Tamper Evident Contest For DEF CON 21
First, we just wanted to say thank you for being interested in Tamper Evidence and being a part of the community. For the TEC this year Stits, a long time contributor to helping run the TEC at DEF CON is going to be running the contest this year.
Second, If you're interested in playing this year, we have some great news, we're radically changing the format of the contest to make in shorter and far easier to participate!
That said, here is the announcement from Stits!
If you're thinking of playing please:
• Read this post and decide if it's still something you think would be fun (That's the most important thing) or maybe offer to help run the contest!
• Go to the registration or help threads and sign up.
• Show up in Vegas for DEFCON 21!
• Grab the package, defeat the seals, replace the object inside and present your defeats to the judging panel in less then 10 hours.
• Win!
Because Tamper Evidence has grown so much over the last three years with more contests, speakers and defeats there is going to be a dedicated Tamper Evident Village.
What we can tell you right now is:
• MFP, the team that has won this contest in years past will be running it. They have years of experience with this sort of thing and it’s going to be kick ass.
• You will be able to go there for talks, labs, play with various seals and hang out with cool people.
Contest Specifics
Team Only: You can register only as a team of two to six people this year. We'd hope to see people max that out, if you're interested reach out on the forums with a team and sign up! This is so the most people can play with the least headache for the contest organizers. Additionally, everything is classified as "Unlimited." That means that anything goes to accomplish a defeat! Got a lathe, access to ultra-pure water (it's an amazing solvent) or an X-Ray machine? Bring it! We're also not going to have a McGyver level (where you use commonly found items in the hotel) this year, it's amazing but very hard to quantify, maybe next year.
Documentation:
A component of the contest has always been to require documentation of how you did your defeat. In years past we used a documentation system that unfortunately required just as much time for many teams as the contest itself. It's actually a variant of what's expected in professional and academic communities. This year a brief write-up with pictures or video will suffice, you may be asked questions by the judges so be prepared. It's paramount that your discoveries can be shown and others learn what does and doesn’t work to make informed decisions when buying a TE product. That said, after the contest you're encouraged to create a detailed write up based of the BSI format for the community.
Instead of pushing the responsibility of publishing your work out to the TE wiki; we’ve chosen to take the reasonability on ourselves and a contest volunteer will be doing that for you.
THE GOAL:
With all the different tamper evident technologies out there (I.E. tape, seals, locks, tags, bags, UV, pressure etc) we understand that this can be very intimidating. The goal of this contest is to learn something new and spread that knowledge! The contest will test your ability to perform "defeats" (Described below) against a range of inexpensive commercial low to medium security products in an eight hour window from noon Friday to 22:00 with judging occurring at noon Saturday by three judges for a combined score. You will see a list of the exact products in the contest so you can practice in advance.
SCORING:
As with years past; You’ll receive points for succeeding, no points for failing, and negative points for not trying (seriously at least try) to defeat or skipping an item. Extra points are awarded for completeness of documentation. The more unique your exploits are the better. In the case of a tie in points, the winning team is the one that returned the package to the contest booth first.
Scoring itself isn't going to change. This is exactly what it's been in years past. You will however be allow to contest the results with the judges if you want to be present at noon on Saturday.
Different levels of defeats are worth different points. We will use the LANL Defeat Categorization Scheme (it's detailed below) to describe them:
● [1]Type 1 defeat = 1 points
● [2]Type 2a defeat = 2 points
● [3]Type 2b defeat = 4 points
● [4](Type 3 defeat = 6 points) - Treated as 2b because we don't have the gear to detect a level 3 defeat
● Failing to attempt a defeat earns you negative 2 points (-2)
THE COURSE OF THE CONTEST:
When you get to CON you will be given a package at noon Friday. This package will have tamper evident seals on it. Your goal is to defeat them and document your work. After defeating all the external seals open the box and tamper with its contents. Inside you will find two chains. One of the chains is just a plain chain; the other chain will have some tamper evident tags and such on it. You will have 22:00 on Friday (yes ten hours) to move as many of these seals and tags from one chain to the other without your tampering being detected..
There will only be than 6 or so tags this year, this is not everything, but it is the majority of what you’ll see
Some security tapes from here:
http://www.uline.com/BL_3079/Securit...eywords=tamper <http://www.uline.com/BL_3079/Securit...eywords=tamper>
Uline colored Cable Seal
http://www.uline.com/BL_2313/Colored-Cable-Seals <http://www.uline.com/BL_2313/Colored-Cable-Seals>
Uline padlock seal
http://www.uline.com/Product/Detail/.../Padlock-Seals <http://www.uline.com/Product/Detail/.../Padlock-Seals>
Uline Metal Truck Seals ball lock "Tamper Proof"
http://www.uline.com/Product/Product...elnumber=H-542 <http://www.uline.com/Product/Product...elnumber=H-542>
Tug-Tights "Tamper Resistant"
http://www.uline.com/Product/Detail/...ght-Drum-Seals <http://www.uline.com/Product/Detail/...ght-Drum-Seals>
Uline Plastic truck seals "Tamper Resistant"
http://www.uline.com/Product/Detail/...ic-Truck-Seals <http://www.uline.com/Product/Detail/...ic-Truck-Seals>
Uline Plastic truck seals "Tamper Evident"
http://www.uline.com/Product/Product...number=S-13677 <http://www.uline.com/Product/Product...number=S-13677>
REFERENCES:
Here is a list of Links & papers to get you started becoming familiar with what I have found on this subject.
Websites:
http://www.ne.anl.gov/capabilities/vat/seals/index.html <http://www.ne.anl.gov/capabilities/vat/seals/index.html>
http://www.ne.anl.gov/capabilities/vat/seals/types.html <http://www.ne.anl.gov/capabilities/vat/seals/types.html>
Definitions to use when talking about tamper evidence http://www.ne.anl.gov/capabilities/v...efinition.html <http://www.ne.anl.gov/capabilities/v...efinition.html>
http://www.ne.anl.gov/capabilities/vat/detect.html <http://www.ne.anl.gov/capabilities/vat/detect.html>
http://www.ne.anl.gov/capabilities/v.../findings.html <http://www.ne.anl.gov/capabilities/v.../findings.html>
PDF documents:
Read this first paper, Effective Vulnerability Assessment of Tamper-Indicating Seals, because it will describe the definitions of the defeats.
http://library.lanl.gov/cgi-bin/getfile?00418792.pdf <http://library.lanl.gov/cgi-bin/getfile?00418792.pdf>
http://grandideastudio.com/wp-conten...mbed_paper.pdf <http://grandideastudio.com/wp-conten...mbed_paper.pdf>
http://csrc.nist.gov/groups/STM/cmvp...secpaper06.pdf <http://csrc.nist.gov/groups/STM/cmvp...secpaper06.pdf>
http://www.cl.cam.ac.uk/~mkb23/research/PIN-Mailer.pdf <http://www.cl.cam.ac.uk/~mkb23/research/PIN-Mailer.pdf>
From the first PDF, here is a quote describing the different defeats for those of you curious, but not curious enough to download and read it.
Under the LANL scheme, we classify successful attacks into four categories: type 1, 2a, 2b, or 3.
In a type 1 defeat, tampering is not detected if the "usual" seal inspection process is followed. See figure 1.
The usual process is that routinely or typically employed by the end-user. For most seals, this is the protocol recommended by the developer or manufacturer of the seal. A type 1 defeat, however, will be detected if unusual efforts are taken. For many seals, an example of an unusual inspection protocol would be to disassemble the seal and examined it in great detail to look for tampering.
In a type 2a defeat, tampering is not detected if the usual inspection protocol is followed and if the user visually studies the exterior of the seal (plus any internal parts that can be seen without opening the seal) to look for evidence of entry. The visual inspection can be done with either the naked eye or a hand-held magnifier.
In a type 2b defeat, tampering is not detected if the usual inspection protocol is followed and if the user disassembles the seal and meticulously examines the interior and the exterior of the seal visually (with the naked eye or a hand-held magnifier) to look for evidence of entry.
In a type 3 defeat, tampering cannot be detected, even if the most advanced postmortem analysis is undertaken. See figure 3. State-of-the-art techniques in forensics, material science, or microscopy will not be able to tell that the seal has been defeated. Classifying a defeat as type 3 is problematic in that it is difficult to be absolutely certain that no technology anywhere in the world has the ability to detect the tampering. Despite this problem, we believe we have demonstrated a number of type 3 defeats at LANL [13].
If a non-type 3 defeat is successful in a seal application where the "usual" inspection protocol automatically includes meticulous visual examination of the exterior or interior of the seal, the defeat is classified as 2a or 2b, respectively, rather than as a type 1 defeat.
For this contest the "usual" seal inspection process will be that of cursory inspect held at arms length, to simulate someone walking by or casually looking at the seals while talking to someone else.
In reality a type 3 defeat is essentially the same as a 2b defeat because we don't have all the advanced gear on site to determine the difference, and we now treat them the same for points.
NEXT STEPS:
Sign up if by posting in the registration thread, or, the helpers thread if you’re interested.
Thank you all, look forward to having a really fun contest this year!
First, we just wanted to say thank you for being interested in Tamper Evidence and being a part of the community. For the TEC this year Stits, a long time contributor to helping run the TEC at DEF CON is going to be running the contest this year.
Second, If you're interested in playing this year, we have some great news, we're radically changing the format of the contest to make in shorter and far easier to participate!
That said, here is the announcement from Stits!
If you're thinking of playing please:
• Read this post and decide if it's still something you think would be fun (That's the most important thing) or maybe offer to help run the contest!
• Go to the registration or help threads and sign up.
• Show up in Vegas for DEFCON 21!
• Grab the package, defeat the seals, replace the object inside and present your defeats to the judging panel in less then 10 hours.
• Win!
Because Tamper Evidence has grown so much over the last three years with more contests, speakers and defeats there is going to be a dedicated Tamper Evident Village.
What we can tell you right now is:
• MFP, the team that has won this contest in years past will be running it. They have years of experience with this sort of thing and it’s going to be kick ass.
• You will be able to go there for talks, labs, play with various seals and hang out with cool people.
Contest Specifics
Team Only: You can register only as a team of two to six people this year. We'd hope to see people max that out, if you're interested reach out on the forums with a team and sign up! This is so the most people can play with the least headache for the contest organizers. Additionally, everything is classified as "Unlimited." That means that anything goes to accomplish a defeat! Got a lathe, access to ultra-pure water (it's an amazing solvent) or an X-Ray machine? Bring it! We're also not going to have a McGyver level (where you use commonly found items in the hotel) this year, it's amazing but very hard to quantify, maybe next year.
Documentation:
A component of the contest has always been to require documentation of how you did your defeat. In years past we used a documentation system that unfortunately required just as much time for many teams as the contest itself. It's actually a variant of what's expected in professional and academic communities. This year a brief write-up with pictures or video will suffice, you may be asked questions by the judges so be prepared. It's paramount that your discoveries can be shown and others learn what does and doesn’t work to make informed decisions when buying a TE product. That said, after the contest you're encouraged to create a detailed write up based of the BSI format for the community.
Instead of pushing the responsibility of publishing your work out to the TE wiki; we’ve chosen to take the reasonability on ourselves and a contest volunteer will be doing that for you.
THE GOAL:
With all the different tamper evident technologies out there (I.E. tape, seals, locks, tags, bags, UV, pressure etc) we understand that this can be very intimidating. The goal of this contest is to learn something new and spread that knowledge! The contest will test your ability to perform "defeats" (Described below) against a range of inexpensive commercial low to medium security products in an eight hour window from noon Friday to 22:00 with judging occurring at noon Saturday by three judges for a combined score. You will see a list of the exact products in the contest so you can practice in advance.
SCORING:
As with years past; You’ll receive points for succeeding, no points for failing, and negative points for not trying (seriously at least try) to defeat or skipping an item. Extra points are awarded for completeness of documentation. The more unique your exploits are the better. In the case of a tie in points, the winning team is the one that returned the package to the contest booth first.
Scoring itself isn't going to change. This is exactly what it's been in years past. You will however be allow to contest the results with the judges if you want to be present at noon on Saturday.
Different levels of defeats are worth different points. We will use the LANL Defeat Categorization Scheme (it's detailed below) to describe them:
● [1]Type 1 defeat = 1 points
● [2]Type 2a defeat = 2 points
● [3]Type 2b defeat = 4 points
● [4](Type 3 defeat = 6 points) - Treated as 2b because we don't have the gear to detect a level 3 defeat
● Failing to attempt a defeat earns you negative 2 points (-2)
THE COURSE OF THE CONTEST:
When you get to CON you will be given a package at noon Friday. This package will have tamper evident seals on it. Your goal is to defeat them and document your work. After defeating all the external seals open the box and tamper with its contents. Inside you will find two chains. One of the chains is just a plain chain; the other chain will have some tamper evident tags and such on it. You will have 22:00 on Friday (yes ten hours) to move as many of these seals and tags from one chain to the other without your tampering being detected..
There will only be than 6 or so tags this year, this is not everything, but it is the majority of what you’ll see
Some security tapes from here:
http://www.uline.com/BL_3079/Securit...eywords=tamper <http://www.uline.com/BL_3079/Securit...eywords=tamper>
Uline colored Cable Seal
http://www.uline.com/BL_2313/Colored-Cable-Seals <http://www.uline.com/BL_2313/Colored-Cable-Seals>
Uline padlock seal
http://www.uline.com/Product/Detail/.../Padlock-Seals <http://www.uline.com/Product/Detail/.../Padlock-Seals>
Uline Metal Truck Seals ball lock "Tamper Proof"
http://www.uline.com/Product/Product...elnumber=H-542 <http://www.uline.com/Product/Product...elnumber=H-542>
Tug-Tights "Tamper Resistant"
http://www.uline.com/Product/Detail/...ght-Drum-Seals <http://www.uline.com/Product/Detail/...ght-Drum-Seals>
Uline Plastic truck seals "Tamper Resistant"
http://www.uline.com/Product/Detail/...ic-Truck-Seals <http://www.uline.com/Product/Detail/...ic-Truck-Seals>
Uline Plastic truck seals "Tamper Evident"
http://www.uline.com/Product/Product...number=S-13677 <http://www.uline.com/Product/Product...number=S-13677>
REFERENCES:
Here is a list of Links & papers to get you started becoming familiar with what I have found on this subject.
Websites:
http://www.ne.anl.gov/capabilities/vat/seals/index.html <http://www.ne.anl.gov/capabilities/vat/seals/index.html>
http://www.ne.anl.gov/capabilities/vat/seals/types.html <http://www.ne.anl.gov/capabilities/vat/seals/types.html>
Definitions to use when talking about tamper evidence http://www.ne.anl.gov/capabilities/v...efinition.html <http://www.ne.anl.gov/capabilities/v...efinition.html>
http://www.ne.anl.gov/capabilities/vat/detect.html <http://www.ne.anl.gov/capabilities/vat/detect.html>
http://www.ne.anl.gov/capabilities/v.../findings.html <http://www.ne.anl.gov/capabilities/v.../findings.html>
PDF documents:
Read this first paper, Effective Vulnerability Assessment of Tamper-Indicating Seals, because it will describe the definitions of the defeats.
http://library.lanl.gov/cgi-bin/getfile?00418792.pdf <http://library.lanl.gov/cgi-bin/getfile?00418792.pdf>
http://grandideastudio.com/wp-conten...mbed_paper.pdf <http://grandideastudio.com/wp-conten...mbed_paper.pdf>
http://csrc.nist.gov/groups/STM/cmvp...secpaper06.pdf <http://csrc.nist.gov/groups/STM/cmvp...secpaper06.pdf>
http://www.cl.cam.ac.uk/~mkb23/research/PIN-Mailer.pdf <http://www.cl.cam.ac.uk/~mkb23/research/PIN-Mailer.pdf>
From the first PDF, here is a quote describing the different defeats for those of you curious, but not curious enough to download and read it.
Under the LANL scheme, we classify successful attacks into four categories: type 1, 2a, 2b, or 3.
In a type 1 defeat, tampering is not detected if the "usual" seal inspection process is followed. See figure 1.
The usual process is that routinely or typically employed by the end-user. For most seals, this is the protocol recommended by the developer or manufacturer of the seal. A type 1 defeat, however, will be detected if unusual efforts are taken. For many seals, an example of an unusual inspection protocol would be to disassemble the seal and examined it in great detail to look for tampering.
In a type 2a defeat, tampering is not detected if the usual inspection protocol is followed and if the user visually studies the exterior of the seal (plus any internal parts that can be seen without opening the seal) to look for evidence of entry. The visual inspection can be done with either the naked eye or a hand-held magnifier.
In a type 2b defeat, tampering is not detected if the usual inspection protocol is followed and if the user disassembles the seal and meticulously examines the interior and the exterior of the seal visually (with the naked eye or a hand-held magnifier) to look for evidence of entry.
In a type 3 defeat, tampering cannot be detected, even if the most advanced postmortem analysis is undertaken. See figure 3. State-of-the-art techniques in forensics, material science, or microscopy will not be able to tell that the seal has been defeated. Classifying a defeat as type 3 is problematic in that it is difficult to be absolutely certain that no technology anywhere in the world has the ability to detect the tampering. Despite this problem, we believe we have demonstrated a number of type 3 defeats at LANL [13].
If a non-type 3 defeat is successful in a seal application where the "usual" inspection protocol automatically includes meticulous visual examination of the exterior or interior of the seal, the defeat is classified as 2a or 2b, respectively, rather than as a type 1 defeat.
For this contest the "usual" seal inspection process will be that of cursory inspect held at arms length, to simulate someone walking by or casually looking at the seals while talking to someone else.
In reality a type 3 defeat is essentially the same as a 2b defeat because we don't have all the advanced gear on site to determine the difference, and we now treat them the same for points.
NEXT STEPS:
Sign up if by posting in the registration thread, or, the helpers thread if you’re interested.
Thank you all, look forward to having a really fun contest this year!
Comment