Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
52 lines (43 sloc) 2.64 KB

CSAW 2015 Embedded Security Challenge (Phase 1)

Challenge Overview

For this year's ESC competition you will play the role of an attacker, and your goal is to overthrow an election by altering the results in your favor. To do so, you will impersonate an election terminal using an embedded system and launch a real attack to the weakened cryptographic security of the election system. The election system uses homomorphic encryption to accumulate votes, and your objective is to deceive the central tally service responsible for counting those votes as well as deciding the election winner. Your mission is to modify the final tally count and elect your favorable candidate.

The challenge will be is divided into two phases.

  • In the qualification phase you will compile a written report where you will elaborate on your cryptanalysis of the system and describe your strategy and tactics to deceive the tally server, in order to ensure that your favorite candidate will win the election. You must be very specific on the cryptanalysis of the provided election system description, as well as how you will use this cryptanalysis to develop an embedded system that will send frames to the tally server with deceiving information to alter the election result in your favor. The components and functionality of the modules in your embedded system should also be described in detail. Your designs must be area-constrained for Nexys 4 FPGAs and optimized for performance, as the latter will be a major metric to determine the challenge winner.

  • All first phase reports will be evaluated for their merit by a team of judges, and each will be assigned a score based on correctness, potential, novelty and performance optimizations. The 10 best teams will move forward to the final phase.

  • Additional details about the final phase are available here.


Teams are asked to submit their qualification report to csaw-esc at (also CC the ESC challenge leader: Nektarios) by September 25, 2015. The qualified teams will be announced on September 27, 2015 and the final report is due November 10, 2015 at 23:59 EST. Finalists will compete on-site in New York during the Cyber Security Awareness Week (November 12-14, 2015). Teams can register at (alternative form if the main link is not available UPDATE: Registration is now closed.

You can’t perform that action at this time.