HACK-AMS Challenge

Hack-AMS Challenge Overview

While there has been significant work in digital systems security, AMS security is nascent. To jumpstart research in this area, we invite the community to participate in the first Hack-AMS: RF, Analog, and Mixed-Signal Circuits Security Challenge.

The goal of Hack-AMS 2018 is to develop novel attacks on systems exploiting AMS vulnerabilities. Hack-AMS seeks to articulate and characterize AMS-based threats. Participants are tasked with describing/demonstrating one or more AMS-based attacks, involving all classes of AMS security concerns, such as counterfeit parts, hardware Trojans, information leakage via side channels, and IP piracy. Threats uniquely applicable to AMS are highly encouraged.

Hack-AMS is organized by Arizona State University, Purdue University, and NYU Tandon School of Engineering as part of the annual NYU CSAW’18 global conference.

Hack-AMS Impact:

AMS-based attacks could adversely affect the (1) Confidentiality (2) Integrity and (3) Availability of the target system, (4) the Privacy of the users of the system, and (5) the Profits for the semiconductor companies, among others. Prominent examples include leaking confidential information to IP theft to deny service to establishing covert channels.

Hack-AMS Scope:

The proposed attacks may target individual devices from amplifiers and oscillators to complex Sensing Modules (Analog Front end, and ADC) and Communication modules (RF transceivers). Use of Analog Signatures (e.g. Power, EM, Acoustics) to compromise system confidentiality are also in scope. Teams can demonstrate attacks either using their own hardware experiments (e.g. off-the-shelf commercial sensor nodes) or by using simulations.

Challenge Structure

The Hack-AMS challenge is divided into two rounds:

A Qualification Round, where student teams must submit a proposal characterizing possible attacks that (mis)use AMS/RF devices and systems. The Qualification Round submission deadline is September 21, 2018  extended until September 28, 2018 at 7:59 p.m. ET (23:59 UTC).

A Final Round where a qualified team member is invited to the CSAW Hack-AMS Finals event in New York City to present a live demonstration of their attacks in front of a panel of judges. Finals will be held November 8 - November 10, 2018 at NYU Tandon School of Engineering (Brooklyn, New York).

Participation & Eligibility Requirements

Competitors must be students enrolled in an undergraduate or graduate degree program in the United States or Canada as of September 20, 2018. Students are not required to be part of the same institution, program, or educational field to participate as a team.

Each team must have a team leader and up to 3 additional team members (a maximum of 4 student participants per team). Each team leader is responsible for coordinating with other members of their team and will be the point of contact for the entire team. Each team must also have a university faculty advisor.

Qualification Round Deliverables

For the qualification round, participating teams should submit a written report that characterizes different approaches and attack techniques that the team aims to implement in the final phase. Reports should briefly explore existing related work on the topic, e.g. possible side-channel attacks, etc. In addition to the related work discussion, the best approaches will include a clear threat model, demonstration of how and why the attacks are stealthy, at which layer they operate, and how realistic these assumptions are with respect to the threat model. The teams are asked to concisely elaborate all assumptions and explain why their proposed attacks will be effective and stealthy.

Team Registration & Submission Process

Information concerning the report authors (student team members) and reports are to be submitted via EasyChair. First time users will be asked to create an EasyChair account.

The team leader should register as the “corresponding author” by checking this box in the EasyChair Author Information section. All other student team members should be included as “authors.” There is a separate field for the faculty advisor’s name and email address.

Reports should be submitted in PDF file format following the standard IEEE conference format (10pt font, double column, letter size paper, not compsoc mode); templates are available here (LaTeX template is preferred). The qualification phase PDF report can be up to 4 pages, including references and appendices.

Submission Deadline: September 21, 2018, 11:59 PM ET September 28, 2018, 7:59 PM ET

Submission Portal:

After the submission deadline, making changes to the existing members of a team (e.g., replacing a team member) or adding new team members, requires explicit permission from the organizers. This is also necessary for teams replacing team members or adding new team members during the final round of the competition.

Qualification Round Review Process

The qualification phase proposals will be evaluated by a team of experts. The assessment will be based on the correctness, potential, novelty, creativity and stealthiness of the proposed AMS attack strategies, as well as the completeness and quality of the document itself.

Finalist Notification

The top ten (10) best submissions will qualify to compete in the Final Round. Notifications will be sent via email to all teams by October 6, 2018.

Finalist teams will then be asked to identify the student author (“finalist”) who will present at CSAW Finals.

Travel Award

One (1) student per team will receive a Travel Award to attend CSAW’18 at NYU Tandon School of Engineering in Brooklyn, New York. A Travel Award includes transportation via train, plane, or bus to New York City, hotel room, and most meals. Students will be informed of all covered costs when they are invited to finals.

For those teams who can pay their own way and arrange their own travel and accommodation, additional team members are welcome to present at Finals.

Final Round Deliverables

The Final Round has two (2) requirements:

1. In-person demonstration during CSAW’18 where a team representative is asked to implement and demonstrate as many AMS attacks as possible.

Each team is asked to prepare a PowerPoint presentation (up to 10 slides) as part of the 25 minute presentation and demonstration (20 minutes to present and demonstrate, plus 5 minutes of Q&A).

Evaluation of demonstrations will be based on the following equally weighted criteria:

  • Correctness and demonstration of attacks using AMS or EM simulators, such as Cadence, ADS, HFFS, etc. or using off-the-shelf hardware components (e.g., sensor nodes, transceivers).
  • Generality, including how easily the attack generalizes on other AMS/RF systems, and associated complexity/cost tradeoffs.
  • Stealthiness, including how difficult it is to detect the attack with state-of-the-art techniques, how inconspicuous it is, and whether it significantly impacts the normal operation of the AMS system.

2. Final Report: teams must submit a report describing their attack(s).

For the final phase, each qualified team must submit a final PDF report along with a TAR.GZ file that includes all associated computer files and documentation for the implemented attacks. Final reports should follow the format of technical blog posts, including step-by-step instructions, findings, and any relevant documentation of all the approaches/techniques and attacks that will be demonstrated during Finals. There are no page limitations on the final reports, and we encourage teams to submit media-rich reports.

The final report should state all assumptions, present a thorough technical discussion, and address the above criteria (correctness, generality and stealthiness). The best reports will discuss the following information for each proposed attack:

  1. What is the attack model?
  2. What kind of AMS circuits are impacted (how generic is the attack)?
  3. Why doesn’t classic specification testing not detect this mode of attack?
  4. What is the payload?
  5. Experimental evaluation results (simulation or hardware measurements)

The PowerPoint presentation, the Final Report, and the TAR.GZ file should be submitted via email to by November 1, 2018, 5:00 PM EST

We stress that final reports must be submitted in PDF format, and that blog posts MUST NOT be published or otherwise made publicly available before the announcement of winners on November 10, 2018.

The evaluation of the finalists based on the aforementioned criteria is the responsibility of a panel of industry expert judges. During the day of the finals, each team should be able to answer the questions posed by the judges, in addition to demonstrating live the correctness, effectiveness, and stealthiness of their attacks. On the day of the finals, demonstration of the proposed attacks is the responsibility of each team.

Summary of Deadlines

Team Registration & Qualification Round reports: September 21, 2018, 11:59 PM ET September 28, 2018, 7:59 p.m. ET (23:59 UTC)
Finalist Notification: by October 6, 2018
Final Reports & Presentations: November 1, 2018, 5:00 PM EST
Onsite Demonstrations: November 8 - 10, 2018


A 1st, 2nd, and 3rd place winner will be identified. Prizes will be awarded as follows (to be distributed in late November 2018):

First Place Team: $1,000
Second Place: $750
Third Place: $500

Code of Conduct

All Hack-AMS participants are subject to the NYU Tandon School of Engineering student code of conduct. Any act of academic dishonesty, including but not limited to: plagiarism, cheating, fabrication, unauthorized collaboration across different teams, work duplication, will not be tolerated and the offenders will be automatically disqualified from the competition.

Mailing List

CSAW US-Canada HACK-AMS registrants will be automatically added to the CSAW mailing list. This list is used to provide occasional updates on CSAW and to promote cybersecurity related events being organized by CSAW regional partner schools. CSAW will not rent, sell, or share emails with non-partner schools or other entities or organizations.

Registrants can opt-out of the mailing list at anytime.

Contact Information

Teams can contact the organizers at the following email address: