In our first year of participation, Slug Security has secured 2nd place in MITRE’s 2023 Embedded Capture the Flag competition! Our team, representing the University of California, Santa Cruz, consisting of 10 students, was advised by Alvaro A. Cardenas. With what we learned from this year, we are excited to continue our participation in the competition next year.
About the Competition
Held annually, MITRE’s Embedded Capture the Flag (eCTF) competition is an international security competition with a theme of embedded systems. This year, participants were tasked with designing a secure key fob system for car door locks that can withstand tampering and different types of attacks, including replay, side-channel, and fault injection attacks. Teams had to create a secure system in two months and provide documentation and system outlines. This was followed by a two-month attack phase, where teams used various strategies to attack other teams’ designs and gain access to a car by bypassing security features.
This year’s competition drew over 540 participants from 80 schools and ran from January 18th to April 19th.
eCTF 2023 Timeline
Team Highlights
Our team consisted of 10 students, with 9 undergraduates and 1 graduate student, from a variety of majors including Computer Science, Computer Engineering, and Economics. Under the guidance of Professor Alvaro A. Cardenas, we were able to secure 2nd place in the competition, earning a total of 17,100 points. We were beaten by Carnegie Mellon University, who claimed 1st place with 28,100 points, but we managed to stay ahead of the University of Illinois at Urbana-Champaign, who earned 12,500 points.
Our greatest accomplishment was successfully protecting our system against all attacks, making us one of only two teams to achieve an unbreakable system design, alongside CMU.
eCTF 2023 Attack Board
Competition Writeup
As part of the competition, to validate attacks and defenses, teams were required to submit brief writeups. Currently, we are working on reformatting our documents for public release.
Our design and codebase have been published into a public GitHub repository for anyone to view.
Our poster on defensive and attack highlights is available for anyone to view.