Embedded Capture the Flag:
Helping students experience the creation of a secure embedded system

Young curly hair woman discussing with man in classroom. Classmates are working together through laptop. They are wearing casuals.

Invaluable Hands-on Experience for the Future Cybersecurity Workforce

MITRE’s Embedded Capture the Flag (eCTF) competition provides participants with the invaluable experience of creating secure systems and then learning from their mistakes.
The program sets itself apart from traditional online-focused challenges by focusing on embedded systems, which present distinct security issues. It runs over the majority of the spring semester and includes Design and Attack phases to balance offense and defense. This allows time for development and for advanced attacks during the Attack Phase.

Download the Competition Flyer

eCTF Takes a Unique Competition Approach

Unlike traditional CTF’s, MITRE’s eCTF presents a two-phase challenge with attack and defense factors. During the first phase, students design and apply a secure system based on a set of competition requirements. In the second phase, students analyze and attack the designs of competing teams.

Design, Handoff, and Attack Phases

Opportunities to Participate

Students & Educators

University-affiliated teams of 3-20 students compete for a cash prize and publicity. (A faculty advisor is required.) The competition is free and split into two 6-week phases starting Jan. 18, 2023. This year teams will design and implement a secure key fob system for a car door lock.

Sponsors

eCTF sponsorship gives your organization exposure and access to the next generation of embedded security professionals – an in-demand demographic that is notoriously difficult to recruit. Multiple sponsorship tiers allow you to choose your level of involvement and visibility.

eCTF Over the Years

2016
2016

Pin Door Lock System

In the inaugural eCTF, teams designed a secure pin door lock system.

2017
2017

Bootloader for a Self-Driving Car

Teams designed a secure bootloader for a self-driving car.

2018
2018

ATM-Bank System

Teams designed a secure ATM-bank system.

2019
2019

Video Game Console

Teams designed a secure video game console on the Digilent Arty Z7. The system had to attempt to protect the intellectual property of game designers, prevent users from loading their own software, and allow verified users to install and play games that they have purchased.

2020
2020

Audio Digital Rights Management Module

Teams designed a secure audio digital rights management (DRM) module for a next-generation multimedia player on the Digilent Cora Z7. The system had to be secure to prevent users from playing pirated music, support region locking, and prevent the creation of cloned bootleg players.

2021
2021

UAV Package Delivery System

Teams designed a secure communications system for an unmanned aerial vehicle (UAV) package delivery system. The system had to be secure to prevent attackers from gaining access to the network to spy on and disrupt the UAV system.

2022
2022

Secure Avionic Device

Teams secured an avionic device by designing a secure firmware update system and bootloader. The system must protect intellectual property and aircraft mission secrets in an untrusted environment, and ensure firmware protection and integrity in the face of supply-chain threats such as hardware trojans.

2023
2023

Secure Key Fob

This year teams will design and implement a secure key fob system for a car door lock. Teams are tasked with creating systems that must protect against an adversary with physical access to the devices. Deliverables include car firmware, fob firmware and software tools for interacting with and controlling the devices.

Stay informed

Sign up for news about MITRE Engenuity and the critical technical challenges facing our nation and world.

Subscribe to updates