[builds-list] MITRE's Embedded Capture The Flag Competition
eugenek at bu.edu
Fri Dec 9 01:45:40 EST 2016
Attached is a challenging and exciting embedded capture the flag
competition. This is a great opportunity if you're interested in pursuing a
career in embedded systems or cyber security. There also is potential to do
an Independent Study w/ Professor Egele for course credit. A team is
required to succeed, so email me back and I can help form a team.
eugenek at bu.edu
*Embedded Capture-the-Flag (eCTF)*
Collegiate Challenge 2017 – How to Hack a Firmware Update
Perfect security is impossible. Even the most secure designs have some
small security flaw that can be exposed by attackers, which is why having
the ability to update or patch software is critically important. * But what
happens if the update process is itself vulnerable to attack?*
*“…the team demonstrated the threat by infecting a Hue lamp with a virus
that then spread by jumping from one lamp to its neighbors, whether the
lights were on the same private network or not. Worse yet, the researchers
didn’t need physical access to the lights — they were infected wirelessly
by a drone or car while still a few hundred feet away….*
*The infected payload was delivered by exploiting a weakness in Philips’
encryption to force an over-the-air firmware update using an "autonomous
attack kit" built from "readily available equipment" costing just a few
hundred dollars. In other words, anyone with the knowledge and motivation
could execute a similar attack.”*
*- **IoT Drone Hack
For the 2017 MITRE Collegiate Embedded Capture the Flag (eCTF)
challenge is to design and implement a system to securely update the
firmware on a resource-constrained embedded system. *
Your system must meet a set of requirements (to be announced at Kickoff)
and defend against as many attacks as you (and the other teams) can think
of. You must design and implement a set of tools and scripts for
provisioning a set of cryptographic keys, packaging firmware updates, and
receiving those updates on the embedded system. Once your system
implementation is completed, it will be subjected to attacks from the
opposing teams, while you get a chance to attack the designs from the other
teams. To set the ground rules, it is assumed that attackers have physical
access for an extended period of time with the embedded device. Therefore,
physical attacks on the embedded device are fair game. *The purpose of this
scenario is to encourage a focus on security for the embedded system and to
allow ALL types of attacks.*
*The target platform will be a development board for a small AVR-based
chip, the ATMega1284P*. A secure implementation will need to leverage
cryptography and secure protocols and protect against a host of possible
attack vectors… And it will need to do all of this on a
resource-constrained device. Some possible attack vectors to research /
· Binary exploitation and logical attacks that exploit weaknesses
or bugs in the code
· Cryptanalysis and protocol attacks
· Hardware hacking techniques (e.g. JTAG interrogation, probing)
· Side-channel and fault attacks
Teams will gain points by extracting flags from other teams, as well as
withstanding the attacks of others. At the completion of the competition,
the top teams will be invited to MITRE for an award ceremony.
*Pre-Kickoff --- *December and January
· MITRE will be updating the official competition site
<http://mitrecyberacademy.org/competitions/embedded/> with further
competition details as well as links to useful resources.
*Kickoff --- *Wednesday, January 18th 2017
· Competition officially kicks off.
· Detailed rules and requirements will be posted online.
· MITRE will provide a naïve exemplar implementation (without any
security), and a build environment (GCC based).
· *This date is close to the class start dates for all
participating schools. Students are strongly encouraged to check the
website to read the Kickoff announcement and start thinking about their
secure design even if classes have not yet started.*
*System Hand-off *--- Wednesday, March 1st 2017
· System design and implementation is due.
· After a brief period to allow for MITRE to verify all submitted
systems, each team will be able to attack any of the other teams’ systems.
· *This date gives 6 weeks to design and implement the secure
system – roughly half the full duration of the competition. *
*Scoreboard Closes* --- Friday, April 14th 2017
· Scoreboard closes
· *This date is the cutoff for flag submissions and marks the
official end of the competition.*
*Award Ceremony*--- Friday, April 20th 2017
· Top teams are invited to MITRE to present their work, while MITRE
will announce results of write-up judging and present awards.
· Each team should consist of at least four (4) *dedicated* students.
“Dedicated” means students that are intending to participate in both the
defense and attack portions of the competition.
o Based on a similar exercise with recent summer interns, we expect
these students to spend at least 8 hours per week – but they may want to
spend more! The work involved and lessons learned are expected to be
highly deserving of university credit hours.
· Each team should have at least one (1) professor to act as a
mentor and help guide the team’s efforts. Mentors should try to meet with
their team at least weekly to help with progress and scheduling during the
design portion of the competition.
· Detailed deliverables will be announced at a later date, but will
roughly consist of:
o A working system that meets the design requirements
§ System source code and build instructions delivered electronically
o Documentation for the system
o Top teams will also be asked to provide a final presentation on
overall system design and attack process (to be given at the Award Ceremony)
· MITRE will provide at least one set of development hardware per
team. Teams may choose to purchase additional systems to parallelize their
· MITRE will organize all aspects of the event including detailed
requirements/rules, logistical details, judging criteria, and award
· Team sizes are unlimited – we want to encourage as many students
to participate as possible.
· Teams may consist of students at any level: undergraduate,
graduate, PhD, or a mix
· Attacks must be focused on student-designed components. Attacks
on open-source or commercial components used as part of the system will not
score points for the eCTF, but MITRE *will* help coordinate the responsible
disclosure of weaknesses to the appropriate parties.
· When submitting your secure design, all source code and
documentation must be shared. This is to discourage security-by-obscurity,
as well as to accelerate attack development and encourage more
sophisticated techniques for both sides.
- Each system will be required to hold and protect “flags” that
can only be revealed if the system is compromised. Details of the flags
will be given at Kickoff.
- Teams obtain points by retrieving and submitting the flags of
other teams. Additionally, teams gain points for the amount of time their
system withstands attack. All points are tracked via a live scoreboard.
- To encourage creative attacks, MITRE will judge and award points
to attacks even if they do not result in a flag. To obtain these
additional points, teams must submit a proof-of-concept and short report
describing the attack. Details of the write-ups will be given at Kickoff.
This event that is invite-only. The currently invited schools are:
- Northeastern University
- Tufts University
- University of Massachusetts - Amherst
- University of Massachusetts - Lowell
- Worcester Polytechnic Institute
- Boston University
- Massachusetts Institute of Technology
- University of Maryland College Park
- George Mason University
- Virginia Tech
- Rochester Institute of Technology
- Rensselaer Polytechnic Institute
- Carnegie Mellon University
- University of Connecticut
Please fill out the registration form by December 15th to reserve your spot
in the competition:
If you have any questions, please feel free to contact us at ectf at mitre.org
More info will be released on our official website soon:
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6254 bytes
Desc: not available
More information about the Builds-list