|Winner Of Underhanded C Announced|
|Written by Kay Ewbank|
|Friday, 05 February 2016|
The winner of this year's competition to find the best sneaky C code has been announced.
The Underhanded C Contest is a yearly competition where developers write code that looks innocent, but hides a malicious secret.
This year's competition involved writing code that while ostensibly detecting the presence or absence of fissile material, under the covers would also have a way to cheat. As the competition winner, Linus Åkesson, explained on his website:
"Our task was to write a piece of code to detect the presence or absence of fissile material, allowing Country A to verify that Country B is destroying actual warheads. The underhanded bit consisted of sneaking in some kind of vulnerability that would allow Country B to trigger false positives, and thus destroy only fake warheads."
As the competition site explained:
“Two countries, the Peoples Glorious Democratic Republic of Alice and the Glorious Democratic People’s Republic of Bob, have agreed to a nuclear disarmament treaty. In practice, this is implemented by nuclear inspectors visiting each country and verifying the presence of fissile material such as Plutonium in a warhead, at which point the warhead can be destroyed”.
Unfortunately, neither side wants the rival’s inspectors to see data such as a radiogram or a gamma ray spectrum of the object under test because that would give away too much information. Instead, the countries agree to develop a computer program that takes the result of a scan, determines if it matches some reference pattern, and output only a “yes” or “no.”
The Underhanded part of the competition required that the program should accurately return "yes" or "no", but should also be able to also show that nuclear material is present even when it isn’t. This enables the country with the control over the program to wrongly identify a fake warhead as real, then destroy it and have their rivals think they've destroyed a real warhead from their stockpile.
The competition organizers grouped the entries into several categories based on how they achieved the need for a false positive to be generated - simple or unrealistic; data-triggered; and environment triggered. The simplistic approach relied unrealistically on techniques such as the host country being able to corrupt an input array.
The data-triggered attacks proposed using a certain kind of test spectrum as the trigger, such as one without spikes or one with an extreme value.
The final, environment-triggered attack, group relied on some change to the test computer, such as setting the uid on a file or tampering with the system clock. While the judges were concerned that such environment-triggered attacks were unrealistic, they said that:
"feedback we got from inspection experts suggested that such tampering can't be completely ruled out simply due to the physical custody of the machines."
Some of the suggested data-triggered attack solutions lost points because they relied on such unlikely data that it would raise suspicions.
The judges liked the winning solution for the fact that, apart from a single 'confusion' where a function is set to expect 4-byte numbers and is passed 8-byte doubles, the code:
"does nothing unusual or suspicious or quirky or different: it is a bog-standard implementation of preprocessing followed by normalized correlation".
The mismatch in data length causes the function to only scan over the first half of the array, and interprets the numbers wrongly. The misinterpretation means a warhead with a tiny amount of fissile material alongside a carefully chosen second compound could appear as though it were all fissile.
The full details of how the solution works, the code itself, and analysis of the other runners up, can be found on the Underhanded C Contest site.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Friday, 05 February 2016 )|