This Science News Wire page contains a press release issued by an organization and is provided to you "as is" with little or no review from Science X staff.

International IT security competition: Saarland University provides best European team

May 31st, 2016

Ural Federal University arranged the IT security competition "ruCTF" on April 17. It started at 9am in the Yeltsin center of the industrial city in the Ural federal district. 21 teams from Russia, Italy, Hungary and Germany had only nine hours to check services and devices of a fully networked household for vulnerabilities. They had to close them for their own smart homes, but also exploit them to attack the smart homes of the other teams. For this purpose, they all received their own "smart home" in the form of a laptop on the morning of the competition. It was connected to a network on which everybody had access and could use it to spy and attack.

"Basically, it's like a sport. The challenge is to find a solution faster than others - for an attack and the corresponding defensive measure," explains Oliver Schranz, PhD student at the Center for IT Security, Privacy and Accountability (CISPA).

The fun factor was increased because students could apply their knowledge from the lecture, Schranz says. The team is called "saarsec". The smaller task force for Russia consisted of Schranz, Jonas Bushart, Pascal Berrang, John Krupp, Markus Bauer, Frederik Moller and Jonas Cirotzki. Nevertheless, in the seven-member crew all education levels were represented, from third-semester computer science to four PhD students. "In this way we had specialists from different areas, ranging from home automation to attack programs to the art of encryption and decryption," Schranz says.

During the competition, he and his teammates had to attack and defend devices and services such as a cleaning robot, a networked refrigerator and a smart safe. Often, they could remotely read data sent while the devices were working. Thus, the students were able to infer shortcomings in IT security and verify them as vulnerabilities.

"You always have to think outside the box," explains Pascal Berrang, also a doctoral student at CISPA, "but to try out programs and functions in a new context is an essential requirement for working in IT security."

If the students discovered a security flaw, they fired their attack code against the services of the smart homes of the other groups. If they could hack the other system, they stole digital code snippets - so-called flags - similar to the capture-the-flag game played at camps. The more flags they stole, the higher they climbed in the ranking. Despite the fact that they are new to such tournaments, they made it to second place.

Schranz explains this unexpected success as follows: "Our equipment was very good. The software we developed found many vulnerabilities. That gave us a strong advantage."

Pascal Berrang identifies another success factor: "We are drilled to recognize simple vulnerabilities even in our sleep. And we all have a broad knowledge of IT security. There is no one who, for example, is not familiar with encryption."

Provided by Saarland University

Citation: International IT security competition: Saarland University provides best European team (2016, May 31) retrieved 19 April 2024 from https://sciencex.com/wire-news/226151334/international-it-security-competition-saarland-university-provid.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
Back to list