Blue Hens capture the flag
Image courtesy Nektarios Georgios Tsoutsos April 15, 2021
Inaugural UD cybersecurity competition engages more than 2,000 participants
University of Delaware students studying cybersecurity organized UD’s first cybersecurity games from March 19-21, drawing more than 2,000 participants from more than 700 teams from across the globe.
This student-run event tested participants’ skills in detecting and defending against a broad range of cyberattacks. In this Capture the Flag (CTF) event, the participants assumed the role of an attacker and tried to exploit vulnerabilities in the systems developed purposefully by the organizers: UD’s Center for Cybersecurity, Assurance and Privacy (CCAP), which is affiliated with the Department of Electrical and Computer Engineering.
Over 48 hours, teams attempted to overcome 39 unique challenges to see who could take first place and win the $500 prize and bragging rights. The teams were composed of individuals with various backgrounds, from high school students and undergraduates to graduate students and cybersecurity professionals from all over the world.
The challenges encompassed a broad range of topics, from breaking vulnerable implementations of popular cryptographic protocols to reverse engineering and hacking computer programs and bypassing the defenses of websites. Contestants used state-of-the-art software programs to perform their attacks, such as the US National Security Agency’s (NSA) Ghidra reverse engineering software. Participants learned and honed essential skills employed every day by professional penetration testers (ethical hackers employed to strengthen organizations’ infrastructures) and other cybersecurity professionals. These cybersecurity events prepare students to develop a cybersecurity mindset and pursue careers in the industry and government.
“I believe that this competition showed us firsthand how important and interesting cybersecurity related topics are to students and professionals all over the world,” said doctoral student Charles Gouert, one of the competition’s organizers. “In addition, I believe that the CTF also showed competitors that the UD ECE department is passionate about cybersecurity and that it is a great place to learn and master the essential skills and knowledge that cybersecurity experts employ every day.”
Gouert studies an exciting type of cryptography called homomorphic encryption, which allows you to do meaningful work (such as computing statistics) directly on encrypted values without revealing any information about the underlying private data.
“Using my knowledge in this area, I designed challenging and interesting problems that required competitors to leverage homomorphic encryption to accomplish specific goals,” he said. To design problems for the competition, event organizers called upon skills they learned in courses such as Pen Test and Reverse Engineering (CPEG471/671), Web Applications Security (CPEG470/670), Secure Software Design (CPEG476/676), and Applied Cryptography (CPEG472/672).
The event was organized by UD’s successful CTF team, including leader Landon Jones, CCAP graduate students Gouert and Dimitris Mouris, UD alumnus Matt Zelinsky, as well as members of UD’s Cyber Scholar program, which integrates with any major to prepare students to become tomorrow’s cybersecurity leaders. The students were supervised by CCAP faculty Andrew Novocin and Nektarios Georgios Tsoutsos.
“This CTF competition offers a unique opportunity to gain hands on experience across contemporary cybersecurity trends and helps students build a security mindset,” said Tsoutsos. “We developed multiple challenges over a broad range of topics, including several unique challenges based on popular video games. In addition to raising awareness, these challenges are now added to our existing portfolio of cybersecurity labs.”
The final team ranking is available here: https://ctftime.org/event/1298