World’s top student hackers dust off their white hats for NYU CSAW finals
A small cybersecurity contest at NYU Tandon grows into the world’s most comprehensive student-led security competition, with 180 teams advancing to final rounds in Brooklyn, France, India, Israel, Mexico, and Abu Dhabi
BROOKLYN, New York, Tuesday, October 22, 2019 – After besting 1,225 teams from 90 countries, an elite corps of high school, college, and graduate students will advance to the finals of one of the world’s biggest student-led cybersecurity contests: the New York University Tandon School of Engineering’s annual CSAW games.
Organizers this week released the names of winning teams in the preliminary rounds. Among 35 universities represented at CSAW U.S.-Canada, many are fielding teams in multiple competitions.
The scale of CSAW, in this, its 17th year, is evident in its global reach: 180 finalist teams from around the world will travel to seven academic sites across three continents to compete in the final rounds of a record 10 events on November 6 - 8, 2019:
- NYU Tandon in Downtown Brooklyn, New York
- Indian Institute of Technology, Kanpur (IIT Kanpur)
- Grenoble-INP Esisar in Valence, France
- Ben-Gurion University of the Negev and the University of Haifa in Israel (with IBM Research-Haifa and the IBM Cyber Security Center of Excellence)
- Universidad Iberoamericana (Ibero) in Mexico City
- NYU Abu Dhabi in the United Arab Emirates
More than bragging rights are at stake: NYU Tandon will offer more than $1 million in scholarships to all high school finalists in the CSAW Red Team Competition in Downtown Brooklyn, and other competitions offer scholarships and cash prizes, as well.
CSAW, which was formed in 2003 as a small local competition by the students of Professor Nasir Memon, founder of NYU Tandon’s cybersecurity program, has expanded to 9 events, evolving to meet the changing threat landscape. Last year it introduced Hack3D, which explores vulnerabilities in 3D printing. This year CSAW introduces a first-ever machine learning security event, HackML, as well as the first-ever CSAW Logic Locking Competition. Meanwhile, the high school competition – once covering only forensic skills – now offers a taste of how corporations and institutions train defenders for real-world attacks.
“As technology advances in areas like additive manufacturing, machine learning, and cloud-based AI, the threat landscape is growing right along with it,” said Ramesh Karri, director of CSAW, professor of electrical and computer engineering at NYU Tandon, and co-founder and co-chair of the NYU Center for Cybersecurity. “CSAW is evolving to continue its critical role in helping defenders keep up with these changes; events like HackML and the Hardware Security Challenge are more than just competitions: They generate new avenues of research leading to innovative approaches to defending devices we use every day.”
Two all-girl high school teams — from Poolesville High School, Poolesville, Maryland, and Niwot High School, Longmont, Colorado — will compete in Brooklyn this year, reflecting the longstanding commitment by NYU Tandon and CSAW to employ the games as a gateway to a field in which women represent only 24 percent of the global workforce. The teams are competing at NYU Tandon with the support of Applied Computer Security Associates.
Capture the Flag
Players of all levels and ages from around the world registered for Capture the Flag (CTF), the flagship event of CSAW that tests hacking and protection skills. After 48 hours of around-the-clock software hacking, a top-notch group of undergraduates was selected from 559 teams to compete at one of the finalist hubs. In a first for CSAW, NYU Tandon will feature a Pwny Racing live-streamed head-to-head event at pwny.racing, in which teams compete in a single-elimination bracket event. During the event, hosted by contributing sponsor Vector35, each pairing will race to solve a custom challenge until only one winner remains. For links to the live stream visit @Osirislab, @CSAW_NYUTandon, or pwny.racing. To view CTF teams competing at the CSAW finals in all seven sites, visit csaw.engineering.nyu.edu/ctf/Finalists.
Red Team Competition
This year, more than 420 teams competed in the Red Team Competition, with 29 of them winning coveted slots at the CSAW final rounds at NYU Tandon, Ibero, Grenoble INP-Esisar and NYU Abu Dhabi. To view the high school teams competing at the CSAW finals, including the 11 teams who will compete at NYU Tandon, visit csaw.engineering.nyu.edu/RED/finalists.
Embedded Security Challenge
The oldest and largest hardware hacking competition in the world, the challenge, now in its 12th year, contributes to worldwide scholarship on hardware security. The tournament employs a “red team, blue team” format that mimics real-world attacks. This year’s challenge, developed in partnership with the University of Delaware, involves radio frequency identification, a core security technology in everything from building access to user authentication in computing systems. A record 28 teams competing at Grenoble INP-Esisar, IIT Kanpur, and NYU Tandon will attempt to hack the firmware of a vulnerable RFID reader with United States National Security Agency (NSA) reverse engineering tools.
The competition is a cornerstone program of NYU’s hardware security group. Part of NYU Center for Cyber Security and including researchers at NYU Abu Dhabi, the group has become a leading force in microchip security. To view the teams competing at the CSAW finals, including 12 that will compete at NYU Tandon, visit csaw.engineering.nyu.edu/esc/finalists.
The HackML competition, the first of its kind, will challenge teams of undergraduates and graduate students to design new, powerful backdoor attacks on machine learning systems and to develop novel defenses and detections. One challenge requires competitors to design a backdoor attack that will allow the attacker to add a visual “trigger” to the image of a human face, causing the back-doored network to incorrectly classify the image as whatever the attacker wishes it to “see” (a hat instead of a face for instance.) To view the five teams competing at CSAW finals at NYU Tandon, visit csaw.engineering.nyu.edu/hackml/finalists.
Spotlighting the need for anti-counterfeiting methods in 3D printing, Hack3D tasks competitors with circumventing security measures in the additive manufacturing supply chain. In the qualifying round, competitors were tested in reverse engineering a 3D CAD model. During the final round, teams will compete in printing 3D parts that have been embedded with anti-counterfeiting features developed at NYU Tandon. To view the five teams competing at U.S.-Canada finals, visit csaw.engineering.nyu.edu/hack3d/finalists.
Logic Locking Conquest
Logic Locking is a revolutionary technique for protecting intellectual property (IP) of integrated circuits from reverse engineering, overbuilding, piracy, hardware Trojan insertion, and other threats. In this new, student-led Logic Locking challenge, participants will be provided with a selection of locked combinational and sequential designs (netlists) and tasked with attacking designs locked with state-of-the-art methods. To view the six finalist teams who will compete at U.S.-Canada finals, visit csaw.engineering.nyu.edu/logic-locking/finalists.
The Policy Competition attracts students who are interested in the nexus of law, policy, and emerging security issues. Teams representing both CSAW regulars, such as the U.S. Naval Academy, and newcomers will present to a panel of judges their best arguments on cybersecurity policy relevant to law enforcement investigations, data security or cyberwarfare. To view the five teams competing at the CSAW Policy Competition finals at NYU Tandon, visit csaw.engineering.nyu.edu/policy/finalists
Applied Research Competition
A leading event for young cybersecurity researchers, the Applied Research Competition accepts only peer-reviewed security papers that have already been published by scholarly journals and conferences. This year, top academics and practitioners reviewed 157 papers to arrive at the list of finalists. During the CSAW final round, one of the student authors of each paper will present in poster format to judges, who will evaluate the originality, relevance, and applicability of the research. Finals will be held at NYU Tandon, Grenoble-INP Esisar, IIT Kanpur and Ben-Gurion University.
To view the accepted papers, visit csaw.engineering.nyu.edu/research/finalists.
Security Quiz Bowl
Finalists from other CSAW contests, as well as students from throughout New York, will test their knowledge of security technology, history, and culture in this fun and fast-paced competition, sponsored by IBM.
CSAW also includes an Industry Fair, at which finalists and vetted computer science students from across the region will meet sponsors recruiting for internships and career positions. According to research by industry group (ISC)2, the shortage of cybersecurity professionals is close to 3 million globally. In the United States, there are nearly half a million unfilled positions.
Cybersecurity students wishing to participate in the CSAW Industry Fair at NYU Tandon can register at csaw19industryfair.eventbrite.com
New this year, the C2 Security Workshop, sponsored by BAE Systems, will cover a range of technical topics from quantum systems to fault injection, on Thursday, November 7. The closing keynote on Friday, November 8, is presented by CSAW Gold Sponsor DTCC.
The CSAW games, founded in 2003 as a small contest by and for NYU Tandon students, have grown to become the most comprehensive set of cybersecurity challenges by and for students around the globe. NYU students continue to design the contests under the mentorship of information se
curity professionals and faculty. NYU Tandon’s student-led Offensive Security, Incident Response and Internet Security (OSIRIS) laboratory, home to weekly student-led Hack Night training and student research, leads the Red Team and CTF challenges.
“Besides being a crucible for new research and defensive tactics for today’s cybersecurity workforce, CSAW is cultivating tomorrow’s defenders. Since their inception, competitions like the Red Team Challenge have inspired thousands of students to pursue fields with high demand for new talent and fresh ideas,” said Jelena Kovačević, dean of NYU’s Tandon School of Engineering. “Indeed, since 2003, approximately 100,000 high school and college students have competed in CSAW, many becoming mentors, researchers, professors, and experts in government and industry. CSAW is also key to NYU’s school-wide commitment to STEM education and our outreach to young women, who this year constitute 46% of NYU Tandon’s incoming first-year undergraduates.”
CSAW U.S.- Canada Sponsors are: Gold Level – Army Research Office, Capsule8, DTCC, National Science Foundation; Silver Level – BAE Systems, IBM, Red Balloon Security; Bronze Level – Facebook, Flatiron Health, JPMorgan Chase & Co., RiskEcon Lab for Decision Metrics @ Courant Institute of Mathematical Sciences, T. Rowe Price; Supporting Level — Bank of America; Contributing Level – Aflac, Applied Computer Security Associates, CTFd, Datadog, TIAA, Raytheon, Uber, Vector35.
About the New York University Tandon School of Engineering
The NYU Tandon School of Engineering dates to 1854, the founding date for both the New York University School of Civil Engineering and Architecture and the Brooklyn Collegiate and Polytechnic Institute (widely known as Brooklyn Poly). A January 2014 merger created a comprehensive school of education and research in engineering and applied sciences, rooted in a tradition of invention and entrepreneurship and dedicated to furthering technology in service to society. In addition to its main location in Brooklyn, NYU Tandon collaborates with other schools within NYU, one of the country’s foremost private research universities, and is closely connected to engineering programs at NYU Abu Dhabi and NYU Shanghai. It operates Future Labs focused on start-up businesses in downtown Manhattan and Brooklyn and an award-winning online graduate program. For more information, visit engineering.nyu.edu.