Skip to content

TrustworthyComputing/csaw_esc_2019

Repository files navigation

The winners for all regions have been posted here. We look forward to everyone's submissions for next year!

The due date for the final report and video has been extended to 4 November 2019 at 11:55am (morning) eastern time. The ppt presentation and poster should be sent to the organizers by 6 November 2019 at 11:55am (morning) eastern time. For more details please see here
The final two challenge sets have been released here with instructions here. Please drag and drop the challenge set files into your VM. No additional sets will be released. Good luck to all the teams!
The fourth challenge set has been released here with instructions here. Please drag and drop the challenge set files into your VM.
The third challenge set has been released here with instructions here. Please drag and drop the challenge set files into your VM.
The second challenge set has been released here with instructions here. Please drag and drop the challenge set files into your VM.
The first challenge set has been released here with instructions here (ESC'19 VM available here)
The finalists are announced here

CSAW 2019 Embedded Security Challenge (ESC)

ESC19 RFID Board

Overview

The Embedded Security Challenge (ESC) returns in 2019 for the 12th time, and we are proud to announce another exciting and educational global competition! ESC is part of CSAW, which is founded by the department of Computer Science and Engineering at NYU Tandon School of Engineering, and is the largest student-run cyber security event in the world, featuring international competitions, workshops, and industry events.

ESC 2019 will be a world-wide event held simultaneously in four regions: US-Canada, Europe, Middle East & North Africa, and India, with the finals taking place on November 6-9, 2019. The venues for each region are:

  • CSAW US-Canada: NYU Tandon School of Engineering, Brooklyn, USA.
  • CSAW Europe: Grenoble Institute of Technology - ESISAR, Grenoble, France.
  • CSAW MENA: NYU Abu Dhabi, Abu Dhabi, UAE.
  • CSAW India: Indian Institute of Technology Kanpur, Kanpur, India.

The competition is organized in all regions under the supervision of Professor Nektarios Tsoutsos (University of Delaware), and the global challenge leads are Patrick Cronin and Charles Gouert, who are also the US-Canada region challenge leads. In Europe, the competition is organized by Professor Vincent Beroulle. In the MENA region, the competition is coordinated by Professor Michail Maniatakos, with Esha Sarkar and Heba Ibrahim as the regional challenge leads. In India, ESC is supervised by Professor Sandeep Shukla, with Rohit Negi as the regional challenge lead.

Challenge Summary

This year's ESC focuses on the security of radio frequency identification (RFID) readers, which are utilized broadly from access control in buildings to user authentication in computing systems. This challenge will task contestants with hacking the firmware of a custom RFID card reader (shown above) using reverse engineering tools developed by the United States National Security Agency (NSA).

Motivational scenario: A new tech startup Secure and Formidable Enterprises (SAFE) has tasked contestants with the physical penetration testing of their new RFID security system. To enhance security, each office in the building is protected with a different locking algorithm. Low security offices have simple security measures, while the company president's office and research & developement areas utilize advanced security techniques. Contestants must utilize reverse engineering tools developed by the United States National Security Agency as well as their knowledge of firmware reverse engineering to break through a number of increasingly difficult security measures protecting each office. More details and specifics can be found on the challenge description page.

Registration

Students of all university levels are invited to compete. Each team must have a team leader and up to 3 additional team members (a total of 4 participants per team). Each team leader is responsible for coordinating with other members of their team and will be the point of contact for the entire team. Each team must also have a university faculty advisor.

The team leaders need to register their team members and faculty advisor electronically at https://hotcrp.engineering.nyu.edu/, using their team name as the 'Submission Title'. ESC uses a HotCRP-based registration and submission system for both the qualification and final rounds, and teams must register before finalizing their report and computer file submissions by the posted deadlines. In addition, CSAW requires all participating individuals (i.e., each team member separately) to complete a questionnaire.

Each team is eligible to register for only one region based on university affiliation: Europe, India, MENA, or US-Canada, as defined below. While team members do not need to attend the same university, all team members must be a part of the same region.

  • Europe: Hosting students from universities located in the European Union, Switzerland, Norway, or Armenia.
  • India: Hosting students from universities located in India.
  • MENA: Hosting students from universities located in Algeria, Azerbaijan, Bahrain, Chad, Djibouti, Egypt, Eritrea, Georgia, Jordan, Iraq, Iran, Kuwait, Lebanon, Libya, Mauritania, Morocco, Oman, Pakistan, Palestine, Qatar, Saudi Arabia, South Sudan, Sudan, Syria, Tunisia, Turkey, United Arab Emirates, or Yemen.
  • US-Canada: Hosting students from universities located within the United States or Canada.

To be able to qualify to the final round, each team must register for the correct region based on the university affiliations of its members.

After registration closes, making changes to the existing members of a team (e.g., replacing a team member) or adding new team members, requires explicit permission from the organizers. This is also necessary for teams replacing team members or adding new team members during the final round of the competition.

For more registration information, policies, deadlines, deliverable details, and for information for contacting CSAW organizers, visit the logistics page.

Teams are encouraged to start investigating the challenge as early as possible.

It is also recommended to periodically visit this repository on GitHub, as the details may be updated.