Indian Space Research Organisation (ISRO)

The Department of Space (DoS) is an Indian government department responsible for administration of the Indian space program. It manages several agencies and institutes related to space exploration and space technologies.The Indian Space Research Organization (ISRO) has been assigned the task of conducting the Smart India Hackathon 2017 on behalf of Department of Space. They have identified 53 problem statements.
53 Problem Statement
Total Submissions : 2

Encrypted emails are stored on mailbox server using disk level or block level encryption. In this approach all the emails are encrypted using single key and are unencrypted on the fly when accessed by the owner of the email. The shortcoming of this approach is that the user with root privileges will be able to access the emails of all the users.
Suggest and implement a mail encryption solution which can restrict even the root user from accessing the encrypted mails.

Notes: Participants have to simulate the mailbox server with some sample mails in order to demonstrate the working of solution.

Sample Data Required: No

Total Submissions : 1

Authenticity of the email sender is extremely important in many cases. Personal digital certificates are generally used for the same. Personal digital certificates need to be signed by a third party trusted CA. In a large organization, it is not very economical to provide individual certificates to each user.
Workout a unique solution to determine the authenticity of the email sender without using such personal digital certificates.

Notes: In order to demonstrate the working of the solution, participants have to simulate an email setup with test user accounts.

Sample Data Required: No

Total Submissions : 1

Develop a network traffic classification tool for enterprise networks in order to categorize the following four classes of traffic: (i) normal web traffic, (ii) p2p traffic, (iii) VPN traffic, and (iv) The Onion Router (TOR) traffic. The classifier should analyze network traffic in real time using Deep Packet Inspection. The classifier can use any machine learning approach including deep learning. Accuracy of detection is utmost important. The tool should also generate a report to the system administrator about the hosts that are generating p2p, VPN and TOR traffic.

Notes: Simulate network traffic data containing all four classes of above mentioned network traffic.

Sample Data Required: No

Total Submissions : 1

Websites hosted for public access are accessed by various entities. Majority are genuine users. Others include software based scanners and automated probes from attackers. Automated probes are sophisticated enough to act like human visitors. Work out a solution to distinguish automated web traffic from human generated traffic.

Notes : Participants have to simulate the web server required for POC. The solution should work on Windows and Linux platform.

Sample Data Required: No

Total Submissions : 0

Botnet is a network of compromised machines/computers that communicate and coordinate their actions by Command & Control (C&C) or by passing messages to one another (C&C might be built into the botnet as P2P).  Many host /network approaches have been proposed to detect botnets. They employ signature based, anomaly based, data mining approaches etc. to detect botnets. Most of the approaches are not highly effective in detecting decentralized (P2P, FastFlux) botnets using encryption in real time. When the botnets get detected by these approaches a lot of financial loss, data leakage etc. has already taken place. Therefore, work out novel approaches for detection of sophisticated and advanced botnets in real time.

Notes : Simulate sample data by implementing publicly available botnets or using publicly available bot traffic data. The solution should work on Windows/Linux platform.

Sample Data Required: No

Total Submissions : 0

In case one of the client machine inside the Intranet is infected with virus, the virus may try to propagate. Email is one of the transport with maximum reachability. Simulate a malware which propagates using email as transport from client machine. Simulation is required for evaluation of security mechanisms in place.

Notes: In order to demonstrate the working of the solution, participants have to simulate an email setup with test user accounts. The solution should work on Windows, Linux, MAC, Android Operating System.

Sample Data Required: No

Total Submissions : 0

“Zero day” malware attacks are very common. Antivirus solution will be able to detect such viruses only after they are reported and analysed. Workout a unique solution which can detect “Zero day” malware which attempts to propagate through eMail. Identify the infected machine(s).

Notes: For simulation of zero day attack, use an anti-virus solution with missing signatures of certain viruses.

Sample Data Required: No

Total Submissions : 0

There are plenty of Antispam solution.  Find out a novel approach for SPAM identification without using any of the existing antispam/antivirus solution. The accuracy of the novel approach should be better than existing open source or freeware solution.

Notes: In order to demonstrate the working of the solution, participants have to simulate an email setup.

Sample Data Required: Simulate spam mails

Total Submissions : 0

There are plenty of eMail client which interacts with mail server to get mails either through IMAP protocol or POP3 Protocol. If the end user machine is infected, the mail server can be attacked using vulnerability of these interface. Simulate a software to exploit IMAP/POP3 interface to execute a script on mail server using a normal email account credentials.

Also investigate if it can be done without the credentials.

Notes: In order to demonstrate the working of the solution, participants have to simulate an email setup with test user accounts.

Sample Data Required: No

Total Submissions : 0

In large organizations, email infrastructure comprises of several servers which handle the mails in email flow. Each server assigns each mail an unique mail ID/Queue ID. Such a model poses restriction on remote analysis of mail infrastructure to identify probable compromise of any server. Suggest a solution which can coordinate the handling of email among different servers such as common mail ID/Queue ID, current email status etc. which will ensure better management of email.  The solution should also monitor the mail traffic between different infrastructure servers such that alarm can be raised if any abnormal behavior or communication pattern is found in any of the servers.

Notes: In order to demonstrate the working of the solution, participants have to simulate an email setup with test user accounts and sample mails passing through different servers in the setup.

Sample Data Required: No

Total Submissions : 0

An email application for Android, Windows mobile or iOS normally interacts with mail server using IMAP and SMTP. In case the smart phone is compromised, the malware will also be able to interact with mail server on IMAP/SMTP. Develop a secure solution which allows only predefined mail application to connect to IMAP and SMTP servers. Also ensure that no other program on the device is not able to read stored login credentials and SMTP, IMAP configurations on mobile.

Notes: In order to demonstrate the working of the solution, participants have to simulate an email setup with test user accounts.

Sample Data Required: No

Total Submissions : 0

Large amount of data is available in form of network logs. These logs can be used to model the behavior of a terminal machine over the time. Based on the analysis of network logs, propose and implement data mining approaches that can create alerts of security breach or detect anomalies.

Notes: Simulate large volumes of network traffic. The traffic should be from multiple machines with certain machines showing anomalous behavior due to infection. The approach should be demonstrated using logs generated from such traffic.

Sample Data Required: Simulate network logs.

Total Submissions : 0

Most of the perimeter security implementations allow outbound DNS and ICMP traffic in their firewalls. ICMP and DNS protocols can be leveraged by the attackers to leak data from the organization. Implement a simulation software that can be used for data leakage using ICMP and DNS tunneling. The software is required for the evaluation of firewall intelligence.

Notes: In order to demonstrate the approach, simulate a setup in which only ICMP and DNS traffic is allowed over Internet

Sample Data Required: No

Total Submissions : 1

Breach detection systems attempt to discover malwares and intrusion attempts that bypass the traditional security detection mechanisms. Unlike IPS or firewall that scan incoming traffic, BDS focuses on malicious activity within the network it protects. It determines possible breaches by differing combinations of heuristics traffic analysis, risk assessment, safe marked traffic, data policy understanding and violation report. Design and implement a breach detection system capable of detecting breach as soon as possible.

Notes: In order to simulate breach use, setup a small network with missing IPS and firewall. Simulate an attack scenario where perimeter has been breached and use your solution to demonstrate successful detection of breach.

Sample Data Required: No

Total Submissions : 0

At present, trusted clients are allowed access on the switch/router based on IP/MAC. However, these can be easily spoofed. Implement a solution which uses modified TCP/IP protocol stack in order to identify trusted clients at switch/router level. Subsequently solution should restrict network access based on this identification.

Notes: Participants should use their own hardware like switch, router, PC etc. to demonstrate their solution. Use any open source switch firmware if the solution involves modifying firmware of the switch to understand customised TCP/IP.

Sample Data Required: No

Total Submissions : 0

Most of the cases of website defacement involve replacement of files in server root directory. Work out a solution to prevent this even in case the webserver machine is compromised. The solution should implement an additional layer of security for the web server root directory.

Notes: Participate should simulate a compromised web server to demonstrate their approach. The solution should work on Windows & Linux Operating System.

Sample Data Required: No

Total Submissions : 0
  • APT are targeted attack on an organization. The attackers have patience and moves latterly in days and months. Many times it moves in parts.
  • An agent based solution should be worked out to model the user, computer and his network behavior over the time by interacting with user(s). The change in the behavior should be notified to central server which will further generate action to monitor similar behavior in other machines. Finally, model should generate alert about the probable attack along with confidence level.

Notes: Participant should simulate a small network under a APT attack to demonstrate their solution.

Sample Data Required: Data should be simulated by participants

Total Submissions : 0

Computers systems are issued to users and mostly administrator privileges’ lies with the users in workstation environment. Work out a novel solution to monitor and manage health of the each and every computer connected on network. The solution should ensure that each and every machine on the network is healthy in terms of security.

Notes: Simulate a small network to demonstrate the approach

Sample Data Required: No

Total Submissions : 0

Work out a secure android container that securely validates a device & users credentials and establishes secure VPN session to access private services.

Notes: Participants should simulate a private network with services (e.g. Web service, FTP, email etc.) running behind a VPN server to demonstrate their solution.

Sample Data Required: No

Total Submissions : 0

SMS based OTP has become standard in two factor authentication. At the same time, many useful applications forces end user to allow access to SMS. This poses a great threat to OTP based security system. Although advanced android OS like marshal mallow allows end user to disable such access manually, there is high degree of error due to frequent updates and application installation. Design a mobile app capable of detecting apps trying to access SMS in real time. The app should have a feature of allowing or blocking (single access, all access within a day/week/month, always) other apps from accessing SMS access.

Design such mobile app for Android and Microsoft.

Sample Data Required: Simulate OTP based messages to demonstrate the approach

Total Submissions : 0

By exploiting hardware features such as Intel VT or AMD-V, this type of rootkit runs in Ring-1 and hosts the target operating system as virtual machine, thereby enabling the rootkit to intercept all hardware calls made by the target operating system. Unlike normal hypervisors, they do not have to load before the OS, but can load into an operating system before promoting it into a virtual machine. A hypervisor rootkit does not have to make any modifications to the kernel of the target in order to subvert it-thereby making its detection very difficult. Suggest an approach to detect such rootkits.

Notes: Use any publicly available rootkit or simulate your own rootkit to demonstrate the approach

Sample Data Required: No

Total Submissions : 0

Each and every user machine has different kinds of network behavior based his usage. Work out a novel approach to fingerprint each and every machine based on its network activity. The finger print of machine may change from time and hence solution should be adaptive.  The solution should take into account automated network traffic vs human generated traffic. The solution should generate figure printing of organization network segments and overall network. The solution should generate various alerts to end user and system administrators in case of anomaly observed.

Notes: Simulate a small network to demonstrate the approach

Sample Data Required: Simulate network data

Total Submissions : 0

A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed with malicious code. A BIOS rootkit enables remote administration. Since the BIOS is stored in memory rather than on hard disk, a BIOS rootkit can survive conventional attempts of getting rid of malware, including reformatting or replacing hard drive. work out new approaches to detect such Rootkits.

Notes: Use publicly available rootkit(if any) or simulate your own rootkit to demonstrate the solution.

Sample Data Required: No

Total Submissions : 0

Different types of malwares, on execution, perform different types of activities to avoid detection, maintain persistence and perform desired activities. The malware modifies file system, make different types of system API calls, performs network activities etc. Certain malwares can be concealed within word/pdf documents or normal executable files can be back doored.  These files can be flagged by anti-virus but to analyze the actual behavior of the malware concealed within them an automated system is required to analyze machine activity when file is opened or any executable is executed. Design an automated dynamic malware analysis system for examining suspicious files in an isolated environment. It should execute and monitor the behavior of given malware and after completion of execution generate comprehensive reports on the capabilities, behavior and activities of the malware.

Notes: Simulate various types of malwares and their concealment approaches to demonstrate the solution

Sample Data Required: No

Total Submissions : 0

Security applications like antivirus are many a times takes significant resources and slows down the response. Hence, end user kills such process. This results into security threat. Develop a solution which will not protect such application. It should protect applications even from local and domain administrators. The solution will ensure that all such applications are running all the times on defined machines. The applications protected by the solution can be terminated or disabled only through solution.

Sample Data Required: No

Total Submissions : 0

Propose an approach to enforce DHCP in a flat network using Layer-2 switches. The solution could be client based. Only machines connecting through DHCP should get network access. Machines not using DHCP should not be able to communicate with other machines also.

Notes: Simulate a small network with a DHCP server to demonstrate your approach. The solution should work on Windows & Linux Operating System.

Sample Data Required: No

Total Submissions : 0

Single vulnerable machine in an organization network poses a great threat. Current network admission control mechanism requires high switches to block unhealthy machine. Work out novel approach to check health of each machine asking for network admission on network made of low cost un managed switches. Unhealthy machine should not be able to interact with any other machine on the network. The machine should not be able to get any meaningful data even it is silently spoofing the data on network.

Notes: Simulate a small network with network devices such as switch/router to demonstrate the approach. The solution should work on Windows & Linux Operating System.

Sample Data Required: No

Total Submissions : 1

ARP Attacks aims at poisoning the ARP records of a machine so as to silently eavesdrop or manipulate all the data that is sent over the network. A security application is required that is capable of detecting ARP-based attacks originating within the network. Work out new approach to develop such application

Notes: Simulate a small network with arp-spoofing attacks to demonstrate the approach

Sample Data Required: No

Total Submissions : 0

A exploit kit is a software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities in it to execute malicious code on client. Exploit kits are modular, allowing easy addition and removal of vulnerabilities and provides a user interface to control the settings, thereby automating the entire process of compromising a client.

Notes: Simulate a web server and vulnerable clients to demonstrate the approach

Sample Data Required: No

Total Submissions : 0

Tools like veil-evasion have come up in recent times that are capable of bypassing anti-virus solutions. These tools use a lot of advanced evasion techniques, generates polymorphic payloads to avoid signature detection. Following techniques are used to evade detection:

  • Randomization of variable names and methods
  • Encryption of source
  • Native stagers (shellcode-less)
  • Method nops (randomizing program’s call tree via dummy methods)
  • Obfuscated loaders

Figure out solutions for better detection of each of these payloads.

Notes: For demonstration generate payloads using veil-evasion which is open source.

Sample Data Required: No

Total Submissions : 0

Honey pots and honey nets are well known method to detect the attack. However, it requires establishment of dedicated infrastructure for the same. Work out an approach to implement the solution in live environment.

Notes: Simulate a small network to demonstrate the approach

Sample Data Required: No

Total Submissions : 0

Demonstrate a POC of an application layer firewall that works on network traffic passing through the gateway. The firewall should have the capability of analyzing traffic of all protocols at the application layer. Subsequently, it should allow application layer traffic from a customized application layer protocol and block all other protocols.

Notes: Simulate a small network to demonstrate the approach

Sample Data Required: No

Total Submissions : 2

Keystroke dynamics uses the manner and rhythm in which an individual types characters on a keyboard. It is used for behavioral biometrics wherein an identity of person is determined or verified based on the patterns and timings of the key strokes. Develop a solution which implements key strokes dynamics as an authentication/verification mechanism minimizing the false positives

Sample Data Required: Simulate sample data for demonstration

Total Submissions : 0

If an organization is infected by ZERO-day virus attack, their antivirus solutions would not be able to detect the same. (Antivirus solutions depends on the virus signature and behavior which could be obtained only after their teams know about it. Zero-day attack is the first attack and hence Antivirus teams are not aware about the same)Advanced Viruses have self-spreading capabilities. Such Virus scans the machines connected on network to find out vulnerabilities of the remote machines. It will propagate by exploiting the vulnerabilities. A simulated software showing self-spreading capabilities is needed to help security team to test their solution.

Notes: Simulate a small network to demonstrate the virus spread

Sample Data Required: No

Total Submissions : 0

If an organization is infected by ZERO-day virus attack, their antivirus solutions would not be able to detect the same. (Antivirus solutions depends on the virus signature and behaviour which could be obtained only after their teams know about it. Zero-day attack is the first attack and hence Antivirus teams are not aware about the same)Advanced Viruses have self-spreading capabilities. Such Virus scans the machines connected on network to find out vulnerabilities of the remote machines. It will propagate by exploiting the vulnerabilities. An agent based solution is to be worked out to detect such propagation. Agent will run on all the machines. It will send abnormal behaviour or detected anomaly to the server for further automatic analysis to arrive upon conclusion.

Notes: Simulate a small network to demonstrate the virus spread

Sample Data Required: No

Total Submissions : 1
  • This aims at creation of a secure centralized repository security tools viz., anti-virus, anti-malware, IPS, IDS etc., for an organization.
  • The repository shall have the provision for on-the-fly updating from reliable sources on the Internet
  • The end-user system shall be dynamically updated so that zero-day attacks are addressed effectively.
  • System administration shall be alerted for the surge of threats in the Internet so that stringent monitoring of the organization can be effected.
  • This infrastructure shall have a proactive mechanism to alert the government agencies using the fastest mode of communication so that the government agencies can adopt the countermeasures to mitigate the cyber security threats.

Notes: Participate should manage cloud based resources to demonstrate the approach

Sample Data Required: No

Total Submissions : 0

Trusted execution (TE) includes a group of features which can verify the integrity of files in an OS like Linux. It can thus block any attempts to execute malicious code that is not part of the trusted database. Hence, developments for Linux OS are needed such that

  • Hashed signature for following types of files can be generated for Linux OS any time
    • Kernels and kernel extensions
    • All setuid root programs, All setgid root programs
    • Any program exclusively run by root or by a member of the system group
    • Any program that may alter system configuration files
    • Important configuration files
  • Existing LOADER of Linux OS shall be modified such that it consults Hash signature database every time before loading any process in memory for execution
  • Any change in Hash signature database shall be effective only after reboot of OS.

Sample Data Required: No

Total Submissions : 0

Organization have variety of documents out of which some documents are very sensitive. Such documents are required to be protected. The Sensitive documents are classified as restricted, Confidential, Secret and Top Secret. Implement a solution to cater the following problems:

Problem 1: Document Security outside organization

End users requires to share the document with others to achieve desired goal. Existing freeware, PDF writer, Word, etc, provide document security features for password protection, disabling cut, paste, copy, save, print, etc. This security can be bypassed easily by experts. Workout solution to provide high level of document security to ensure that document is neither viewed by unauthorized person nor copied partial/fully.

Problem 2: Document Security for restricted document

Confidential document requires security more than the defined in problem 1. The above solution will not be able to protect some to take photograph of the screen using external camera. Work out a solution will can track such photography attempts to find the culprit doing such unauthorized activity.

Sample Data: To be simulated by the participant.

Total Submissions : 0

Secret and top secret documents are not at all shared. As per old procedure, such documents are printed and ensured that the softcopy is destroyed. In today digital world there is need to work out solution to protect such digital documents.

Problem 1: Workout solution to protect such document even from server and storage admins.

Problem 2: Workout solution to protect such document cannot be accessed even after stealing the storage hardware. Please suggest a solution other than encryption.

Problem 3: Top Secret Document requires highest security. Workout a unique solution to provide such a extremely high level of security.

Sample Data: To be simulated by the participant.

Notes: All the servers/services required for POC have to be simulated by the participants

Total Submissions : 0

A major requirements for all the organizations is securing the confidential documents. In current era, there are multiple ways in which data is regularly transferred from an organization. Hence it is necessary to have a mechanism for checking transmission of unauthorized/restricted data. Implement a solution which:

1.Flags any confidential document sent outside organization via email

2.Flags any confidential document being uploaded on Internet Website

3.Automatically encrypts the confidential document being copied to USB drive

Sample Data: To be simulated by the participant

Notes: All the servers/services required for POC have to be simulated by the participants

Total Submissions : 0

In an organization working in secure environment, it is necessary to ensure that Internet access is provided to the users with restrictions on data upload. HTTPS provides end to end secured encrypted channel between end user machine and destination server. Similarly, SFTP also provides end to end secured encrypted channel between end user machine and destination FTP server. Since application data is encrypted in these protocols, it is hard to detect the document/data uploading.

Work out a solution which can detect the document/data upload through all encrypted data transfer protocols. Solution should also be able to detect the websites providing upload features and subsequently block them.

Sample Data: Not required

Notes: All the servers/services required for POC have to be simulated by the participants

Total Submissions : 1

Steganography is a process of concealing file, message, image or video within another file. Often this technique is used to bypass the scanners which look for specific formats or extensions. Design and Implement a novel approach of securely transferring confidential data using this technique.

Sample Data: To be simulated by the participant

Notes: All the servers/services required for POC have to be simulated by the participants

Total Submissions : 0

Solution should be able to detect backdoors in following components:

  • Applications and OS.
  • Desktop/server hardware.
  • Network switch.
  • Router.
  • Modem.
  • Smartphone.

The solution can be a toolkit comprising of separate solutions for each component.

Notes: The participants can attempt individual parts of the problem if they are not able to address all the components.

Sample Data Required: No

Total Submissions : 0

Usage of public mailing service like gMail, Yahoo, etc. from government infrastructure is prohibited especially when organization provide own email service. There are large number of know mailing service and there could be unlimited unknown mail services. It is easy for anyone to setup his own mail server and start mail service easily using various tools. Google apps is one of such tool. Work out a solution which can detect the attempt to connect such mail server using http or/and https and block it.

Notes: Simulate a small network with a gateway to demonstrate the approach

Sample Data Required: No

Total Submissions : 2

Some of the documents which may be restricted are generally available with multiple persons in an organization. Work out a solution which keeps track of such document within organization network and records its movement through USB, file sharing, email, etc.

Notes: Simulate file sharing mechanisms to demonstrate the solution

Sample Data Required: No