Carnegie Mellon’s competitive hacking team, the Plaid Parliament of Pwning (PPP), took home the top prize at the 2022 MITRE embedded Capture the Flag (eCTF) cybersecurity competition. PPP beat 31 other schools from around the world in designing a secure electronic device for aircrafts and attacking other teams’ designs. Students from CMU had formed teams to participate in this collegiate competition the past five years, and this is the first win.
“Our team went into this competition with a very good background, and they have that background because of the richness of security courses at CMU,” says CyLab’s Maverick Woo, a systems scientist who served as the team’s advisor.
A total of 32 university and high school teams from the United States, India, Singapore, and England participated in this year’s competition. The CMU team was trailed by the Ohio State University, who finished 2nd, and Texas A&M, who finished 3rd.
Our team went into this competition with a very good background.Maverick Woo, Systems Scientist, CyLab
During the competition, which began in late January and ended in April, each team was thrust into a fictional scenario in which they were an elite design and development team at a startup tasked with developing firmware for electronic devices used in aircraft. Once the devices were shipped to airports all over the world, these devices needed to support over-the-air updates to their firmware and allow customers to load flight-specific configurations. A successful design must allow both operations to be performed in a secure manner where the intellectual property of the company and the integrity and safety of the flights are protected.
eCTF competitions are unique from other capture the flag or CTF competitions because of its focus on embedded systems security. Not only do students need to defend against traditional cybersecurity attack vectors, they also need to consider physical attacks on the device, such as side channel attacks, fault injection attacks, and hardware modification attacks.
“How will you support this functionality and ensure that the system is secure?” reads the competition’s challenge overview. “You and your team have been tasked with figuring it out!”
There was an additional twist to this year’s competition: to capture the supply-chain threats faced by embedded systems such as those discussed in a recent news article, each team must account for hardware that may contain unknown malicious modifications, which may impact the security of their systems. Thus, teams had to be extra careful in their designs in order to counter such so-called “Hardware Trojans.”
Teams were given the first six weeks of the competition to design their secure system before handing their design off to competition organizers for testing. Once the designs were approved, teams then attacked each others’ designs by finding as many weaknesses in the competing designs as possible. Teams accumulated points based on how long their own design withstood attacks as well as how successful they were in attacking other teams’ designs.
A lot of the exercises in this eCTF were true applications of what they’ve learned in classes here.Hanan Hibshi, Assistant Teaching Professor, Information Networking Institute
“The educator inside of me is very happy because a lot of the exercises in this eCTF were true applications of what they’ve learned in classes here,” says CyLab’s Hanan Hibshi, an assistant teaching professor in the Information Networking Institute (INI), who served as the academic advisor to several students on the team who initiated interest in participating in this year’s competition.
The students on CMU’s winning team included:
- Neel Bhavsar, M.S. student in INI
- Robert Chen, undergraduate in SCS
- Henry Howland, M.S. student in INI (Team Lead)
- William Luca, M.S. student in INI
- Antonio Martorana, M.S. student in INI
- Palash Oswal, M.S. student in INI
- Nishant Arun Poorswani, M.S. student in ECE
- Parth Shastri, undergraduate in SCS
- Anish Singhani, undergraduate in Electrical and Computer Engineering (ECE)
- Suma Thota, M.S. student in INI
- Hunter Wodzenski, M.S. student in INI
A recording of the awards ceremony can be viewed here.