By David Murphy
Two KAUST Ph.D. students from the KAUST Secure Next Generation Resilient Systems (SENTRY) Lab, Ioannis Zografopoulos and Panagiotis Karamichailidis, recently won the 18th annual CSAW Cybersecurity Games & Conference’s (CSAW '21) Embedded Security Challenge (ESC). ESC was one of eight cyber competitions held during CSAW '21, an international student-run cyber security event, which took place virtually from November 10-14, 2021.
Firstly run in 2008, the ESC is the oldest hardware security competition in the world. An educational, research-oriented tournament, the competition focused on embedded systems, including wearable computers, network routers, RFID readers, and wireless access points.
After progressing through a preliminary qualifying round, the KAUST SENTRY team placed first in the MENA and U.S./Canada regions, beating stiff competition from Georgia Tech and the University of Maryland in the process.
How the ESC was won
The ESC was divided into a technical track, "the attackers," and a research track, "the defenders." Challenges involved cracking cryptographic schemes commonly used by our everyday devices, such as the Rivest–Shamir–Adleman (RSA) and the Advanced Encryption Standard (AES) encryption methods, among others. The KAUST SENTRY team decided to compete on the research track to protect the code provided by the organizers against attacks, but “with a twist,” as Zografopoulos observed.
“In our minds, attacking and defending are two processes that could never—and should never—be decoupled. Thus, before securing the challenges, we first cracked them, which was double the fun. Our hacker mentality allowed us to design more secure solutions, and that was the key to our victory.”
The ESC final round consisted of three parts: the first part involved solving offline challenges provided by the organizers. The second part required the presentation of Karamichailidis and Zografopoulos’s solutions to a board of cybersecurity specialists. The third and final round consisted of a live hacking challenge where the first team to solve the challenge received extra points on their total score. As a result of completing these three parts, the team with the highest score won the competition.
“Granted that our background stems from the cybersecurity field, we firmly believe that to secure a system effectively, you need to grasp the underlying mechanics,” Karamichailidis noted.
“As a lab, we are often taking part in capture the flag (CTF) hacking competitions as an effort to practice our security skills as well as for education purposes. We are excited that we were able to secure the first place for KAUST and are already looking forward to next year’s ESC,” he added.
KAUST Assistant Professor of Computer Science Charalambos Konstantinou praised his students “rewarding” win: “Seeing my students succeed is very satisfying, and I believe that they will accomplish a lot more in the future both academically and professionally. As their advisor, I feel proud and fortunate that Ioannis and Panagiotis are part of our SENTRY Lab.
“They put a lot of effort and time into participating and winning this competition, all the while demonstrating the high caliber research we do and the high-quality people we have in our lab. Our entire team would like to thank the CSAW '21 ESC organizers for their fascinating challenges, great competition organization, and for giving us the opportunity to compete against such high-quality universities and teams," Konstantinou concluded.
The KAUST SENTRY Lab
The research focus of KAUST Secure Next Generation Resilient Systems (SENTRY) Lab is in the area of cybersecurity and resilience of industrial control, critical power grid infrastructure, and embedded systems. The lab follows the concept of an attacking team, a "red-team," versus a "blue team" that responds to the intrusion. The concept helps SENTRY's researchers understand sophisticated cyberattacks to design adaptive, novel modeling methods, monitoring schemes, and control algorithms to detect, prevent, and mitigate the risk of cyberattacks.
The team’s research incorporates elements from computer security fundamentals and is linked to specific cyber-physical engineering applications, with the goal of building secure and resilient computing systems.