Attack Phase Flags and Scenarios¶

Warning

ARCHIVED PAST COMPETITION, FOR REFERENCE ONLY

Tip

Understanding the contents of this page is critical to properly securing your design. If something is unclear, please reach out to the organizers on Slack to clarify.

Attack Phase Scenarios¶

Attackers will have access to a number of different combinations of Application Processors, Components, and other information. Each setup represents a realistic scenario that willl test a design’s success at meeting one or more Security Requirements by embedding Attack Phase Flags into different parts of the setup.

The Attack Phase scenarios use multiple deployments between scenarios and flags to ensure information an attacker validly has in one scenario doesn’t undermine another. The table below summarizes the flags, scenarios, relevant security requirements, and deployments.

Flag Scenario Mapping¶
Flag	Scenario	Security Requirement	Deployment
Operational Pin Extract	AP1	SR3	D1
Operational Pump Swap	AP1	SR5	D1
Damaged Boot	AP2	SR1	D1
Supply Chain Boot	AP3	SR1	D3
Supply Chain Extract	AP3	SR4	D3
Black Box Boot	AP4	SR2	D2
Black Box Extract	AP4	SR4	D2

Attack Phase 1: Operational Device¶

The attacking team is provided with:

AP provisioned for Component A & Component B
Component A
Component B

The attacker has access to a fully working medical system but does not have access to the PIN, or Replacement Token. This scenario represents an attacker in physical proximity of a provisioned medical device. This scenario is provisioned from deployment 1.

Attack Phase 2: Damaged Device¶

The attacking team is provided with:

AP provisioned for Component C & Component D
Component C

The attacker has access to a system, but one component has been damaged and removed. In this scenario, an attacker could have gained access to a device while it was being serviced. This scenario is provisioned from deployment 1.

Attack Phase 3: Supply Chain Poisoning¶

The attacking team is provided with:

AP provisioned for Component A & Component B
Component A
No physical access to system

Replace Token and Attestation Pin are used by the technician repairing the system:

The attacker has managed to infiltrate the supply chain of medical device components and sell counterfeit replacement components in hopes that they are installed onto medical devices. A medical device with a damaged component has been taking to a facility for repair, but the counterfeit component is replaced instead of a valid component. The attacker cannot receive the result of the repair, but can exfiltrate data through a C2 link build into the counterfeit. This scenario is provisioned from deployment 3.

Attack Phase 4: Black Box¶

The attacking team is provided with:

Component X

The attacker has access to a legitimate individual component that was received by an insider at the component manufacturer. The attacker is attempting to reverse-engineer the Component’s functionality by booting the component and/or extracting sensitive data. This scenario is provisioned from deployment 2.

Flags are available from completing functional tasks on other teams designs during the attack phase of the competition. Each flag tests a specific Security Requirements.