Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic Problem Generation for Capture-the-Flag Competitions This material is based upon work supported by the National Science Foundation under Grant.

Published byNigel Hubbard Modified over 8 years ago

Similar presentations

Presentation on theme: "Automatic Problem Generation for Capture-the-Flag Competitions This material is based upon work supported by the National Science Foundation under Grant."— Presentation transcript:

1 Automatic Problem Generation for Capture-the-Flag Competitions This material is based upon work supported by the National Science Foundation under Grant No. 1419362 and by a Graduate Research Fellowship under Grant No. 0946825. 8/11/2015 Jonathan Burket jburket@cmu.edu Peter Chapman peter@cmu.edu Tim Becker tjbecker@cmu.edu Carnegie Mellon University Chris Ganas cganas@cmu.edu David Brumley dbrumley@cmu.edu

2 Outline Overview of Automatic Problem Generation Flag Sharing in picoCTF 2014 Future Work 2

3 “Jeopardy-Style” Capture-the-Flag 3 Cryptography 100 Cryptography 200 Web 100 Web 200 Forensics 100 Flag: “sql_injection_rox” Points!

4 Example CTF Problem You find an encrypted message written on the documents. Can you decrypt it? “rfc qcapcr nyqqnfpyqc gq bmuasiugssaxxlextkasoklntcidhm” 4 “the secret passphrase is dowcukwiuuczzngzvmcuqmnpvekfjo”

5 Flag Sharing 5 Flag: “sql_injection_rox” Points! Alice Bob

6 Flag Sharing 6 Flag: “sql_injection_rox” Points! freeflags.com Points! Alice BobCarolDave

7 Changing Problems Automatically 7 “the secret passphrase is dowcukwiuuczzngzvmcuqmnpvekfjo” “rfc qcapcr nyqqnfpyqc gq bmuasiugssaxxlextkasoklntcidhm” “the secret passphrase is vrsoblzffauncgrgknleuxedsknnhb” “rfc qcapcr nyqqnfpyqc gq tpqmzjxddyslaepeiljcsvcbqillfz” k=24

8 Changing Problems Automatically 8 “the secret passphrase is dowcukwiuuczzngzvmcuqmnpvekfjo” “rfc qcapcr nyqqnfpyqc gq bmuasiugssaxxlextkasoklntcidhm” “the secret passphrase is dowcukwiuuczzngzvmcuqmnpvekfjo” “znk ykixkz vgyyvnxgyk oy juciaqcoaaifftmfbsiawstvbkqlpu” k=24 k=6 These different versions can be generated automatically!

9 Automatic Problem Generation Through Automatic Problem Generation, different competitors can receive different versions (“autogen” problem instances) of a given problem. 9 “wkh vhfuhw sdvvskudvh lv yuvreociidxqfjujnqohxahgvnqqke” Flag: “vrsoblzffauncgrgknleux…” “rfc qcapcr nyqqnfpyqc gq bmuasiugssaxxlextkasoklntcidhm” Flag: “dowcukwiuuczzngzvmc…” Alice Bob Flags can’t be shared!

10 Templated Autogen Problems 10 “What is the value of {register} after executing the instruction at address {memory address}?” “What is the value of eax after executing the instruction at address 0x12345678?” “What is the value of ebx after executing the instruction at address 0x20202020?” Problem instances are essentially the same, but have slightly different details. Good for detection and prevention of flag sharing

11 11 Flag: “vrsoblzffauncgrgknleux…” Correct Flag: “dowcukwiu…” Alice Bob Flag: “vrsoblzffauncgrgknleux…” Correct Flag: “vrsoblzff…” Correct! Flag Sharing! We detect flag sharing by looking for cases where users submit incorrect flags that are correct for an instance other than their own

12 12 Correct Flag: “dowcukwiu…” Alice Bob Correct Flag: “vrsoblzff…” freeflags.com “The correct flag for this problem is vrsoblzffauncgrgknleux…” Distinct, per instance flags allows competition to detect the source of shared flags

13 Challenges Balanced Difficulty Bug Prevention Scalability and Deployment 13

14 Balanced Problem Difficulty 14 Need to make sure each problem instance is reasonably close to the same difficulty. “the secret passphrase is dowcukwiuuczzngzvmcuqmnpvekfjo” k=0

15 Scalability and Deployment Each team must be given a team-specific problem instance Problem instance generation must not bottleneck the performance of the competition For problems served from remote machines, instances must be deployed to those machines and synchronized with the grading server 15

16 Automatic Problem Generation in picoCTF 2014 16

17 picoCTF 2014 3,185 Eligible Teams 9,738 Eligible Students 12 Day Competition 66 Security Challenges Cash Prizes for Top 10 Teams 17

18 Automatically Generated Problems in picoCTF 2014 18 Problem NameCategoryScore Teams Solved Tyrannosaurus HexMiscellaneous103185 No CommentWeb202952 CaesarCryptography202648 Internet InspectionWeb302704 JavascryptWeb401719 SubstitutionCryptography501677 ZORCryptography50554 Basic ASMReversing60887 Repeated XORCryptography70182 BlockCryptography13035

19 Flag Sharing in picoCTF 2014 127,412 flags (correct and incorrect) submitted to automatically generated problems 1,081 (0.84%) labeled as “shared flags” 530 distinct flag sharing cases 14% (460/3185) of teams involved 87% of these teams shared flags for only one problem 68% teams attempting to submit a shared flag eventually solved the problem correctly 19

20 20

21 21

22 22

23 23

24 24

25 25

26 26

27 27

28 Future of Automatic Problem Generation in CTFs 28

29 29

30 Synthesized Autogen Problems 30 void check_input(int v0, int v1) { v0 += 7; int v2 = 0; v0 *= v2; v1 += 2; if(v0 < 45) { int v3 = v0; v2 -= v3; } v1 *= 8; int v4 = 3; v4 *= v1; if(v0 != 0) { you_lose(); return; } if(v2 != 0) { you_lose(); return; } if(v4 != -456) { you_lose(); return; } get_key(); return; } void check_input(int v0, int v1, int v2, int v3, int v4, int v5, int v6) { int v7 = -1; v3 -= 3; v6 -= 1; for(int v8=1; v8<= 9; v8+=v1) { v5 += v8; v2 *= v6; } int v9 = 6; int v10 = 0; if(v2 <= v9) { v5 *= v4; v0 += v3; } else { v3 |= v6; } int v11 = v6; v11 += v10; for(int v12=1; v12< 10; v12+=v5) { int v13 = v7; v6 *= v0; if(v5 == 44) { v13 -= v2; v11 *= v10; } else { v13 *= v11; … void check_input(int v0, int v1) { int v2 = v1; int v3 = v0; if(v1 > 29) { v0 *= v1; } if(v0 != -8930) { you_lose(); return; } if(v2 != 94) { you_lose(); return; } if(v3 != -95) { you_lose(); return; } get_key(); return; } Similar Difficulty Harder

31 Synthesized Autogen Problems Easy Hard 31

32 Questions? 32 https://github.com/picoCTF/picoCTF-Platform-2

Download ppt "Automatic Problem Generation for Capture-the-Flag Competitions This material is based upon work supported by the National Science Foundation under Grant."

Similar presentations

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring Edward J. Schwartz *, JongHyup Lee ✝, Maverick.

Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring Edward J. Schwartz *, JongHyup Lee ✝, Maverick.
A3.1 Assignment 3 Simple Job Submission Using GT 4 GRAM.

A3.1 Assignment 3 Simple Job Submission Using GT 4 GRAM.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Introduction to Computer Security David Brumley Carnegie Mellon University.

Introduction to Computer Security David Brumley Carnegie Mellon University.
Review: Software Security David Brumley Carnegie Mellon University.

Review: Software Security David Brumley Carnegie Mellon University.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M030 17 th November, 2008.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.

The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography

Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.

Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.

Similar presentations

Ads by Google