Carnegie Mellon's PPP1 team takes the stage at NYU-Poly's Cyber Security Awareness Week awards ceremony. The winners of the Capture the Flag Applications Security Challenge, from left, Matt Dickoff, Garrett Barboza, Ricky Zhou and Tyler Nighswander accept their prizes from NYU-Poly student leader of the challenge, Julian Cohen.
Last week, the campus of Polytechnic Institute of New York University (NYU-Poly) transformed into the epicenter of future protectors of smart infrastructure, cyber banking, national security and digital privacy.
Nearly 200 student finalists – winnowed from more than 1,000 in the elimination rounds – competed in the finals of the 8th Annual Cyber Security Awareness Week (CSAW), joined this year by the first-ever Kaspersky’s American Cup at NYU-Poly’s CSAW.
Another 200 cyber security professionals, recruiters, academics and students joined the student-led events, which are aimed at attracting and informing high school, undergraduate, graduate and doctoral students about the fast-changing field of digital security. Current estimates put the number of highly trained cyber security professionals at only one-eighth the need.
In one of the most competitive CSAW contests, a hacking challenge that attracted a record 207 international teams – from professionals to high school students – judges reduced the field to the 12 top teams of U.S. undergraduates. Finalists of the Capture the Flag Applications Security Challenge spent 24 sleepless hours in NYU-Poly’s gymnasium working realistic attacks devised by NYU-Poly cyber security students and prominent professionals. Above them, giant screens displayed their scores and iconic hacker films.
The judges described the result as unusually close, with few points separating all the finalists with the exception of the team called PPP1 from Carnegie Mellon University, which also took the top spot last year; this marked the third consecutive year that Carnegie Melon won this challenge. The second- and third-place teams were also repeats: PPP2 from Carnegie Mellon and RPISEC from Rensselaer Polytechnic Institute.
The Embedded Systems Challenge, which grapples with the growing real-life challenge of securing hardware manufacturing, was so attractive to the finalist team of Grenoble-INP Esisar that the students raised their own funds to travel from France to participate. (NYU-Poly’s CSAW provides travel funds to domestic finalists.) The French team placed second in one of the two categories, Malicious Processor Design. In the other category, Physical Unclonable Functions, a team from the University of Connecticut placed first, a repeat of sorts because UConn had won the single-category Embedded Systems Challenge last year.
In the High School Cyber Forensics Challenge, students solved a fictional murder mystery loosely based on the popular television series Jersey Shore. Thirteen teams employed mobile and computer forensics tools to investigate a credit card fraud scheme, mobile exploitation, Exif data analysis and organized crime to find the murderer and weapon: poison hair spray.
High school students also won two of the three top spots in the Video Awareness Challenge, in which students produced public service announcements advocating ways that other students can protect their digital information.
At the other end of the spectrum, the AT&T Award for Best Applied Security Paper attracts the top doctoral candidates because it judges papers that have been accepted by scholarly journals and conferences. Nearly 50 professionals volunteered to review and judge submissions.
The complete list of winners:
Capture the Flag
1. Team PPP1, Carnegie Mellon University – Garrett Barboza, Matt Dickoff, Tyler Nighswander and Ricky Zhou;
2. Team PPP2, Carnegie Mellon University – Joseph Lee, Brent Lim, Alex Reece and Hudson Thrift;
3. Team RPISEC, Rensselear Polytechnic Institute – Shawn Denbow, Jeremy Pope, Wilson Wong and Jared Candelaria.
Embedded Systems Challenge - Malicious Processors Design
1. University of Texas at Dallas – Yier Jin and Mihail Maniatakos
2. Grenoble - INP Esisar Team, France – Yves Clauzel, Jeremy Dubeuf, Maurin Augagneu and David Hely;
3. University of Connecticut – Xuehui Zhang, Andrew Ferraiuolo and Nicholas Tuzzio.
Embedded Systems Challenge - Physical Unclonable Functions
1. University of Connecticut – Xuehui Zhang, Andrew Ferraiuolo and Nicholas Tuzzio;
2. Iowa State University – Michael Patterson, Aaron Mills, Sudhanshu Vyas and Christopher Sabotta.
High School Cyber Forensics Challenge
1. Team Zettabyte, Red Bank Regional High School, N.J. – Emily Wicki, Michael Terpak and Alec Jasanovsky;
2. Team Echo, Poolesville High School, Maryland – Brendan Rowan, Daniel Luu and Jamie Palmer;
3. 11 Man Team, Middlesex County Academy for Science, Mathematics and Engineering Technologies, N.J. – Shreyas Chand, Eric Jeney and Brianna Mussman
Cyber Security Awareness Video Award
1. Lianna Lee, New York University;
2. Yamini Sasidhar, Academy of Allied Health and Science, N.J.;
3. Michael McGrew, Poolesville High School, Md.
AT&T Award for Best Applied Security Paper
1. Andrew White, University of North Carolina at Chapel Hill: Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks;
2. Shyamnath Gollakota, Massachusetts Institute of Technology: Secure In-Band Wireless Pairing;
1. Team RPISEC, Rensselear Polytechnic Institute – Andrew Zonenberg and Shawn Denbow;
2. Team thingys, Massachusetts Institute of Technology – Ben Agre and Cory Li;
3. Team Hack the Gibson –Shyamnath Gollakota of MIT and Bredan Dolan-Garitt of Georgia Institute of Technology.
Kaspersky Lab this year expanded its acclaimed international research conference, “IT Security for the Next Generation,” to university students in the United States in partnership with NYU-Poly’s CSAW. Judges selected 15 university students who submitted original research to present their papers in the final round of judging. Winners will participate in the world finals in Europe.
Kaspersky’s American Cup
1. Ang Cui, Columbia University: Killing the Myth of Cisco IOS Diversity: Recent Advances in Reliable Shellcode Design;
2. Timothy Vidas, Carnegie Mellon University: Towards a General Collection Methodology for Android Devices;
3. Jeyavijayan Rajendran, NYU-Poly: Processor Encryption: Towards More Secure and Reliable Processors;
4. Napa Sae-Bae, NYU-Poly: Biometric-Rich Gestures: A Novel Approach to Authentication on Multi-touch Devices.
“CSAW set records for participation this year in every challenge,” said Nasir Memon, head of NYU-Poly’s cyber security program. “We are gratified by the response of both students and the many judges and sponsors who recognize the importance of CSAW’s goals. CSAW encourages talented students to pursue research and careers in this vital field of cyber security. It also enables students to build friendships with their peers and professionals so that they can stay current in this fast-moving field.”
As part of CSAW, students interacted with professors and well known professionals who serve as judges. Peiter Zatko, a DARPA program manager who became famous among hackers as “Mudge,” keynoted the welcome reception on Thursday, Nov. 10, and Don Proctor, Cisco senior vice president and leader of its Cybersecurity Task Force, was keynote speaker for the award ceremony on Nov. 11. Neil Hershfield, deputy director of the U.S. Department of Homeland Security Control Systems Security Program, addressed the Kaspersky Lab conference as well as those attending the CSAW awards ceremony.
Sponsors of CSAW – many of them providing judges and career fair recruiters – include AT&T, AccessData, Booz Allen Hamilton, Cisco, Facebook, Gotham Digital Science, Hewlett-Packard Company, Huawei, Intel, International Council of Electronic Commerce Consultants, Kaspersky Lab, Livescribe, Lockheed Martin, Matasano, National Science Foundation, Pitney Bowes, Raytheon, Research In Motion, Sandia National Laboratories, State Street, Stroz Friedberg, U.S. Air Force Research Laboratory, U.S. Army Research Office, U.S. Department of Homeland Security and Xilinx.
The NYU-Poly CSAW challenges are among the oldest and broadest student-led competitions. NYU-Poly was one of the earliest schools to introduce a cyber security program, receiving National Security Agency (NSA) approval a decade ago. It is designated as both a Center of Academic Excellence in Information Assurance Education and a Center of Academic Excellence in Research by the NSA.
The Sloan Consortium, an affiliation of educators and institutions dedicated to quality online education, named NYU-Poly’s cyber security program as the Outstanding Online Program for 2011.
NYU-Poly’s CSAW experience will lead to a new program next year for high schools. It will include training for high school teachers, summer boot camp and a web portal to network and support emerging talent.
About Polytechnic Institute of New York University
Polytechnic Institute of New York University (formerly Polytechnic University), an affiliate of New York University, is a comprehensive school of engineering, applied sciences, technology and research, and is rooted in a 157-year tradition of invention, innovation and entrepreneurship: i2e. The institution, founded in 1854, is the nation’s second-oldest private engineering school. In addition to its main campus in New York City at MetroTech Center in downtown Brooklyn, it also offers programs at sites throughout the region and around the globe. Globally, NYU-Poly has programs in Israel, China and is an integral part of NYU's campus in Abu Dhabi. For more information, visit www.poly.edu.