Posted November 18th, 2013
Brooklyn, New York—Hundreds of students from across the United States and the world – along with their mentors, researchers, and cyber security professionals – converged last week on the Brooklyn campus of the Polytechnic Institute of New York University (NYU-Poly) for the final round of the largest student cyber security event in the world—the 10th annual Cyber Security Awareness Week (CSAW).
Some surprising winners emerged, including a single undergraduate from Carnegie Mellon University who bested 14 other teams with four members each, competing non-stop over 36 straight hours in the CSAW Capture The Flag (CTF) Applications Security Contest—a test of hacking skills that is the signature event of CSAW. No single-person team has won the NYU-Poly CTF since CSAW’s founding year, 2004, when the contest was far less complex. But it is no surprise that George Hotz, working alone as team tomcr00se, would rise to the top of the CTF, in which 13,500 competitors from 86 countries vied in the preliminary round. Hotz, also known as geohot, is recognized as the first person to unlock the iPhone, thus enabling it to be used on carriers other than AT&T. This marks the fifth consecutive year that a Carnegie Mellon team won the CSAW CTF contest, and its PPP1 team came in second.
In another break from NYU-Poly CSAW history, two of the three top-scoring teams in the High School Digital Forensics Contest were new winners. Their mentors had both participated in NYU-Poly’s summer CSAW training for teachers, which is supported by the National Science Foundation and helps teachers develop curriculum and resources to teach digital security. The contest tests students’ abilities to use digital tools and knowledge to crack a fictional murder mystery.
“We are gratified to see the growth in the high school competition—from only 400 students two years ago to 1,500 today—because that signals that our efforts are working to fill the college-bound pipeline with talented cyber security students,” said Professor Nasir Memon, CSAW founder and head of NYU-Poly’s Computer Science and Engineering Department. “Our summer programs for high school and college teachers, funded by the National Science Foundation, give teachers the tools they need to prepare students for the fast track once they enter college. Not only is the net widening to include new schools in this important field of study, but when CSAW finalists enter NYU-Poly, we find they are thoroughly engaged and highly successful.”
Memon cited several examples: “Kevin Chung, who once won the High School Forensics competition, today as an undergraduate leads the CTF competition and is one of the leaders in our weekly Hack Nights, in which undergraduates teach others the security skills they need to compete in other CTF contests. Freshmen and former CSAW high school finalists Swaad Golam and Ryan McVeety both contributed significantly to this year’s high school contest—and were among the top-placing teams in the Homeland Security Quiz this year. And Emily Wicki, a freshman who won the High School Digital Forensics Contest last year and came in second the year before, helped create the evidence and story line for this year’s contest. They are all examples of how CSAW educates and develops talent.”
Winners of the 2013 NYU-Poly CSAW contests were awarded cash prizes and scholarships at the close of the games on Saturday, November 16:
Capture the Flag Applications Security Contest
1st place with 5100 points: team tomcr00se of Carnegie Mellon University—George Hotz
2nd place with 4800 points: team PPP1 of Carnegie Mellon University: Maxime Serrano, Ryan Goulden, Lawrence Jackson, and Chris Williamson
3rd place with 4200 points: team CISSP Groupies of Ecole de Technologie Superieure, Montreal: Fancois Chagnon, Benjamin Venheuverzwijn, Marc-Etienne M.Léveillé, Mathieu Lvoie
High School Forensics
1st place: team The CAMS Nugget of California Academy of Mathematics and Science, Carson, Calif.—Lani Matsumura, Lujing Cen, and Oskar Wirga
2nd place: team Electric Sheep of High Technology High School, Lincroft, N.J.—Austin Eng and Zachary Liu
3rd place: team Name Goes Here of Illinois Mathematics and Science Academy, Aurora, Ill.—Ethan Bian, John Grosen, and William Song
Embedded Systems Security Contest
This contest tests skills in the new field of hardware security, including the ability to detect malicious flaws and protect chips. The contest is co-sponsored by Columbia University and NYU-Poly.
1st place: team MoMA Avengers of NYU Abu Dhabi —Nektarios Georgios Tsoutsos and Charalambos Konstantinou
2nd place: team UCF Knights of University of Central Florida—Dean Sullivan, Ryan Dixon, Victor Medina, Brandon Frazer, Jeff Biggers, Henry Chan, and Jimmy Lee
3rd place: team Ninja Tyler Trojans of The University of Texas at Tyler—Mukesh Reddy Rudra, Varun Nagoorkar, Lagadapati Yamuna Sri, Lakshman Raut, Rajeshwar Rao Pinninti, Vrunda Tony Chitavaduta, Elizabeth Minu Joseph, Shyam Sai Prashanth Haran, Nimmy Anna Daniel, Mani Kumar Bikkumalla, and Dinesh Veeramachaneni
Best Applied Research Paper
This contest judges the top research papers authored by doctoral students and published in peer-reviewed academic journals.
1st place: Vasilis Pappas of Columbia University, "Transparent ROP Exploit Mitigation Using Indirect Branch Tracing"
2nd place: Masoud Rostami of Rice University, "Heart-to-Heart (H2H): Authentication for Implanted Medical Devices"
3rd place: Keaton Mowery of University of California at San Diego, "Welcome to the Entropics: Boot-Time Entropy in Embedded Devices"
U.S. Department of Homeland Security Quiz
This fast-paced game show tests contestants’ knowledge of cyber security history, techniques, and terms.
1st place: team CSAW CTF of NYU-Poly—Marc Budofsky, Kevin Chung, and Julian Cohen
2nd place: Cyber Bullies of Rensselaer Polytechnic Institute—Alexei Bulazel, Nathan Hourt, and Ben Kaiser
3rd place: team Matt Daemon of NYU-Poly— Ian Butler, Swaad Golam, and Ryan McVeety
To open the signature CTF contest for NYU-Poly CSAW’s 10th anniversary on November 14, artist and NYU-Poly professor Mark Skwarek, along with NYU-Poly undergraduate Joseph Xin, created animated 3-D images of the CSAW mascot—a spider—crawling up the front of the school’s Wunsch Hall.
That same day, hundreds of professionals and academic researchers gathered for the CSAW THREADS conference, which presented the research developed by the U.S. Defense Advanced Research Projects Agency (DARPA) Cyber Fast Track program headed by prominent hacker Peiter "Mudge" Zatko. Some of the country’s most prolific cyber security researchers participated in a panel discussion, and DARPA Program Manager Mike Walker presented the keynote CSAW address.
For more information about NYU-Poly’s CSAW, visit https://csaw.isis.poly.edu/.
NYU-Poly was one of the first universities to introduce a cyber security program and is designated as both a Center of Academic Excellence in Information Assurance Education and a Center of Academic Excellence in Research by the National Security Agency. The Sloan Consortium, an affiliation of educators and institutions dedicated to quality online education, named NYU-Poly’s virtual graduate cyber security program the Outstanding Online Program of 2011. The Center for Interdisciplinary Studies in Security and Privacy (CRISSP), a cutting-edge research collaboration of NYU-Poly and other NYU schools, re-examines the entire cyber security paradigm to integrate technology with broader issues such as human psychology, business, public policies and law.
The U.S. Department of Homeland Security is a gold sponsor of CSAW; Facebook, Qualcomm, Raytheon, and RSA provide support at the bronze level. In all, 25 companies provided generous funding for the educational goals of NYU-Poly’s CSAW.