My school’s computer security team, RPISEC, reached 13th place in the International Capture the Flag security game hosted by University of California, Santa Barbara. We scored 17,570 points compared to the winners’ 89,554, enough to rank us second amongst the U.S. teams.

The game was based on set of vulnerable web services hosted by the Music and Film Industry Association’s website. To earn points, each team had to defend its services while attacking others’.

Challenges

This year, the UCSB team introduced a “challenge board,” which was a grid of side-games involving trivia, cryptography, forensics, and reverse engineering. If you solved all of the challenges in a column, you were awarded the GPG decryption key to the source code relating to a service, allowing you to defend and attack more successfully.

My favorite challenge was as follows: A plaintext message (below, hex encoded) has been encrypted with AES twice, using two separate 16-byte (128-bit) keys. In each key, at most two bytes are non-zero. What are the keys?

This entry was posted Friday, December 7th, 2007 at 11:24 pm and is filed under Academia, Security. You can leave a response, or trackback from your own site.