Embedded Capture the Flag:
Helping students experience the creation of a secure embedded system
Invaluable Hands-on Experience for the Future Cybersecurity Workforce
MITRE’s Embedded Capture the Flag (eCTF) competition provides participants with the invaluable experience of creating secure systems and then learning from their mistakes.
The program sets itself apart from traditional online-focused challenges by focusing on embedded systems, which present distinct security issues. It runs over the majority of the spring semester and includes Design and Attack phases to balance offense and defense. This allows time for development and for advanced attacks during the Attack Phase.
eCTF Takes a Unique Competition Approach
Unlike traditional CTF’s, MITRE’s eCTF presents a two-phase challenge with attack and defense factors. During the first phase, students design and apply a secure system based on a set of competition requirements. In the second phase, students analyze and attack the designs of competing teams.
Opportunities to Participate
Students & Educators
University-affiliated teams of 3-20 students compete for a cash prize and publicity. (A faculty advisor is required.) The competition is free and split into two 6-week phases starting Jan. 18, 2023. This year teams will design and implement a secure key fob system for a car door lock.
eCTF sponsorship gives your organization exposure and access to the next generation of embedded security professionals – an in-demand demographic that is notoriously difficult to recruit. Multiple sponsorship tiers allow you to choose your level of involvement and visibility.
eCTF Over the Years
Pin Door Lock System
In the inaugural eCTF, teams designed a secure pin door lock system.
Bootloader for a Self-Driving Car
Teams designed a secure bootloader for a self-driving car.
Teams designed a secure ATM-bank system.
Video Game Console
Teams designed a secure video game console on the Digilent Arty Z7. The system had to attempt to protect the intellectual property of game designers, prevent users from loading their own software, and allow verified users to install and play games that they have purchased.
Audio Digital Rights Management Module
Teams designed a secure audio digital rights management (DRM) module for a next-generation multimedia player on the Digilent Cora Z7. The system had to be secure to prevent users from playing pirated music, support region locking, and prevent the creation of cloned bootleg players.
UAV Package Delivery System
Teams designed a secure communications system for an unmanned aerial vehicle (UAV) package delivery system. The system had to be secure to prevent attackers from gaining access to the network to spy on and disrupt the UAV system.
Secure Avionic Device
Teams secured an avionic device by designing a secure firmware update system and bootloader. The system must protect intellectual property and aircraft mission secrets in an untrusted environment, and ensure firmware protection and integrity in the face of supply-chain threats such as hardware trojans.
Secure Key Fob
This year teams will design and implement a secure key fob system for a car door lock. Teams are tasked with creating systems that must protect against an adversary with physical access to the devices. Deliverables include car firmware, fob firmware and software tools for interacting with and controlling the devices.