Technical Architecture

A complete view of the system protecting the data

The Premise

Sensitive data is transmitted between two AKM-secured endpoints. Continuously. The encrypted traffic passes through a network segment where adversaries have full capture capability. This is the same AKM protocol protecting critical infrastructure worldwide.

System Components

1

Secure Endpoints (EP-A & EP-B)

Two tamper-resistant hardware devices running AKM firmware. Each contains a Hardware Security Module that stores cryptographic material. Physical access is monitored via live camera feed.

Hardware: STM32 + HSM

Enclosure: Tamper-evident

2

AKM Protocol

Data is encrypted using AKM's autonomous key management protocol. AES-256 encryption. HMAC-SHA256 authentication. Per-session key rotation. Replay protection. No PKI dependencies.

Cipher: AES-256

MAC: HMAC-SHA256

Key Rotation: Per-session

Forward Secrecy: Enabled

3

Adversary Position

Registered participants receive SSH access to a dedicated machine positioned on the network. Full packet capture of all AKM traffic. This simulates a compromised network segment—the scenario AKM is designed to defeat.

Access: SSH (time-boxed)

Position: Inline tap

Capability: Full capture

Duration: 4 hours/session

4

The Objective

Extract the plaintext from captured traffic. Successful decryption proves a vulnerability in AKM encryption and demonstrates a break in the protocol.

Target: Encrypted plaintext

Success: Verified decryption

Operational Integrity

Production Configuration

No weakened keys. No debug modes. No planted vulnerabilities. This is standard AKM deployment—the same configuration protecting operational systems.

Complete Visibility

Adversaries see everything a real attacker would see. We don't filter traffic or restrict capture. The full encrypted stream is available for analysis.

Real Stakes

A successful decryption proves a fundamental flaw in AKM. This isn't a simulation—it's a standing proof of cryptographic security.

Full Audit Trail

All sessions logged. All attempts documented. Public record of the system's operational history and security posture.

Attack Surface Analysis

With full network access, adversaries still face these cryptographic barriers

Traffic Analysis

Ciphertext reveals no information about the underlying plaintext

Replay

Session keys rotate. Nonces prevent replay of captured packets.

MITM

Mutual authentication prevents injection of malicious traffic

Brute Force

256-bit key space. Computationally infeasible to exhaust.

Protocol Exploits

Fixed message formats. No parsing vulnerabilities.

Side Channels

Constant-time operations. No timing leaks.

Common Questions

Is this a CTF?

No. There are no planted flags or intentional weaknesses. This is production-grade AKM security under real-world adversarial conditions.

What if I find a non-exploitable vulnerability?

Report it. We maintain a responsible disclosure program. Significant findings may qualify for separate recognition.

What happens if someone succeeds?

A successful decryption would demonstrate a critical flaw in AKM encryption. We would document the finding, credit the researcher, and address the vulnerability.

Can I attack the infrastructure?

The scope is AKM cryptographic security. Attacks on web infrastructure, physical tampering, or social engineering are out of bounds and will result in termination.

Ready to Engage

View Rules of Engagement