Abstract
There is growing concern about a cybersecurity skills gap nationwide, as an insufficient number of students are entering this field. Hence, innovative approaches to capacity building are required. We advocate an approach that taps into public awareness and usage of internet-of-things (IoT) devices, which constitute a major source of security vulnerabilities. There is increasing student curiosity about these devices, and a growing tinkering movement.
We tap into this zeitgeist by proposing educational courseware to give students hands-on laboratory experience in designing secure embedded systems. Our initial experience at offering this courseware on the Raspberry-Pi computing platform resulted in significant student interest and engagement. We propose building on this momentum by creating further laboratory exercises focused on IoT devices in the medical and healthcare domain. This is a rich domain for security applications due to patient privacy concerns, the need to secure medical devices, and the need to share patient medical records.
The newly proposed labs will deploy RFID and barcodes to tag medical devices used in hospitals, sensors to measure patient vitals, biometrics to identify patients, and blockchain to create immutable patient records. These labs can be easily implemented with cheap sensors on the Raspberry-Pi platform, and can be replicated easily. By using this approach, we can build a national talent pool in the area of secure embedded devices.
We are in the process of developing these proposed labs. We plan to test them in a classroom setting in Fall 2019. Upon successful testing, we plan to release our labs to interested institutions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
American Association for the Advancement of Science, “Achieving Systemic Change: A Sourcebook for Advancing and Funding Undergraduate STEM Education,” Ed. C. Fry. Association of American Colleges and Universities (2014). http://www.aacu.org/sites/default/files/files/publications/EPKALSourcebook.pdf
Rao, A.R., Dave, R.: Developing hands-on laboratory exercises for teaching STEM students the internet-of-things, cloud computing and blockchain applications. In: IEEE Integrated STEM Education Conference, Princeton, NJ (2019)
Rao, A.R., Clarke, D., Bhadiyadra, M., Phadke, S.: Development of an embedded system course to teach the internet-of-things. In: IEEE STEM Education Conference, ISEC, Princeton, pp. 154–160 (2018)
Rao, A.R.: A novel STEAM approach: using cinematic meditation exercises to motivate students and predict performance in an engineering class. In: 2017 IEEE Integrated STEM Education Conference (ISEC), pp. 64–70. Princeton University (2017)
Rao, A.R., Clarke, D., Yeskepalli, D., Mallu, M.-R.: Teaching cybersecurity concepts through Internet-of-things applications based on the Raspberry Pi. In: Colloquium for Information Systems Security Education (CISSE), New Orleans (2018)
DoD Cyber Scholarship Program, 28 February 2019. https://dodcio.defense.gov/Portals/0/Documents/Cyber/dodcyspfastfacts.pdf
Libicki, M.C., Senty, D., Pollak, J.: Hackers Wanted: an examination of the cybersecurity labor market. Rand Corporation (2014)
Kornelis, C.: The Hot, lucrative market in IT security talent. Wall Street J. (2019)
Skorobogatov, S., Woods, C.: Breakthrough silicon scanning discovers backdoor in military chip. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 23–40 (2012)
Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. In: Network Security Metrics, pp. 53–73. Springer, Heidelberg (2017)
Anley, C., Heasman, J., Lindner, F., Richarte, G.: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. Wiley, Hoboken (2011)
Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures (2006)
Rashidi, B., Fung, C., Bertino, E.: A collaborative DDoS defence framework using network function virtualization. IEEE Trans. Inf. Forensics Secur. 12, 2483–2497 (2017)
Pancevski, B., Germano, S.: In rebuke to U.S., Germany considers letting Huawei In. Wall Street J. (2019)
Robertson, J., Riley, M.: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Bloomberg Businessweek, 4 October 2018
Naughton, J.: The tech giants, the US and the Chinese spy chips that never were… or were they. The Guardian (2018)
Gormley, B.: Hospitals turn to biometrics to identify patients. Wall Street J. (2019)
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24, 131–143 (2013)
Fu, K., Blum, J.: Inside risks controlling for cybersecurity risks of medical device software. Commun. ACM 56, 35–37 (2013)
Perakslis, E.D., Stanley, M.: A cybersecurity primer for translational research. Sci. Transl. Med. 8, 322ps2 (2016)
Kshetri, N.: Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommun. Policy 41, 1027–1038 (2017)
Rao, A.R., Desai, Y., Mishra, K.: Data science education through education data: an end-to-end perspective. In: IEEE STEM Education Conference (ISEC), Princeton (2019)
Seymour, E.: Talking About Leaving: Why Undergraduates Leave the Sciences. Westview Press, Boulder (2000)
Takahashi, D.: Smart devices aren’t so bright when it comes to security, 29 January 2019. https://venturebeat.com/2019/01/29/pepper-iot-smart-devices-arent-so-bright-when-it-comes-to-security/
Cimpanu, C.: Japanese government plans to hack into citizens’ IoT devices. Zdnet (2019). zdnet.com
Raspberry Pi opens first High Street store in Cambridge. BBC (2019). BBC.com
Hern, A.: Fitness tracking app Strava gives away location of secret US army bases. The Guardian (2018)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., et al.: A view of cloud computing. Commun. ACM 53, 50–58 (2010)
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54, 2787–2805 (2010)
Singer, P.W., Friedman, A.: Cybersecurity: What Everyone Needs to Know. Oxford University Press, Oxford (2014)
Lindell, Y., Katz, J.: Introduction to Modern Cryptography. Chapman and Hall/CRC (2014)
Swan, M.: Blockchain: Blueprint for a New Economy. O’Reilly Media, Inc. (2015)
Mckenna, L.: Why Students Are Still Spending So Much for College Textbooks. The Atlantic, 26 January 2018. https://www.theatlantic.com/education/archive/2018/01/why-students-are-still-spending-so-much-for-college-textbooks/551639/
Mearian, L.: UC Berkeley puts blockchain training online; thousands sign up. Computerworld, 19 June 2018. https://www.computerworld.com/article/3282791/blockchain/uc-berkeley-puts-blockchain-training-online-thousands-sign-up.html
Hamblen, J.O., Van Bekkum, G.M.: An embedded systems laboratory to support rapid prototyping of robotics and the internet of things. IEEE Trans. Educ. 56, 121–128 (2013)
Callaghan, V.: Buzz-Boarding; practical support for teaching computing based on the internet-of-things. In: 1st Annual Conference on the Aiming for Excellence in STEM Learning and Teaching, Imperial College, London & The Royal Geographical Society, pp. 12–13 (2012)
Dark, M., Kaza, S., Taylor, B.: {CLARK}–the cybersecurity labs and resource knowledge-base–a living digital library. In: 2018 {USENIX} Workshop on Advances in Security Education ({ASE} 2018) (2018)
Harrington, W.: Learning Raspbian. Packt Publishing Ltd (2015)
Arsyad, A.A., Dhadkah, S., Köppen, M.: Two-factor blockchain for traceability cacao supply chain. In: International Conference on Intelligent Networking and Collaborative Systems, pp. 332–339 (2018)
Cybersecurity Workforce Education - CNAP Initiatives’ Number H98230- I 7- I -032. “Developing Hands-on Exercises for Secure Embedded System Design & Security Data Analytics for Computing and Engineering Students. CNAP-CAE CNAP-CAE2017 Grant# H98230-17-1-0321. National Security Agency (2017)
Rao, A.R., Clarke, D., Mohammed, N.: Creating an anchor hands-on cybersecurity course using the Raspberry Pi. In: Colloquium for Information Systems Security Education (CISSE), New Orleans (2018)
Wolff, J.: Two-Factor Authentication Might Not Keep You Safe. New York Times (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ravishankar Rao, A., Clarke, D. (2020). Capacity Building for a Cybersecurity Workforce Through Hands-on Labs for Internet-of-Things Security. In: Choo, KK., Morris, T., Peterson, G. (eds) National Cyber Summit (NCS) Research Track. NCS 2019. Advances in Intelligent Systems and Computing, vol 1055. Springer, Cham. https://doi.org/10.1007/978-3-030-31239-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-31239-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31238-1
Online ISBN: 978-3-030-31239-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)