Students tackle cyber attacks with new software
The project, led by Dr Z Cliffe Schreuders, Director of the Cybercrime and Security Innovation (CSI) Centre at Leeds Beckett, with Dr Tom Chothia, Senior Lecturer in Computer Security at the University of Birmingham, saw student intern developers work with a team of researchers to develop randomised capture the flag (CTF) hacking challenges for students to tackle.
Dr Schreuders explained: “The basic idea of CTF is that the students (or, more generally, competitors in a competition) have hacking challenges to progressively compromise the security of a network of computers. As they solve challenges (that is, hack into things) they discover (digital) ‘flags’, which they can claim to be rewarded with points (or marks in a module).
“For example, the student scans a system and detects that a vulnerable FTP (file transfer protocol) service is present. The student hacks into the FTP service and ends up with remote access to the system. Exploring the system, they find a flag. They claim the flag which proves they compromised the service. They continue to investigate and discover that they do not have administrator rights on the system, but find another vulnerability which they can use to escalate privileges to gain access to another user account, and another flag. From there they discover a web server, and so on.
“The uniqueness of our approach is that our hacking challenges are randomised. We developed a framework that enables us to generate at will randomised challenges and hacking scenarios, for training or CTF events.”
Following completion of the project, a competition event was run to introduce UK students and security lecturers to the new framework. The event was run by Leeds Beckett University in collaboration with Cyber Security Challenge UK, the University of Birmingham and the Higher Education Academy (HEA), and hosted at Liverpool John Moores University. A total of 59 students from 10 universities competed in the challenge.
A team of final year BSc (Hons) Computer Forensics and Security students and a PhD student, all from Leeds Beckett University, took home the top prize.
Chris Easton, a member of the winning team, said: “It feels great to have won! I felt like I had a little bit of an advantage, having completed a year’s placement as a Penetration Tester at Sec-1 Ltd, an internet security company based in Batley, however it could not have been possible without the entire team working tremendously hard at the various tasks.”
Aamir Mir, who was also on the winning team, commented: “As the team leader I feel like this team performed to the best of their ability and this result is a true indication of effort from the entire team.”
Speaking about their future careers, Chris said: “Aamir and I both want to work in the area of computer security following graduation. In fact, we've both had offers and interviews from a range of security companies.”
Aamir added: “Computer security has always interested us both. Being able to tear down a piece of software, figure out how it works, put it back together and then make it do things it's not supposed to be able to, is such a great feeling.”
Joining Chris and Aamir in the winning team were Ben Magee and Mohammed Ebrahimi.
Dr Schreuders said: “Learning hacking techniques is part of the security curriculum at Leeds Beckett University. These skills are used by security professionals to audit the security of computers and allow students to more fully understand what they are defending against and responding to. We aim to have our students put theory into practice in laboratory environments. CTF is a great way of further engaging students, and it is a framework that has the potential to have an impact on the way security training is designed and delivered: at Leeds Beckett and elsewhere.”
The new platform is free open source software, and available here. It has been developed with an £80,000 grant from the Higher Education Academy (HEA). Working with the Department for Culture, Media and Sports (DCMS), the HEA distributed a total development fund grant of £500,000 across eight higher education projects to boost cyber security teaching and learning, making sure that students have the skills to help protect the UK against cyber attacks.
Leeds Beckett University now plans to work with Cyber Security Challenge UK to organise similar hacking competitions for local schools, to introduce them to further study and careers in computer security. This will include working with all-girl schools to promote careers in cybersecurity for women.
Image l-r: Chris Easton, Mohammad Ebrahimi, Ben Magee, Aamir Mir