The concept of capture the flag competitions goes back hundreds of years from a military perspective, and it has become a staple of hacking and cybersecurity exercises. The basic concept pits teams against each other in a race to infiltrate or compromise a target or opponent and achieve victory by capturing that team’s flag. Capture the flag—or CTF—challenges are very common for software hacking, but Intel has taken the idea and focused it around hardware in an effort to identify weaknesses and find innovative solutions to ensure future hardware is more secure.
A handful of recent, high-profile exploits within hardware microarchitecture have highlighted vulnerabilities in the hardware platforms we use every day. Design flaws expose weaknesses that attackers can exploit, and System-on-a-Chip (SoC) designers often use third-party intellectual property (IP) cores and in-house IP cores that unintentionally introduce bugs during implementation and integration. Attackers are getting much more creative about identifying weaknesses and developing side channel attacks to take advantage of them, so we need to do more to identify flaws and close security gaps before they can be exploited.
Hack@DAC and Hack@Sec
Intel has been collaborating with academic institutions and security researchers over the past few years to support and host hardware CTF challenges. Two of the most prominent are Hack@DAC and Hack@Sec. Each competition aims to reveal underlying weaknesses or security concerns so solutions can be developed to mitigate or remediate them.
Both competitions challenge teams to find security weaknesses in the hardware that enable them to compromise or bypass at least one of the security objectives. Attacks may lead to some sort of processing deadlock or system failure or may allow a side channel attack to be generated that enables the team to remotely access sensitive information or gain privileged access to the system.
The goal of the events is to offer a fun and educational way for participants to learn more about hardware common weakness enumerations (CWEs). Through these hands-on hacking opportunities, participants gain valuable experience and a deeper appreciation for the challenges involved in detecting hardware CWEs.
Participants also walk away with a better understanding of the issues and motivation to focus on research and innovation to address the problem. Ultimately, hardware CTF challenges help motivate design automation vendors to develop better tools that Intel and other processor and hardware manufacturers can use to identify such vulnerabilities in the future, and to implement effective solutions for more secure hardware platforms.
Raising Awareness and Educating Developers
I spoke with Jason Fung, Director of Academic Research Engagement and Offensive Security Research for Intel, about the hardware capture-the-flag competitions. He told me that Intel began hosting these challenges a few years ago in an effort to train their own developers. The goal has since expanded to include educating the broader industry in general to raise awareness of flaws commonly introduced unintentionally by designers and help everyone build more secure products for customers.
Jason explained that they use an open source SoC which is hardened to be as close to a commercial SoC as possible—then they introduce intentional bugs for the challenge. Ultimately, the goal is to learn lessons that apply in the real world—not to improve security of the open source SoC.
He told me they expected that researchers in the hardware CTF teams would find the flaws they introduced on purpose, but they were also surprised to find that they found other bugs and vulnerabilities as well. Teams also find bugs inserted unintentionally by the open source SoC designers, and that Intel was not aware of.
Collaborating with Academic Institutions
The relationship between Intel and academic institutions is vital for this effort. I reached out to Professor Ahmad Reza Sadeghi, Director of Intel Collaborative Autonomous and Resilient Systems (ICRI-CARS) and leader of the System Security Lab at TU Darmstadt, Germany, and Professor Jeyavijayan (JV) Rajendran, who runs the Secure and Trustworthy Hardware (SETH) Lab at Texas A&M University to get some insight on why they take part in the exercise, and what value it provides for their institutions.
They explained that the challenge itself is enough of a reason, but they also appreciate the impact the efforts have on research and the future of security for computing platforms. They noted that there has been a longstanding assumption that hardware is somehow inherently immune to attacks, but that exploits developed in recent years have proven otherwise.
They stressed, though, that they are particularly interested in attacks that can exploit vulnerabilities in hardware remotely via software. “These crucial attacks do not require physical access to the device and are more exciting from a research standpoint. We call these attacks cross-layer attacks. Recently researchers and the press have focused much on cross-layer attacks such as Spectre and Meltdown and alike, which have shown that hardware security is very fundamental and as important as software security and could result in adverse security impact if left unaddressed.”
There is also value for the academic institutions related to playing an active role in promoting security awareness and the close collaboration with the Intel Product Assurance & Security Research team. It is also an opportunity to engage with other hardware security research teams and gain valuable hands-on experience designing hardware security features and gaining insight and understanding about the hardware bugs and vulnerabilities that can exist in real-world designs.
Value of Hardware CTF Competition
When I asked the professors what they believe is the impact of an event like this on cybersecurity in the real world, they responded, “We believe that this competition contributes to the design and development of next-generation secure computing platforms. The insights it provides will have a high impact not only on academia but also industry. It motivates and provides researchers with an opportunity to assess and improve their security verification tools using our competition designs as test platforms.”
Ultimately, efforts like these have multiple benefits. They allow researchers who participate to hone their skills and learn to identify hardware bugs more easily. At the same time, they provide a platform for raising awareness about security flaws in hardware and yield valuable insight that can be used to resolve issues and close gaps so that future hardware can be more secure by design.