Department of Electrical and Computer Engineering

Iowa State Students Win “Hardware Hacking” Cyber Security Contest

 

Contacts:
Joseph Zambreno, ECpE Assistant Professor, (515) 294-3312, zambrenoiastate.edu
Dana Schmidt, ECpE Communications Specialist, (515) 294-3071, schmidtdiastate.edu

Ames, Iowa – A group called the Orange Army is creating an electronic decoding (aka cryptographic) device that you believe is part of their long-term plan to destroy the human race. You work at the plant they’ve hired to fabricate their device and can stop their malicious plans, but only if you can place a Trojan—an undetectable piece of code—in their hardware.  

That scenario may seem far-fetched, but it’s exactly the situation five Iowa State University electrical and computer engineering students faced when they competed in and won a national cyber security competition at the Polytechnic Institute of New York University (an affiliate of NYU, formerly called Brooklyn Polytechnic) in mid October.  

The group’s faculty adviser, Assistant Professor Joseph Zambreno, who is researching secure hardware and software platforms, says the contest’s scenario of directly embedding a Trojan in hardware is sort of “James Bond-like,” but securing hardware is becoming a hot topic for researchers and the U.S. Department of Defense (DOD). Because the electronic chips in devices the DOD uses are no longer all made on American soil, the DOD is becoming increasingly interested in learning about Trojans in hardware, not just in traditional software-based Trojans.  In fact, according to an article in the Institute of Electrical and Electronics Engineers’ (IEEE) trade publication, IEEE Spectrum, the DOD even began implementing a certification process at commercial chip plants in the United States in 2004 to create a network of trusted foundries for producing electronics that go into the military’s equipment, helping reduce the risk of having a Trojan embedded into their devices.

“The goal of the competition’s project was somewhat ‘spy-related.’ The Trojan circuit is intended to look innocuous, but can be designed to secretly leak information, function incorrectly, or stop the device from working altogether,” Zambreno says. “It says a lot about the strength of our program here at Iowa State that our team was able to come out on top.”

Several weeks before the competition started, Zambreno set out to find what he calls a group of “mad scientist types” who were willing to creatively attack the problem. The five students Zambreno found included three on-campus—Alex Baumgarten, Michael Steffen, and Matt Clausman—and two distance education graduate students.

“We started meeting once a week, throwing crazy ideas against the wall,” Zambreno says. “A couple weeks before the competition, we took the top ideas and implemented them. The team had a breadth of attacks, and a great write-up and presentation.”

Steffen says although the team considered several ways to leak out private information from a hardware design, the team designed eight Trojans to implement at the competition.

Clausman says the team had to be very covert with its attacks, since the Trojans couldn’t be detected by a typical end user, which is why two of their attacks relied on AM radio frequency and LED lights.

“We modulated a pin located on the FPGA board [the target device contest organizers provided] in such a way that it would create audible beeps when listened to on a specific AM frequency,” says Baumgarten. “Under normal operations, a user wouldn’t detect anything abnormal.”

The group’s Trojan was successful, allowing the device to function as expected until an AM radio was brought into the room tuned to a specific frequency. When tuned to the right frequency, a set of beeps similar to Morse code leaked the secret encryption key.

For the LED light Trojan, the student team fashioned an LED light that flickered faster than the eye could see on the FPGA.

“This meant that the LED appeared to be on or lit up, but was actually turning on and off thousands of times a second,” Baumgarten says. “By varying the speed between two different rates that are faster than the eye can perceive, we could convey bits of the secret key using a special circuit we created.”

In the end, the team’s weeks of work preparing for the competition paid off.  The Iowa State team beat teams from Carnegie Mellon University, Hoftstra University, the Rochester Institute of Technology, University of Arkansas, University of Illinois at Urbana-Champaign, Virginia Tech, and Yale University, among others, to secure a win at the competition.

-30-

---