NSA Taps Syracuse University Faculty to Develop Cybersecurity Curricula

 Yuzhe Tang and Wenliang Du

February 6, 2018

Professors Yuzhe “Richard” Tang and Wenliang “Kevin” Du have been awarded $328,481 by the National Security Agency (NSA) to develop cybersecurity curricula to be taught at Syracuse University and beyond. Tang and Du are developing hands-on teaching modules around three topics—classic cryptography, Intel Software Guard Extensions (SGX), and cryptocurrency. Their curricula teach students cryptography in the context of real-world cases and through hands-on experiences.

Their classic cryptography modules focus on the fundamentals of using ciphers to scramble and descramble messages to maintain security. To better understand how they work, student require knowledge of “computational hardness”—the level of difficulty in decrypting information. The hands-on modules expose students to abstract theories through direct observation.

Modules that explore Intel SGX train students to understand what is happening in the SGX architecture—which prevents third-party cloud providers from being able to monitor customer’s activities in cloud-based programs by encrypting the programs’ memory. The team has developed an SGX emulator to provide students with the ability to work with the platform even if they don’t have access to Intel hardware.

Finally, a series of labs will address the increasingly relevant topics of blockchain and cryptocurrency, such as Bitcoin. Traditional currencies are protected by a range of anti-counterfeiting measures. Similar but more high-tech measures need to be taken to secure cryptocurrencies. The team is developing labs to help student understand blockchain using actual bitcoin software, as well as labs the teach them to develop new applications such as protecting cryptocurrency mining in the cloud.

Tang says that the open-source nature of their curricula is key to creating a trained cybersecurity workforce to address a widespread shortage. In a 2017 Global Information Security Workforce study, the Center for Cyber Safety and Education revealed that the world is “on pace to reach a cybersecurity workforce gap of 1.8 million by 2022.”

“Our goal is to create impact. We need to spread this knowledge. Syracuse University’s College of Engineering and Computer is exceptionally strong in cybersecurity education, so we are in a position to provide resources to educators everywhere to enhance cybersecurity practices and prepare qualified professionals,” said Tang.

Many of Tang’s and Du’s labs are currently available for free at https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab. They will continue to be rolled out over the course of the year-long project. Eventually they will be made available through Du’s SEED Labs platform which hosts a wide variety of open-source, hands-on cybersecurity exercises. Du also annually hosts cybersecurity educators from around the world to train them to incorporate his labs into their own teaching.

It is their hope that this NSA-funded curriculum will prepare countless educators and students as they continue to contribute to the bleeding edge field of cybersecurity.