NORDTECH Workforce Development Highlight: AI-based Hardware Attack Challenge at NYU Cyber Security Awareness Week (CSAW)
Earlier this month, with the support and sponsorship of NORDTECH, the AI-Based Hardware Attack Challenge (AHA) debuted as a new competition at the CSAW‘24 event in downtown Brooklyn on November 8 and 9. Hosted by NYU Tandon, the competition tested the use of generative AI in hardware security by having participants automate the insertion of Trojans or backdoors into an open-source digital design (e.g., OpenTitan, Ariane, or a design from OpenCores).
CSAW drew about 300 attendees who watched presentations by 85 finalists. AHA Participants were encouraged to use and modify existing tools and frameworks as they saw fit, and points were awarded for subtle yet powerful exploits, creative AI usage, tool integration, and valid use-cases.
NORDTECH’s funding facilitated the addition of new resources and tools at the engagement, expanding the scope of CSAW to integrate AI-driven hardware attack simulations. Resulting vulnerabilities had to be able to be simulated simulatable and synthesizable and needed to demonstrate the effects of the added vulnerability (e.g., Hardware Common Weakness Enumeration and Common Vulnerability Scoring System). With NORDTECH’s support, the debut AHA Challenge aimed to attract a broader range of students, and participation is expected to grow in future years.
The new AHA challenge complemented the Embedded Security Challenge (CSAW ESC), the first and the largest hardware hacking competition in the world. Established in 2008 to identify gaps in the realm of hardware cyber security, ESC allows its student participants to play the role of a red team (attackers) or a blue team (defenders). Over the past 19 years, ESC has focused on a number of emerging hardware cyber security risks and generated a large pool of benchmarks for the hardware cyber security community, government, and industry partners. These benchmarks include 1000+ Trojans, 10+ Trojan detection techniques, several FPGA PUFs, several LLC attacks, and defenses. All these benchmarks are accessible online as part of www.trust-hub.org. In addition, the ESC has inspired a number of other hardware security challenges including Hack@Dac/Sec, a hardware-security contest focused on evaluating SoC/third-party IP cores, and two other CSAW competitions, the Logic Locking Conquest, which focuses on hardware IP protection, and Hack3D (https://www.csaw.io/hack3d), which focuses on security and trust issues in digital manufacturing.
The Northeast Regional Defense Technology Hub, or NORDTECH, was proud to support these efforts to facilitate more secure hardware. As a regional coalition of public and private sector experts in and around New York State and part of the U.S. Microelectronics Commons program, NORDTECH seeks to enable the related lab-to-fab continuum for the nation. NY CREATES, the University at Albany College of Nanotechnology, Science, and Engineering (CNSE), Cornell University, Rensselaer Polytechnic Institute (RPI), and IBM are the five founding members of the consortium.
About CSAW
Launched in 2003 by students of Professor Nasir Memon, the co-founder of NYU Tandon’s cybersecurity program, CSAW has evolved into the world’s most comprehensive student-run cybersecurity event. It now spans five global academic centers and has adapted to emerging threats and the rapid advancements of cyber technologies through new competitive challenges. As explained by Ramesh Karri, director of CSAW, founder of ESC and AHA, and co-founder of the NYU Center for Cybersecurity, “CSAW continues to evolve to keep pace with technologies, such as additive manufacturing, machine learning, and cloud-based AI. With each technological advancement, the threat landscape expands.” CSAW plays a crucial role in helping defenders stay updated with these changes, contributing to the development of awareness, proficiency, and innovation in the field of cybersecurity.
Now celebrating its 21st year, CSAW attracts the world’s brightest students—from high schoolers to doctoral candidates—and has sent more than 3,000 to its final competition rounds. Many of these finalists have gone on to make significant contributions to the cybersecurity field in both industry and academia over the last two decades. CSAW competitions have been supported and sponsored by various Federal and DoD organizations, including the US National Security Agency, the US Navy, US Army, US Air Force and the National Science Foundation. In addition, commercial and defense industrial base companies, such as IBM, Synopsis, Qualcomm, Intel, AMD, Siemens, Raytheon, Boeing, BAE Systems have also supported the event and/or its competitions.
For 2024, CSAW’24 offered a total of seven competitive challenges, which were complemented by a morning of Industry Talks and a Career Fair. These events provide valuable opportunities to engage with industry leaders and deepen participants' understanding of the latest developments at the intersection of cybersecurity, AI and hardware design. You can read more about this year’s edition of CSAW at https://www.csaw.io.
From Competitions to Classrooms: Workforce Development Impact
NYU is at the vanguard of hardware cyber security research and learning, with the CSAW competitions alone training more than 1,500 students during the past two decades. These competitions provide students with hands-on, experiential learning opportunities that develop critical problem-solving skills and technical competencies highly valued in industry. Students gain exposure to real-world security challenges and innovative AI-based solutions, cultivating adaptability and creativity that support their career readiness. More than 50 Institutions worldwide have taken part in ESC and its derivatives, and more than 20 institutions in the USA and globally use teaching materials generated by the competition. Women and under-represented minority students are encouraged to participate, and K-12 students have also been able to take part. More than 10 ESC participants have joined academia, and many have joined industry as full-time engineers, including 10+ at Intel alone. Others have had the opportunity to hold internships in hardware cyber security at Intel, ISI, SRI, and Qualcomm (10+).
Separately from the learning opportunities, competitions such as those at CSAW engender curricular materials that the hardware cyber security courses worldwide use. The lab on security assessment of cryptographic modules implemented on FPGAs to attack them using the scan debug ports and fault-injections. Another lab considers implementation and investigation of FPGA-based PUFs. The hardware Trojan lab investigates insertion and disclosure of Trojans. The malicious processor lab designs-in unadvertised features (besides the advertised one) yielding malicious processors. As part of the event, NYU distributed these materials, and academic institutions used them in their syllabi.