Remotizing and Virtualizing Chips and Circuits for Hardware-based Capture-the-Flag Challenges

In the very rapid digital revolution we are experiencing, the availability of cybersecurity experts becomes critical in every organization and at multiple levels. However, classical and theory-oriented training seems to lack effectiveness and power of attraction, while professional selection and training processes based on cybersecurity gamification are being successfully experimented, among which Capture-the-Flag (CTF) competitions certainly stand out. Nevertheless, careful analysis reveals that such initiatives have a major shortcoming in addressing security issues when training people to tackle hardware-related security issues. Several motivations can be identified, including the inadequate technical knowledge of the White Teams charged of the challenges preparations, and the evident logistic problems posed by the availability of real hardware devices when the numbers of trainees significantly scales up. This paper presents a platform able to provide as a service hardware-based CTF challenges and exercises, involving circuits and chips that can be physically connected to a server or simulated, to deal with topics such as hardware bugs, flaws and backdoors, vulnerabilities in test infrastructures, and side-channel attacks. The platform is presented from a technical perspective, and data for deducting related efficiency, stability and scalability are offered.