In the Embedded Security Challenge (ESC), a Blue Team designs a target system. Red Teams try to hack it.

A team of security experts from NYU Tandon School of Engineering competes with participating Universities using a red team/blue team approach to mimic real-world attacks. Contestants must exploit the weaknesses of a target system, assess the effectiveness of their hardware security techniques, identify vulnerabilities and implement effective defense mechanisms.

ESC is an educational, research-oriented tournament aimed at hacking into the hardware of embedded systems. In fact, it's the oldest hardware security competition in the world.

In 2016, for the first time in ESC history, the competition will be world-wide with finals held in 3 regions simultaneously: United States, Middle East & North Africa, and India. The finals will take place on November 11-12, 2016 and the venues for each region are as follows:

  • New York: NYU Tandon School of Engineering, Metrotech Center, Brooklyn, NY
  • Abu Dhabi: NYU Abu Dhabi Campus, Saadiyat Island, Abu Dhabi, UAE
  • Kanpur: Indian Institute of Technology, Kanpur, Uttar Pradesh, India

The competition is organized in all regions under the supervision of Professor Michail Maniatakos (NYU-AD), and the global challenge leader is Nektarios Tsoutsos. In the MENA region, the competition is coordinated by Professor Ramesh Karri (NYU-NY) with Dr. Subidh Ali as the MENA challenge leader. In India, ESC is coordinated by Professor Sandeep Shukla (IIT-Kanpur) and the India challenge leader is Asan Basiri.

This year, ESC will focus on hardware mitigations for memory corruption and control flow integrity attacks in Embedded Systems, and the challenge will have a qualification phase and a final phase. During the qualification phase, participants will play the role of the attacker and design software exploits for Linux programs running on an OpenRISC system. In the final phase, 10 qualified teams in each region will play the role of the defender and implement hardware-based mitigations for the OpenRISC processor in Verilog HDL, to protect against different exploitation methods. The challenge description provides all necessary details on the challenge. It is recommended to 'watch' this repository on GitHub, as the challenge will be updated periodically.

The top three competitors for the Embedded Security Challenge in India will be given the opportunity to present their solution at the 14th ACM-IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2016) in a special session at the conference. The competitors will also be given the opportunity to publish a 2-4 pages paper in the IEEE-Xplore version of the conference proceedings. The MEMOCODE 2016 conference will be held at IIT Kanpur 18-20 Nov, 2016. This opportunity to publish and present at an international conference is an added bonus on top of awards for the top three competitors of the Embedded Security Challenge.


For more details on ESC, regular updates, registration policies, competition deadlines, deliverables, equipment requirements, and contact information, please visit






Sneak peek
of CSAW'16.

Check it Out

Students, alumni and faculty: the brains behind ESC.