IFCyber members embrace new opportunities

When Dr Hammond Pearce saw the funding opportunities announced by the UNSW Institute for Cyber Security, he saw potential.

He was keen to get his hands on a PCB printer to print circuit boards to help with manufacturing and supply chain research. 

By being able to print the boards in house, Dr Pearce would be able to go from an idea to electronics in a few hours, rather than waiting for a factory somewhere else to produce the board for him.

“We can dream up something and then print it and then solder it and we've got it,” Dr Pearce said.  

“We don't have to worry about some factory somewhere producing it for us, slowing us down. So it does speed up prototyping for sure. And it enables us to do research.”

IFCyber director Debi Ashenden said it was important for the institute to fund academics who have research ideas in novel areas.

“It’s about giving them the ability to try out some of those ideas and to try to start building their own research streams,” Professor Ashenden said.

“Particularly in the case of Hammond’s kit, it was about recognising that what he wanted to do was in an area where there seems to be quite a research gap in Australia. 

“This was giving him the opportunity to start to plug that gap, but also to build up our capacity to do research in that space.”

Indeed, the Institute has also helped fund a Cyber Threat Intelligence (CTI) lab as part of Arash Shaghaghi’s research.

His lab at the School of Computer Science and Engineering features the largest custom-built and fully reconfigurable Raspberry Pi (RPIs) testbed in Australia, with 220 RPI nodes connected to 50 different IoT devices. 

“We’ve got very interesting research papers but we have never had a place where people can go and see what we have built,” IFCyber member Dr Shaghaghi said. 

“The small bits, if we can do it right, should allow us to work with industry on meaningful projects. Showcasing our capabilities will have a major impact when we reach out to industry partners for grants.”

For Dr Pearce, the printer has already unlocked a lot of capabilities within his team. 

He recently received a prestigious Google Research Scholar Program award to continue his research in automated hardware security research.

“I would definitely call it a new capability. It has enabled us to do new research,” he said.  

With a research focus of his team exploring manufacturing security and supply chains, Dr Pearce set about pretending to be a malicious factory. 

He’d set up a blue team and a red team, where one side would act as an attacker, making modifications to electronics. It was up to the defender to work out what had changed.

“We put a firewall between the two teams and go OK, here's some electronics. Are they legitimate? Did we change anything? Did we not change anything? 

“If we did, what did we change? 

“That's just one experiment we can do in the long term vision we have for this particular equipment.”

Dr Pearce points to a real-world example of supply chain attacks to demonstrate the value of his team’s research.

A 2018 Bloomberg report alleged China had infiltrated server manufacturer Supermicro, adding tiny chips to its motherboards that ended up in US government and cloud company data centres. 

The story claimed Chinese spies infiltrated the supply chain, and it was only when Amazon began evaluating a startup that security testing revealed the compromised servers. 

Bloomberg said the chips allowed unprecedented data to an adversary state.

While Bloomberg stands by the article, almost every company mentioned in the piece has denied the allegations.

Dr Pearce said irrespective of whether the attack actually happened or not, researchers have proven that it could happen. “In a sense, it doesn’t actually matter whether or not this particular attack occurred. If it’s possible, defences need to be able to perceive such attacks.

“So, this is the sort of research that I want to do in terms of taking an existing electronic design, sneaking some stuff into it and then trying to detect it - what are some of the tells that we've modified this in production basically.” 

Dr Pearce said the printer was a great asset for the University to have. 

“UNSW has a lot of great assets, we have a lot of really talented people.

“When we back people up with equipment to do experiments and practical stuff like this, we can move a lot of stuff from theory into application.  

“I think it's really cool that this machine might end up getting used in ways we don't even expect.  

“In the original proposal we sent to IFCYBER, we outlined three or four experiments we could do, but now that we've got the machine, we do those experiments and then we come up with more pathways for the future.”