Samsung Research, the advanced research organization of Samsung Electronics, held the second Samsung Security Tech Forum (SSTF) from August 26 to 27 at the Samsung Electronics Seoul R&D Campus. The SSTF was attended by over 700 attendees, and prominent information security experts around the world offered a chance for its attendees to share and exchange insights about the latest research trends in cybersecurity.

Gail-Joon Daniel Ahn, the Head of Samsung Electronics Security Team, mentioned on his opening address that "the advent of the IoT technology and the corresponding need for security has resulted in an age where security is no longer a choice but a must," and "the most important parts of such security systems are the training of excellent personnel and enhanced public understanding of security technology, which are the reasons why we have hosted this event."

▲ Opening address by Executive Director Gail-Joon Daniel Ahn, Head of Samsung Research Security Team

▲ 23 award winners at the 2^nd SCTF

The SSTF is made up of Samsung Capture The Flag (SCTF) and a workshop and poster presentation on security technology.

※ Samsung Capture The Flag (SCTF)
: SCTF is a form of hacking competition, where participants attempt to capture the flag file embedded in the system. SCTF is notable because it also integrates five areas—attack, defense, coding, reversing, and crypto—which are comprehensively evaluated per participant.

Out of 1,500 applicants, only 70 managed to pass the online preliminaries to earn spots in the main competition on August 26. After 24 hours of intensive competition, 23 participants walked away with awards and monetary grants, which totaled to KRW 80 million.

Professor Yongdae Kim of KAIST, who has led the CTF organizing committee since the inception of the SCTF, said, "We have seen in the previous year that participants solely focused on attach category. This year, however, most of the participants in the main competition took on the challenge and tackled the task itself despite its increased level of difficulties in cryptography category and coding category that we provided. Through their demonstration of top-notch skills, I am confident that the participants met the expectations of this competition - to nurture security experts prepared with security knowledge in various fields, not limited to a specific field."

▲ Professors Ahmad-Reza Sadeghi (left) and Adam Doupé (right)

The keynote speech of the workshop was delivered by Professor Ahmad-Reza Sadeghi of Technical University of Darmstadt and Professor Adam Doupé of Arizona State University on the past and present of IoT security and automated vulnerability analysis.

Professor Ahmad-Reza Sadeghi stressed the "need for scalable security that can match the increasing number of IoT devices" and posed the following questions: "how will we interconnect and operate the numerous IoT devices being produced by the industry, and how will we isolate the malicious devices within them when IoT devices are widely being adopted as new manufacturers of internet-connected devices are entering the market?" Professor Ahmad-Reza Sadeghi then introduced approaches for detecting compromised IoT devices by monitoring and analyzing network traffics using AI technology.

Professor Adam Doupe commented on the potential of automated weakness analysis, asserting that "automated analysis helps us overcome the limitation of manual analysis, which requires a significant commitment to time and cost depending on the abilities of the security expert." According to him, "our existing automated technologies still require human analysis and review. Raising this level so that the automation reduces the need for human input is the task that we must pursue."

The afternoon session featured six lectures and poster presentations on two themes of security and hacking, followed by a panel discussion of lecturers on the future direction of security analysis and technology research.

▲ Panel discussion