This SBIR Phase I project focuses on developing a modular, flexible, and simple hardware ecosystem for cybersecurity education and training of students at all levels including undergraduate and high school students as well as industry professionals. The ecosystem will consist of custom-designed hardware modules, associated software, and instructions. Currently, there is no integrated hardware platform for cybersecurity education and training that is available at a price point acceptable to the educational sector. Existing hardware platforms fail to serve this purpose since they are not designed with security issues in mind. The proposed ecosystem can meet the critical need of effective cybersecurity education and training through a unique product line that builds on a distinctive hands-on approach. It will enable student to build complex computer systems; then "hack" them to implement diverse security attacks and countermeasures. The broader impact/commercial potential of this SBIR project primarily lies in creating a well-trained cybersecurity workforce to meet the increasing market demand and contribute, as well, to a secure and safe nation that can reliably defend against cyber-attacks. The project is expected to create new jobs for design and development of the educational modules as well as significant revenue by selling these products. This SBIR project develops a set of innovative education and training products that will fill an important gap in the cybersecurity education, providing training for both our current workforce as well as our nation's next generation with the science and engineering of cybersecurity. A distinctive feature of the products is that they comprehensively cover all aspects of security encompassing hardware, software, network and information security. While high-level software security has been considered for many years, low-level hardware and embedded firmware security education is not adequately addressed. Growing number of attack instances are relying on low-level hardware vulnerabilities. These products will enable students to build a computer system of selected capability by adding various components (e.g. sensors, communication units) and connect multiple units to create a network. It then allows them to implement various security attacks ranging from attacks on software and network (e.g. man-in-the-middle, impersonation attacks) to hardware (e.g. hardware Trojan, bus snooping). The experiments can be highly effective to demonstrate the complex nature of system security and understand the defense mechanisms. Furthermore, they will encourage students not only to learn and design solutions against known attacks, but also to discover novel threats and defenses against them.
