A hardware security curriculum and its use for evaluation of student understanding of ECE concepts

Abstract

Cybersecurity's increasing relevance and applicability in the research and development community and job market make it an attractive topic for both students and faculty. Thus, it is necessary for institutions of higher learning to provide courses that prepare students for the broad security-based design space. In addition to teaching students about critical security concepts, hardware-based cybersecurity projects and courses sit at the intersection of many electrical and computer engineering concepts, providing knowledge retention evaluation and assessment opportunities to the instructors and departments. A hardware security course, with optional review-based supplemental work, functions as a culmination of past courses or as an introductory Electrical and Computer Engineering (ECE) course with security-centric applications of foundational concepts. This paper presents the curricular details of an undergraduate hardware security course designed to be self-sufficient and free of advanced prerequisites, thus accessible to a broad student body with a variety of backgrounds. The course covers cryptology, side-channel analysis, hardware Trojan horses, and other hardware-based security exploitations and countermeasures. The course concludes with a multi-week team project where students replicate existing attacks and/or countermeasures, applying their security knowledge and demonstrating skills as ECE professionals. This paper presents the interweaving of ECE topics and evaluation of students' retention of ECE concepts and skills. "Hardware Security" has been taught twice in the last year, each time containing around 25 undergraduate students (including electrical, computer, and electromechanical engineers in their third and fourth years). These students were surveyed and evaluated regarding their confidence with and competency of ECE and related concepts at the beginning and end of the course. The data gathered were used to evaluate two metrics: 1) how well students were prepared regarding pre-requisite knowledge; and 2) how the Hardware Security course improved their understanding and confidence of ECE concepts. Student knowledge from previous courses varied, but the post-course data show that students improved their understanding and confidence in various topics. The data also point to possible weaknesses in the students' past courses, which can be used as feedback to improve the respective department curricula. Overall, the course evaluations showed student growth in hardware security and progress in reinforcing ECE fundamental knowledge. The work presented here will help ECE faculty and departments deploy similar curricula to prepare students for a cybersecurity career and provide an evaluation of student conceptual retention and growth within their electrical and computer engineering education.