As Yier Jin GRD ’12 and Nathan Kupp GRD ’12 found out in November, sometimes you can be too successful.
The duo designed a computer chip that was so effective at detecting harmful programs called Trojans that none of their competitors dared attack the chip, faculty advisor Yiorgos Makris said. In the end, Jin and Kupp placed third and won $300 at the Embedded Systems Challenge, held at the Polytechnic Institute of NYU. The team from NYU-Poly won first place and the team from Vanderbilt University won second place at the competition.
According to the contest rules, each team was sent a set of computer code that would transmit an encrypted message. After modifying the code to detect potential attacks, the teams then uploaded their results to a shared network. The teams then tried to install Trojans to steal the key to the encrypted message. Teams would gain a point for a successfully stealing the file or two points for stopping an attack. But if a team’s attack failed, it would be penalized a point.
The scoring placed more weight on defense to reflect the comparative ease of launching an attack, NYU professor and event co-organizer Ramesh Karri said.
Because the Yale team modified the format of its code through an automated program rather than manually, it discouraged other teams from trying to discover the weaknesses of the Yale team’s chip because it was not readable by humans, said NYU graduate student Kurt Rosenfeld, the event’s other organizer. Since teams gained the most points by defending against attacks, the fact that no one attacked the Yale team’s chip made it hard for Jin and Kupp to win points, he added.
“People looked at Yale’s code and basically concluded that they couldn’t understand it well enough to feel safe attacking it,” Rosenfeld said. He added that the Yale team’s technique resembled methods used by professional programmers to protect their intellectual property.
Jin and Kupp said they entered the contest because cyber security is a new field with many professional applications.
For household computers, Trojans contained in Internet downloads and other software are very efficient at stealing information and causing damage, Kupp said. However, Trojans built directly into hardware such as computer chips, which the team tried to ward off in the contest, are even more difficult to detect. Hardware Trojans are a threat to information on credit cards, Makris said. But they can also be used to protect national security by deactivating stolen weaponry, for example, Kupp said.
“We need to come up with benchmarks for detecting Trojans and understanding ways of attacking these defenses,” Karri said. “People usually say our systems are safe until it is too late.”
While November’s contest focused on Trojans attacking a set of computer code, each stage of production for a computer chip offers an opportunity for someone to add a Trojan, Makris said.
“Thirty years ago, a chip was typically designed and built in one country,” Makris said. “Today, it could be designed in India, produced in Taiwan and tested in China.”
Jin said contests such as the Embedded Systems Challenge offer opportunities for academic research about hardware Trojans to become more commercially applicable. Currently, defending against software Trojans is cheaper, he said.
“Software has been around long enough for people to be able to use it very effectively,” Jin said. “But for hardware, the barrier to enter the field is quite high for both sides.”
Markis said growing government spending for research about hardware Trojans shows the field has serious potential.