DEF CON 2019: Cybersecurity experts from Saarland University compete against the best of the best in the USA

Oliver Schranz, Johannes Krupp, Simeon Hoffmann, Sebastian Roth, Daniel Weber and Alexander Fink (from left to right) are now looking forward to the IT security competition in Las Vegas. Picture: Tobias Ebelshäuser / CISPA

IT security contests called “Capture the Flag” (CTF) are considered hacker contests, but for students this kind of competition is a practical exercise that beats any lecture on IT security in terms of learning enjoyment. Since 2014, the “saarsec” group, which also is made up of cybersecurity students from Saarland University, has taken part in such competitions. Now they will also be able to take part in the renowned CTF competition of the IT security conference “DEF CON”, which starts August 8th in Las Vegas, USA.

The principle is similar to that of the traditional outdoor game of the same name, still played by scouts today. In the computer security form of the competition, however, the participants do not steal just one flag, but several flags in the form of digital codes. These only lead to victory if the respective team recognizes security gaps earlier than others, exploits them in enemy systems and closes them in its own. There are points not only for the flags, but also for solving tricky quiz questions and for additional tasks such as the digital preservation of evidence, sending data covertly, or analysis of unknown source code. This makes each of these competitions a challenging move for budding IT security experts.

“In principle, it’s like a sport. The challenge lies in finding a solution in the shortest possible time and faster than others – for an attack and the corresponding defensive measure,” explains Oliver Schranz, who is writing his doctoral thesis on IT security at Saarland University, doing research at the CISPA – Helmholtz Center for Information Security, and is a member of “saarsec”.

Thus, CTF competitions align with the skills the “Cybersecurity” course of studies – introduced at Saarland University in 2014 – cultivates over six semesters. The students should “learn their trade as attackers, defenders and researchers in one”, says Michael Backes, Professor of Information Security and founding director of the CISPA – Helmholtz Center for Information Security.

Currently about 300 students are participating in this course and attending lectures on cryptography and IT security. In a cybersecurity project, they also learn how to solve problems as a team.

According to Oliver Schranz, precisely this type of practical training is part of the recipe for success of the “saarsec” team, which was also founded in 2014. “We try to continuously strengthen the team with good students. We regularly hold free workshops open to everyone. This makes it easy for new students to move up,” reports Schranz.

Just recently, saarsec won the “Enowars”. At this international tournament of the Technical University Berlin, the Saarland University students prevailed against 176 teams. And this is not their first success. Probably the most important so far is their victory at the Russian “ruCTFE” last year. On this way they qualified for another CTF where the computer science students from Saarbrücken had to attack and defend devices and services such as a cleaning robot, a networked refrigerator and an intelligent safe in Yekaterinburg. By their ruCTFE victory they also qualified for the CTF competition, which will take place in Las Vegas as part of “DEF CON” on 9 August. The DEF CON is the world’s largest IT security conference, offering lectures, workshops and competitions since 1993. Two years ago it had 25,000 attendees. Saarsec is to arrive with 18 people. “This is the Champions’ League. Everyone wants to compete there. I am very curious to see how far we will get,” says Schranz.

More information:
Website of saarsec:
https://saarsec.rocks/

Website of DEF CON 27:
https://www.defcon.org/html/defcon-27/dc-27-index.html

Background on Saarland Informatics Campus:
800 scientists and about 1900 students from 81 nations make the Saarland Informatics Campus (SIC) one of the leading locations for computer science in Germany and Europe. Six globally renowned research institutes, namely the German Research Center for Artificial Intelligence (DFKI), the Max Planck Institute for Computer Science, the Max Planck Institute for Software Systems, the Center for Bioinformatics, the Cluster of Excellence for Multimodal Computing and Interaction and the CISPA – Helmholtz Center for Information Security, three networked faculties and 18 courses of study cover the entire spectrum of computer science.

Questions can be directed to:
Oliver Schranz
CISPA – Helmholtz Center for Information Security
Phone: +49 681 302 57368
Email: schranz@cs.uni-saarland.de

Editor:
Gordon Bolduan
Competence Center Computer Science Saarland
Saarland Informatics CampusSaarland University
Phone: +49 681 302-70741
Email: bolduan@mmci.uni-saarland.de