No announcement yet.

Protocol acid test

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • Protocol acid test

    I've been interested in something which lies halfway between CTF and Own the Box. It could very well augment Own the Box as the underlying format is basically the same: you build the box, hand it over, it gets hooked up to the network, and people would try to break it.

    The twist would be: months before the contest starts, a specific protocol is outlined. The protocol would store state, perform computations, and have access control mechanisms/crypto.

    A CTF-like scorekeeping server would connect to all the boxes participating in the contest, storing and retrieving data and performing computations.

    Your score would be based on the uptime of your server (resilience to DoS) as well as the integrity of the data. The assailants could earn points by compromising data sent or retrieved the scorekeeping server, compromising the access control of the service, or rooting the box. And super bonus points for rooting the scorekeeping server.

    The basic contest would center around implementing resilient, fault tolerant network services which can stand up to a hostile environment. Sort of like CTF, except it doesn't eat up any of your time at con.
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]