Trust Summit 2025
On December 12, IITB Trust Lab hosted its Annual Trust Summit, inviting cybersecurity professors from top academic institutions from all over the country, for the official launch of Trust Lab’s Hub-and-Spoke Model—a strategic initiative designed to increase research, and build grassroots capacity in the critical area of cybersecurity across the nation.
The Hub-and-Spoke Model
The core philosophy of the summit was simple: capacity building must start at the grassroots. To move beyond theoretical security, the Trust Lab is forging deep collaborations with premier institutions to foster a vibrant, national cybersecurity culture.
To fuel this engine, IITB Trust Lab will provide two critical types of support:
- R&D Grants: Direct funding for faculty to pursue advanced research
- Ecosystem Grants: Support for “beyond-the-lab” activities, including hosting Capture The Flag (CTF) competitions, creating school awareness programs, and collaborating with local law enforcement to tackle regional cybercrime
As currently envisaged, each partner institution will have:
- Faculty Champion: A lead professor overseeing the strategic direction
- Cyber Cell: A dedicated group of students engaged in active research
- Student Champion: A peer leader driving engagement and projects
Redefining the Curriculum
The launch was followed by professors from IIT Bombay sharing details of their cybersecurity curriculum, and the rationale behind its design.
1. Hardware Security
While algorithms like RSA and Post-Quantum Cryptography provide “mathematical guarantees,” they must eventually run on physical hardware. Real devices unintentionally leak data through power consumption, timing, and electromagnetic radiation. Fault Attacks demonstrate how adversaries deliberately perturb a system’s computation to derive secrets from the resulting faulty response. Therefore the Hardware Security Curriculum includes both michroarchitectural attacks and fault attacks on embedded systems.
Integrating microarchitectural and fault attack analysis into the Hardware Security curriculum is a vital step toward developing truly resilient systems. By moving beyond high-level software abstractions, students gain a deep understanding of how the physical properties of hardware—such as execution timing, power consumption, and electromagnetic emissions—can be exploited to bypass traditional cryptographic barriers.
This “physical-layer” awareness is essential for modern engineers; it ensures they do not just rely on the mathematical strength of an algorithm like RSA, but also account for the unintentional information leakage that occurs when that algorithm is physically executed on silicon.
2. Applied Cryptography
The cryptography module focuses heavily on lab-based learning, moving from Symmetric Key Encryption (SKE) for disk encryption to Public Key Encryption (PKE) for secure key exchange. The curriculum spans advanced applications including Zero-Knowledge Proofs and e-Voting; Secure Messaging and SSL; and Blockchain Technologies like Bitcoin and ZeroCash.
Grounding a cryptography curriculum in diverse, real-world applications is essential because it transforms abstract mathematical theories into tangible problem-solving frameworks. This application-heavy approach ensures that graduates become architects capable of implementing secure protocols—skills that are immediately transferable to the tech industry.
3. Privacy Enhancing Technologies (PETs)
This track challenges students to move beyond basic concepts and measure the true depth of anonymity while navigating the complex nuances of digital freedom. The curriculum begins by analyzing the intersection of technology and policy, specifically distinguishing between censorship and firewalling to understand how identical technical mechanisms can carry vastly different political connotations.
Students conduct deep dives into the architectural design and threat models of Tor and Onion Routing, exploring how layered encryption maintains privacy in hostile environments. The module also addresses the practicalities of modern traffic analysis, covering sophisticated defenses like decoy routing and end-to-end encryption (E2EE) alongside the pervasive mechanics of web tracking and cookies to provide a holistic view of the current privacy landscape.
Innovation in Action: Technology Demonstrations
The summit concluded with live demonstrations of the following indigenous technologies developed at IIT Bombay.
VAJRA: an indigenous tool for endpoint security that collects logs of the endpoints at the kernel level which are centrally monitored and correlated across the endpoints to detect any malicious activities, lateral movements, and privilege escalations.
SOC: A turnkey program which provides a fully open-source, low-cost Security Operations Center, enabling smaller organizations to implement centralized security, significantly boosting threat detection and response capabilities.
PULSE: Interactive labs that run on a container based platform for hands-on security training, focusing on practical learning and application of cybersecurity concepts.
For the Future
Today, there is a significant widening of the cybersecurity skills gap happening in India. Despite being a global technology hub, we face a critical shortage of professionals equipped to handle specialized domains like hardware security and cryptographic implementations. If left unaddressed, this deficit will only increase as our critical infrastructure becomes more connected and the complexity of attacks scales.
To bridge this chasm, the change must begin at the educational and academic level. Cybersecurity must be integrated into the foundational layers of engineering education. By modernizing curricula, we prepare students for industry.
While the model is a small step in the context of the national challenge, it is a start, and it creates a blueprint for how India can cultivate the human capital necessary to defend its digital frontiers.
