Skip to main content
SpringerLink
Log in

Capacity Building for a Cybersecurity Workforce Through Hands-on Labs for Internet-of-Things Security

  • Conference paper
  • First Online:
National Cyber Summit (NCS) Research Track (NCS 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1055))

Included in the following conference series:

Abstract

There is growing concern about a cybersecurity skills gap nationwide, as an insufficient number of students are entering this field. Hence, innovative approaches to capacity building are required. We advocate an approach that taps into public awareness and usage of internet-of-things (IoT) devices, which constitute a major source of security vulnerabilities. There is increasing student curiosity about these devices, and a growing tinkering movement.

We tap into this zeitgeist by proposing educational courseware to give students hands-on laboratory experience in designing secure embedded systems. Our initial experience at offering this courseware on the Raspberry-Pi computing platform resulted in significant student interest and engagement. We propose building on this momentum by creating further laboratory exercises focused on IoT devices in the medical and healthcare domain. This is a rich domain for security applications due to patient privacy concerns, the need to secure medical devices, and the need to share patient medical records.

The newly proposed labs will deploy RFID and barcodes to tag medical devices used in hospitals, sensors to measure patient vitals, biometrics to identify patients, and blockchain to create immutable patient records. These labs can be easily implemented with cheap sensors on the Raspberry-Pi platform, and can be replicated easily. By using this approach, we can build a national talent pool in the area of secure embedded devices.

We are in the process of developing these proposed labs. We plan to test them in a classroom setting in Fall 2019. Upon successful testing, we plan to release our labs to interested institutions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. https://www.gsa.gov/portal/content/129694

  2. American Association for the Advancement of Science, “Achieving Systemic Change: A Sourcebook for Advancing and Funding Undergraduate STEM Education,” Ed. C. Fry. Association of American Colleges and Universities (2014). http://www.aacu.org/sites/default/files/files/publications/EPKALSourcebook.pdf

  3. Rao, A.R., Dave, R.: Developing hands-on laboratory exercises for teaching STEM students the internet-of-things, cloud computing and blockchain applications. In: IEEE Integrated STEM Education Conference, Princeton, NJ (2019)

    Google Scholar 

  4. Rao, A.R., Clarke, D., Bhadiyadra, M., Phadke, S.: Development of an embedded system course to teach the internet-of-things. In: IEEE STEM Education Conference, ISEC, Princeton, pp. 154–160 (2018)

    Google Scholar 

  5. Rao, A.R.: A novel STEAM approach: using cinematic meditation exercises to motivate students and predict performance in an engineering class. In: 2017 IEEE Integrated STEM Education Conference (ISEC), pp. 64–70. Princeton University (2017)

    Google Scholar 

  6. Rao, A.R., Clarke, D., Yeskepalli, D., Mallu, M.-R.: Teaching cybersecurity concepts through Internet-of-things applications based on the Raspberry Pi. In: Colloquium for Information Systems Security Education (CISSE), New Orleans (2018)

    Google Scholar 

  7. DoD Cyber Scholarship Program, 28 February 2019. https://dodcio.defense.gov/Portals/0/Documents/Cyber/dodcyspfastfacts.pdf

  8. Libicki, M.C., Senty, D., Pollak, J.: Hackers Wanted: an examination of the cybersecurity labor market. Rand Corporation (2014)

    Google Scholar 

  9. Kornelis, C.: The Hot, lucrative market in IT security talent. Wall Street J. (2019)

    Google Scholar 

  10. Skorobogatov, S., Woods, C.: Breakthrough silicon scanning discovers backdoor in military chip. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 23–40 (2012)

    Chapter  Google Scholar 

  11. Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. In: Network Security Metrics, pp. 53–73. Springer, Heidelberg (2017)

    Chapter  Google Scholar 

  12. Anley, C., Heasman, J., Lindner, F., Richarte, G.: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. Wiley, Hoboken (2011)

    Google Scholar 

  13. Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures (2006)

    Google Scholar 

  14. Rashidi, B., Fung, C., Bertino, E.: A collaborative DDoS defence framework using network function virtualization. IEEE Trans. Inf. Forensics Secur. 12, 2483–2497 (2017)

    Article  Google Scholar 

  15. Pancevski, B., Germano, S.: In rebuke to U.S., Germany considers letting Huawei In. Wall Street J. (2019)

    Google Scholar 

  16. Robertson, J., Riley, M.: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Bloomberg Businessweek, 4 October 2018

    Google Scholar 

  17. Naughton, J.: The tech giants, the US and the Chinese spy chips that never were… or were they. The Guardian (2018)

    Google Scholar 

  18. Gormley, B.: Hospitals turn to biometrics to identify patients. Wall Street J. (2019)

    Google Scholar 

  19. Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24, 131–143 (2013)

    Article  Google Scholar 

  20. Fu, K., Blum, J.: Inside risks controlling for cybersecurity risks of medical device software. Commun. ACM 56, 35–37 (2013)

    Article  Google Scholar 

  21. Perakslis, E.D., Stanley, M.: A cybersecurity primer for translational research. Sci. Transl. Med. 8, 322ps2 (2016)

    Article  Google Scholar 

  22. Kshetri, N.: Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommun. Policy 41, 1027–1038 (2017)

    Article  Google Scholar 

  23. Rao, A.R., Desai, Y., Mishra, K.: Data science education through education data: an end-to-end perspective. In: IEEE STEM Education Conference (ISEC), Princeton (2019)

    Google Scholar 

  24. Seymour, E.: Talking About Leaving: Why Undergraduates Leave the Sciences. Westview Press, Boulder (2000)

    Google Scholar 

  25. Takahashi, D.: Smart devices aren’t so bright when it comes to security, 29 January 2019. https://venturebeat.com/2019/01/29/pepper-iot-smart-devices-arent-so-bright-when-it-comes-to-security/

  26. Cimpanu, C.: Japanese government plans to hack into citizens’ IoT devices. Zdnet (2019). zdnet.com

  27. Raspberry Pi opens first High Street store in Cambridge. BBC (2019). BBC.com

  28. Hern, A.: Fitness tracking app Strava gives away location of secret US army bases. The Guardian (2018)

    Google Scholar 

  29. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., et al.: A view of cloud computing. Commun. ACM 53, 50–58 (2010)

    Article  Google Scholar 

  30. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54, 2787–2805 (2010)

    Article  Google Scholar 

  31. Singer, P.W., Friedman, A.: Cybersecurity: What Everyone Needs to Know. Oxford University Press, Oxford (2014)

    Google Scholar 

  32. Lindell, Y., Katz, J.: Introduction to Modern Cryptography. Chapman and Hall/CRC (2014)

    Google Scholar 

  33. Swan, M.: Blockchain: Blueprint for a New Economy. O’Reilly Media, Inc. (2015)

    Google Scholar 

  34. Mckenna, L.: Why Students Are Still Spending So Much for College Textbooks. The Atlantic, 26 January 2018. https://www.theatlantic.com/education/archive/2018/01/why-students-are-still-spending-so-much-for-college-textbooks/551639/

  35. Mearian, L.: UC Berkeley puts blockchain training online; thousands sign up. Computerworld, 19 June 2018. https://www.computerworld.com/article/3282791/blockchain/uc-berkeley-puts-blockchain-training-online-thousands-sign-up.html

  36. Hamblen, J.O., Van Bekkum, G.M.: An embedded systems laboratory to support rapid prototyping of robotics and the internet of things. IEEE Trans. Educ. 56, 121–128 (2013)

    Article  Google Scholar 

  37. Callaghan, V.: Buzz-Boarding; practical support for teaching computing based on the internet-of-things. In: 1st Annual Conference on the Aiming for Excellence in STEM Learning and Teaching, Imperial College, London & The Royal Geographical Society, pp. 12–13 (2012)

    Google Scholar 

  38. Dark, M., Kaza, S., Taylor, B.: {CLARK}–the cybersecurity labs and resource knowledge-base–a living digital library. In: 2018 {USENIX} Workshop on Advances in Security Education ({ASE} 2018) (2018)

    Google Scholar 

  39. Harrington, W.: Learning Raspbian. Packt Publishing Ltd (2015)

    Google Scholar 

  40. Arsyad, A.A., Dhadkah, S., Köppen, M.: Two-factor blockchain for traceability cacao supply chain. In: International Conference on Intelligent Networking and Collaborative Systems, pp. 332–339 (2018)

    Google Scholar 

  41. Cybersecurity Workforce Education - CNAP Initiatives’ Number H98230- I 7- I -032. “Developing Hands-on Exercises for Secure Embedded System Design & Security Data Analytics for Computing and Engineering Students. CNAP-CAE CNAP-CAE2017 Grant# H98230-17-1-0321. National Security Agency (2017)

    Google Scholar 

  42. Rao, A.R., Clarke, D., Mohammed, N.: Creating an anchor hands-on cybersecurity course using the Raspberry Pi. In: Colloquium for Information Systems Security Education (CISSE), New Orleans (2018)

    Google Scholar 

  43. Wolff, J.: Two-Factor Authentication Might Not Keep You Safe. New York Times (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fairleigh Dickinson University, Teaneck, NJ, 07666, USA

    A. Ravishankar Rao

  2. Mount Sinai Medical Center, New York, NY, USA

    Daniel Clarke

Authors
  1. A. Ravishankar Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A. Ravishankar Rao .

Editor information

Editors and Affiliations

  1. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  2. University of Alabama in Huntsville, Huntsville, AL, USA

    Thomas H. Morris

  3. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA

    Gilbert L. Peterson

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ravishankar Rao, A., Clarke, D. (2020). Capacity Building for a Cybersecurity Workforce Through Hands-on Labs for Internet-of-Things Security. In: Choo, KK., Morris, T., Peterson, G. (eds) National Cyber Summit (NCS) Research Track. NCS 2019. Advances in Intelligent Systems and Computing, vol 1055. Springer, Cham. https://doi.org/10.1007/978-3-030-31239-8_2

Download citation

Publish with us

Policies and ethics

Search

Navigation