b01lers CTF Snatches Victory

11-30-2015
Writer(s): Nathan Burow

The b01lers Capture the Flag (CTF) team smashed the competition – earning a first and second place in the “Build It Break It” security-oriented programming competition sponsored by the University of Maryland.  

The team earned their first place honor for the “Build It" portion of the competition and took second place for the “Break It" portion, winning a total of $3500.  Team members include Craig West, Gregory Essertel, Nathan Burow, Daniele Midi, and Scott Carr.

This contest is designed to teach undergraduate and graduate students to write code more securely. Winning is based on two objectives – writing secure code and breaking other teams’ codes.   

The contest consists of three rounds over the course of three weeks.  In the first "Build It" round, the teams implement an automated teller machine (ATM) and a bank server.  Next, teams attempt to break each other’s communication protocols between the bank and ATM to create false transactions (integrity violations), to discover existing transactions (confidentiality violations), and to demonstrate miscellaneous violations of the specification during the "Break It" round.  

Finally, during the "Fix It" round teams are able to repair their code.  “Build It” scores were totaled by subtracting points lost for vulnerabilities found during “Break It” round and points earned back for fixing the vulnerabilities during “Fix It” round.  “Break It” scores are based on the number and severity of the vulnerabilities or bugs found during the “Break It” round.

The team’s captain, Craig West said the competition furthered his education, giving him hands-on experience outside the classroom.

“I learned a lot about the features of different languages that make writing secure applications easier,” West said.  “This competition really highlighted the tradeoffs between security, performance, and usability,” he added.  

The team’s cryptography expert and leader of the winning “Break It” effort, Gregory Essertel said the competition was a tremendous learning experience.

“This competition emphasized for me that correctly using cryptographic primitives is not enough, you must also understand how your protocols will be used and attacked,” Essertel said.

The b01lers team includes undergraduate and graduate students, who focus on cyber-security.  Team meetings are held Monday evenings at 6 p.m. in HAAS 143. New members are welcome and encouraged to attend.