The IEEE’s Computer and Reliability Societies recently published “Embracing the Kobayashi Maru,” by James Caroland (US Navy/US Cybercommand) and Greg Conti (West Point) describing an exercise in which they assigned students to cheat on an exam — either jointly or individually. The goal was to get students thinking about how to secure systems from adversaries who are willing to “cheat” to win. The article describes how the students all completed the exam (they all cheated successfully), which required them to provide the first 100 digits of pi, with only 24h to prepare. The students used many ingenious techniques as cribs, but my heart was warmed to learn that once student printed a false back-cover for my novel Little Brother with pi 1-100 on it (Little Brotheris one of the course readings, so many copies of it were already lying around the classroom).
James and Greg have supplied a link to a pre-pub of the paper (the original is paywalled), and sent along a video of a presentation they gave at Shmoocon where they presented the work. The students’ solutions are incredibly ingenious — the audience is practically howling with laughter by the end of the presentation.
Watch the video. You will laugh and marvel at their ingenuity.
I just love that the guy from Cybercommand and the guy from west Point booth look like any other computer geek giving a presentation. And he names his talk after the most famous incident of military test cheating – the Kobayashi Maru exercise from Star Trek.
A presentation that includes not only Star Trek (both TOS and the new reboot) but Esperanto, Clockwork Orange and Japanese Manga (the Naruto example details that it is only cheating if you get caught).
So instad of talking about high-minded national security reasons for this experiment, they wanted to emulate geek media stars. Cool. That is how innovations often arise – the juxtaposition of interesting ideas.
And isn’t Joint Advanced Cyber Warfare Course a killer name? All to get them thinking like the cheaters of the world – out of the box.
The book cover is clever but the guy who wrote the number on the ceiling tile was awesome. But putting the answers on paper in the paper tray and then asking the instructors for paper – genius ebcause they got the instructors to GIVE them the answer.
And exploiting the laziness of the instructors who were not really going to go through every single digit in every single paper shows insights into human behavior. Most security breaks come from social engineering, not brute force attacks.
It is quite a hilarious presentation and a quite novel idea. These sorts of thinking outside the box tests show that almost everyone can be creative and innovative. They just need the right circumstances.