security into existing core hardware design courses such as digital system design and embedded systems that are taken by all the students in a program,” Hoque said. “In that way, we can disseminate the concept of hardware security to everyone, without offering a new course. This integration of the basic concepts into existing courses could motivate many students to choose a career path in hardware security — in that case, they can take more advanced courses in future.”

Over the next three years, Hoque and his collaborators will design the modules and integrate them into classes already offered at their institutions: Embedded Systems at KU, Digital Logic at FIU, and Digital Systems at UF.

The modules the team will develop and implement in classrooms will encompass six critical hardware-security topics:

  • ·    Reverse engineering
  • ·    IP protection through obfuscation
  • ·    Hardware Trojan attacks
  • ·    Physical unclonable functions
  • ·    Bus snooping
  • ·    Side-channel attacks.

The modules will be internally evaluated by students, senior faculty, and the principal investigators themselves — and also evaluated externally by industry experts from firms like Cisco, Intel, Apple, and AMD.

According to Hoque, implementing the hardware-security modules into courses taken by all students in computer engineering and computer science programs also will boost the number of students from underrepresented groups who could pursue hardware-security careers.

“In general, the science and technology field has a very limited number of participants from underrepresented groups — and that’s particularly true for hardware security, where there are even fewer participants from those groups,” he said. “When we integrate these security concepts into a core course taken by all students, we automatically include students from underrepresented groups. As they learn something about hardware security, that will automatically enhance their participation in this security area in the future. For example, when it’s time to do a senior design project, a lot of them might do a senior design project on hardware security. Or, some might be planning to go to graduate school — and they’ll also consider pursuing research on hardware security because they learned interesting concepts when they took these core courses.”

What’s more, the development of the hardware-cybersecurity modules will support graduate students at all three institutions.

“Each institution will have one graduate student working throughout the project,” Hoque said. “They’ll be helping in the process of developing the course content and also helping when we offer the core courses in obtaining student feedback to see how the students are performing — especially if they’re facing difficulty in coping with these new concepts. This feedback will be used to improve the content in the subsequent semesters.”

The KU researcher said the introduction of hardware-security concepts into more general computer hardware courses should strengthen students’ grasp of the original core ideas central to those courses.

“When we integrate the security concept, it doesn’t make it difficult for students to learn the actual concept which was supposed to be taught in the course,” Hoque said. “We’ll integrate the security concepts into the original design concepts in a seamless manner. For example, when we teach a design concept, we’ll also give students some type of exercise to strengthen their understanding. Now, in our security integrated modules, we’ll teach that original concept — but when we give them an exercise, we’ll make it security-oriented.”

COVID-19 origins still a mystery

Tyler O'Neal, Staff Editor ACADEMIA

Study finds virus was 'highly human adapted'

Scientists using supercomputer modeling to study SARS-CoV-2, the virus that caused the COVID-19 pandemic, have discovered the virus is most ideally adapted to infect human cells - rather than bat or pangolin cells, again raising questions of its origin.

Australian scientists have described how they used high-performance computer modeling of the form of the SARS-CoV-2 virus at the beginning of the pandemic to predict its ability to infect humans and a range of 12 domestic and exotic animals.

Their work aimed to help identify any intermediate animal vector that may have played a role in transmitting a bat virus to humans, and to understand any risk posed by the susceptibilities of companion animals such as cats and dogs, and commercial animals like cows, sheep, pigs, and horses. Professor Nikolai Petrovsky, Flinders University.

From Flinders University and La Trobe University, the scientists used genomic data from the 12 animal species to painstakingly build computer models of the key ACE2 protein receptors for each species. These models were then used to calculate the strength of binding of the SARS-CoV-2 spike protein to each species' ACE2 receptor.

Surprisingly, the results showed that SARS-CoV-2 bound to ACE2 on human cells more tightly than any of the tested animal species, including bats and pangolins. If one of the animal species tested was the origin, it would normally be expected to show the highest binding to the virus.

"Humans showed the strongest spike binding, consistent with the high susceptibility to the virus, but very surprised if an animal was the initial source of the infection in humans," says La Trobe University Professor David Winkler.

"The computer modeling found the virus's ability to bind to the bat ACE2 protein was poor relative to its ability to bind human cells. This argues against the virus being transmitted directly from bats to humans. Hence, if the virus has a natural source, it could only have come to humans via an intermediary species which has yet to be found," says Flinders affiliated Professor Nikolai Petrovsky.

The team's supercomputer modeling shows the SARS-CoV-2 virus also bound relatively strongly to ACE2 from pangolins, a rare exotic ant-eater found in some parts of South-East Asia with occasional instances of use as food or traditional medicines. Professor Winkler says pangolins showed the highest spike binding energy of all the animals the study looked at - significantly higher than bats, monkeys and snakes.

"While it was incorrectly suggested early in the pandemic by some scientists that they had found SARS-CoV-2 in pangolins, this was due to a misunderstanding and this claim was rapidly retracted as the pangolin coronavirus they described had less than 90% genetic similarity to SARS-CoV-2 and hence could not be its ancestor," Professor Petrovsky says.

However, this study and others have shown that the specific part of the pangolin coronavirus spike protein that binds ACE2 was almost identical to that of the SARS-CoV-2 spike protein.

"This sharing of the almost identical spike protein almost certainly explains why SARS-CoV-2 binds so well to pangolin ACE2. Pangolin and SARS-CoV-2 spike proteins may have evolved similarities through a process of convergent evolution, genetic recombination between viruses, or through genetic engineering, with no current way to distinguish between these possibilities," Professor Petrovsky says.

"Overall, putting aside the intriguing pangolin ACE2 results, our study showed that the COVID-19 virus was very well adapted to infect humans."

"We also deduced that some domesticated animals like cats, dogs, and cows are likely to be susceptible to SARS-CoV-2 infection too," Professor Winkler adds. Professor David Winkler, La Trobe University, Australia.

The extremely important and open question of how the virus came to infect humans has two main explanations currently. The virus may have passed to humans from bats through an intermediary animal yet to be found (zoonotic origin), but it cannot yet be excluded that it was released accidentally from a virology lab. A thorough scientific, evidence-based investigation is needed to determine which of these explanations is correct.

How and where the SARS-CoV-2 virus adapted to become such an effective human pathogen remains a mystery. The researchers conclude, adding that finding the origins of the disease will help protect humanity against future coronavirus pandemics.

Peking University Professor Zhang Pingwen honored as SIAM Fellow

Tyler O'Neal, Staff Editor ACADEMIA

On March 31, Society for Industrial and Applied Mathematics (SIAM) announced the 2020 Class of SIAM Fellows. These distinguished members were nominated for their exemplary research as well as outstanding service to the community. Through their contributions, SIAM Fellows help advance the fields of applied mathematics and computational science. Professor Zhang Pingwen from the School of Mathematical Sciences, Peking University is inducted for his contributions in complex fluids modeling, multiscale analysis, and adaptive grid supercomputation. Professor Zhang is the only member to be elected this year among all faculty members from universities on the Chinese mainland.

Zhang Pingwen, vice president of Peking University and professor of the School of Mathematical Sciences, has published more than 100 papers in journals like JAMS, SINUM and PRL. His research interests include modeling and simulation of soft matter (complex fluids), applied analysis and numerical analysis, moving mesh methods and applications. Professor Zhang Pingwen from Peking University{module INSIDE STORY}

SIAM was incorporated in 1952 as a nonprofit organization to convey useful mathematical knowledge to other professionals who could implement mathematical theory for practical, industrial, or scientific use.