CSAW 2023: Fostering the Next Wave of Cybersecurity Experts

How Today's Research and Student Focused Competitions Are Building Tomorrow's Cyber Defenses

Hi Cyber Builders 👉🏼

This week, I'm excited to share insights from the CSAW (Cyber Security Awareness Week) - EU Chapter 2023, held in Valence, France. Founded by New York University in 2003, CSAW has become the world's most comprehensive student-run cybersecurity event. It's a hub for experiential learning and a beacon for inspiring students towards cybersecurity careers. Valence, part of the greater Grenoble area and home to microelectronics leaders like ST Microelectronics and SOITEC, was the perfect backdrop for this event.

The importance of guiding academics and students toward cybersecurity is more relevant than ever. With the industry's growing demand for security professionals, supporting events like CSAW is crucial. It was invigorating to see students of all ages, even young kids, getting their first glimpse into cybersecurity, eager to learn and practice.

Staying connected with the research community is vital for professionals to stay ahead of future innovations. The extensive research on enhancing security within chips and IoT devices was excellent.

Special thanks to Gabriel Blanchard and ESISAR for the invitation. Let's dive into the key takeaways from the conference.

What is the CSAW

The CSAW - EU Chapter - 2023, held from November 9th to 10th in Valence, France, is a prominent international ethical cybersecurity competition targeting high school and university students, including Ph.D. candidates. The European finals took place at Grenoble INP - Esisar in Valence.

European participants showcased their cybersecurity skills, judged by industrial and academic experts. The event featured an industrial forum and cybersecurity conferences on technical and legal issues alongside the contest. These forums and conferences were open to all attendees, inviting professionals to engage with the latest in cybersecurity.

Photo by imgix on Unsplash

Promoting Cybersecurity Excellence to Younger Students

CSAW aims to promote cybersecurity inclusively, encouraging diversity and gender equality while challenging the stereotypical hacker image. Organized by INPG, ESISAR, and New York University, the competition unites various disciplines, with students and researchers demonstrating their prowess in front of industrial juries.

A highlight was the Capture the Flag competition for high school students, where they hacked various systems and wrote professional reports on their findings. Beyond hacking, this competition prepares participants for real-world challenges, offering insights into the latest advances in cybersecurity for connected objects and computer hardware. ESISAR's expertise in processing electronic components and cybersecurity shone, particularly in areas like fault injection attacks and chip certification.

What’s new on the research side?

During the event, academic research was published in various fields. Let me give you a glimpse of the research fields. Note that I won’t talk here about LLM and AI; more on this topic in a later post!

• Post-Quantum Cryptography and Security:

  • Quantum computing presents significant threats to existing cryptographic methods. The need for quantum-resistant methodologies and larger, more robust key sizes is paramount.

  • Ongoing research in this area is vital for future-proofing cryptographic security. It is unclear which algorithm will be efficient against quantum computers. Still, NIST has selected its first candidates for a standard, but researchers think many updates will be needed. There is a lot of praise for Crypto Agility.

• Emerging Technology - PUF:

  • P-U-F (Physical Unclonable Function) technology uniquely identifies physical objects like semiconductors to enhance security or privacy. Innovative cryptographic technologies, such as utilizing chip and processor "DNA" for authentication, are gaining traction.

  • "Physical Unclonable Function" technologies are increasingly important for IoT security due to their low computational requirements.

• Risk-V Architecture:

  • The RISC-V architecture, developed by a consortium led by the University of Berkeley, was also a significant theme. This project aims to eliminate royalties on instruction sets and reduce export control issues. For example, many startups have embarked on developing RISC-V in the German automotive sector.

  • Its adoption across various sectors and its potential role in enhancing technological sovereignty are noteworthy. RISC-V is finding industrial applications in embedded systems and is evolving for more complex applications such as multicore systems and 64-bit CPUs.

• Security of Embedded Systems:

  • The risks associated with IoT devices, chip attacks, and side-channel attacks are growing concerns. Hackers can now buy off-the-self electronic test bench to perform attacks on IoT. The cost has been drastically reduced over the last few years.

  • As a consequence, hacking connected objects is a central theme. Capture the Flag competitions were organized, along with research presentations on the vulnerability of connected objects to hardware attacks. These attacks, now accessible with a modest budget, allow for the bypassing of software protections.

  • Educational focus on hardware hacking and software countermeasures is crucial for developing future security solutions.

• Blockchain and Security:

  • Blockchain technology poses unique security challenges, particularly in private key management.

  • Emerging solutions focus on enhancing wallet reputation and the formal validation of intelligent contracts, indicating critical areas for development and research.

• Fuzzing:

  • Fuzzing, an automated software testing technique, is becoming essential in cybersecurity.

  • Lib AFL (Advanced Fuzzing Library) is designed to automate vulnerability research.

Conclusion

CSAW is a vital international event that fosters collaboration among students, researchers, and professionals, promoting education, diversity, and innovation in cybersecurity. It's anchored in the Auvergne-Rhône-Alpes region, a global microelectronics hub.

The conference highlighted key research areas, including post-quantum cryptography, PUF, RISC-V architecture, embedded system security, blockchain, and fuzzing techniques. CSAW's role in advancing cybersecurity and nurturing future solutions is undeniable.

I welcome your questions and comments on these research topics. Are there any Cyber Builders out there keen to discuss these areas?

Please share the post if you found it insightful. Cyber Builders is a free publication fueled by reader feedback and the connections we make.

Laurent 💚