Cybersecurity is one of this century’s newest and most complex challenges. Data is becoming more and more difficult to protect, but an National Security Administration challenge aims to train the next generation of computer engineers to be able to handle the task.

The NSA Codebreaker challenge gave students around the country a chance to put their coding skills to use in a difficult context with a variety of interesting applications.

Daniel Ragsdale, a professor of computer science and engineering and director of the Texas A&M Cybersecurity Center, said the event provides student with universal cybersecurity skills.

“The NSA Codebreaker Challenge was developed by the NSA as an opportunity for students to both learn and develop skills that they think would be of interest not just to the NSA, but to any organization that focuses on addressing the challenges that cybersecurity presents,” Ragsdale said.

Students were given a program in the form of binary code and a set of four tasks to complete with this code.

“They were provided with simply a binary executable, think 1’s and 0’s machine code, and then they were asked a series of questions that you could only answer if you could get in and look into that file,” Ragsdale said. “Each of the four levels was increasingly difficult.”

Texas A&M was highly successful at this year’s challenge. According to the NSA’s website, out of 329 participating schools, A&M had the second most Task 1 finishers, the sixth most Task 2 finishers, the seventh most Task 3 finishers and the fifth most Task 4 finishers.

Only 54 students across the nation were able to complete Task 4, and two Aggies, Ryan Vrecener, a PhD student, and Zach Varnadore, a computer engineering senior, were included in that number.

“Stage 1 involved determine the executable environment, renaming the executable and determining what command line parameters are needed such as flags and how to use the input files,” Vrecener said.

Although this seems relatively simple, the program students were given was essentially 1’s and 0’s so even this level required a broad understanding of programming.

The second stage was to try and figure out how to “break into the program.”

“You had to try and figure out how to bypass the authentication,” Varnadore said. “It asked for a username and password and you had to find a way to fool the program to let you run it.”

Vrecener said he accomplished this by tracing the execution of the program until a failure, and then switching the binary value, in other words changing 1’s to 0’s, at that point.

The final two stages were the most complex, Ragsdale said. In the third stage, participants had to gain an understanding of how encrypted messages in the program functioned.

“The challenge presents you with the fact that the program is sending encrypted messages of some kind,” Varnadore said. “Your goal is to figure out the structure of these encrypted messages and how the program generates then decodes them.”

In the fourth and final stage of the challenge, students had to find weaknesses in the program and use them to complete various tasks.

“We looked for vulnerabilities in the program and then how to exploit that to trick users of this program to reveal encrypted information,” Varnadore said.

Both Vrecener and Varnadore attributed some of their success to reverse engineering courses offered at Texas A&M. Vrecener said the Reverse Engineering and the cryptography courses came in handy.

Any students that may want to consider participating in the competition next year, have several ways to get involved.

“People that are interested can take RE courses on campus and we have a cybersecurity club that will be running these kinds of things,” Varnadore said.

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.