Conference Paper

A NERD DOGMA: Introducing CTF to Non-expert Audience

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... While analyzing students' perceptions, research indicates that the gamification of cybersecurity enables students to therefore increase awareness. To incorporate features of virtualization and visual design of Capture the Flag (CTF) competitions, accessibility components are taken into high consideration for future work of user-interface enhancements in the deployment of inclusive game-design mechanisms and exercises for modular objectives per challenge in a given CTF exercise [18], [73], [78]. ...
Conference Paper
Gamification is an interactive technology that enhances the user experience by designing modular objectives into game-design elements. In the same manner, gamification has the potential to enhance cybersecurity Awareness for neurodiverse individuals and people with disabilities by using Assistive Technology (AT) to achieve reward-system objectives. To understand further, we conducted a detailed systematization of knowledge (SoK) on 71 peer-reviewed publications concentrating research efforts to increase cybersecurity awareness through accessible gamification. The findings of this SoK establish fundamental components required to address the inclusive nature of gamifica-tion in cybersecurity and thereby identify requirements gathering objectives for impacting increased results in raising cybersecurity awareness. After a methodical process of iterative screening and manual analysis in this targeted subject matter, we found that only 9 out of the 71 gamified cybersecurity research initiatives directly address "accessibility" and the implementation methods for game-design elements that would facilitate accessible user-experience. Moreover, a cross-functional Learning Management System (LMS) and Modular Reward System can be optimized by data formulated through a Technology Acceptance Model (TAM) for people with disabilities using AT. Lastly, we propose that a modular training format should effectively engage and facilitate user interface and user experience despite context-oriented limitations on physical.
Conference Paper
Full-text available
Alternate reality games (ARGs) have been shown to have desirable characteristics for computer security education and student motivation. We implemented a 10-week-long ARG in an introductory undergraduate computer science course, and formally assessed the ARG’s impact on students’ course experience, as well as examined students’ motivation-related experiences in the course by gender. Among other conclusions, we found that the ARG enabled an authentic and motivating problem-solving environment, but also raised ethical concerns among students that could lead to constructive discussions on ethical behavior in computer security. We also found that the ARG’s use of several programming languages has detrimental effects on novice students— especially women—who felt at a disadvantage compared to their peers. We discuss connections to extant literature and implications for future implementations of the ARG.
Conference Paper
Full-text available
Cybersecurity is critical to the national infrastructure, federal and local government, military, industry, and personal privacy. To defend the U.S. against the cyber threats, a significant demand for skilled cybersecurity workforce is predicted in government and industrial sectors. To address this issue, National Security Agency and the National Science Foundation jointly funded GenCyber program to stimulate the K-12 students' interest in the cybersecurity field and raise their awareness of cybersecurity and safe online behavior. Purdue University Northwest has successfully launched four GenCyber summer camps in 2016 and 2017 to 181 high school students, with 51.3% underrepresented minority ratio (Africa American and Hispanics), and about 2:1 male to female ratio. We delivered GenCyber summer camp activities in the format of game based learning and hands-on labs. The use of game-based learning in the camp was an excellent platform to teach concepts of cyber security principles. For example, in Cyber Defense Tower Game, students need to protect their servers from the different types of cyber-attack. They need to select the correct type of defense to stop each wave of cyber-attack. As the students advanced through the game, combinations of the different attacks would come faster, making it more difficult for the students to defend their servers. This game was well received by the students, support staffs, instructors, and site visit team. Learning through these activities provided high school students with an immersive, learner-centered experience, which has been proven very effective on cybersecurity awareness training and practical skill acquisition for learners from diverse backgrounds. Further analysis of survey data revealed that the gamification of cybersecurity education to raise students' interests in computer science and cybersecurity was more effective in male high school students than in female students.
Article
Full-text available
Educators and sponsors endorse competitions as a strong, positive influence on career choice. However, empirical studies of cybersecurity competitions are lacking, and evidence from computer science and mathematics competitions has been mixed. Here we report initial results from an ongoing study of the National Cyber League to provide a glimpse of the role of competitions in fostering cybersecurity career engagement. Preliminary results suggest that cyber competitions attract experienced individuals who will remain in the profession for the long-term, but future research is needed to understand how cyber competitions may engage women and those new to the field.
Article
Gamification is the use of game elements in domains other than games. Gamification use is often suggested for difficult activities because it enhances users’ engagement and motivation level. Due to such benefits, the use of gamification is also proposed in education environments to improve students’ performance, engagement, and satisfaction. Computer science in higher education is a tough area of study and thus needs to utilize various already explored benefits of gamification. This research develops an empirical study to evaluate the effectiveness of gamification in teaching computer science in higher education. Along with the learning outcomes, the effect of group size on students’ satisfaction level is also measured. Furthermore, the impact of gamification over time is analyzed throughout a semester to observe its effectiveness as a long-term learning technique. The analysis, covering both learning outcome and students’ satisfaction, suggests that gamification is an effective tool to teach tough courses at higher education level; however, group size should be taken into account for optimal classroom size and better learning experience.
Conference Paper
As the world grows more technology involved, teaching some measure of cybersecurity has become imperative. Our research lab aims to help increase the cybersecurity interest and awareness among those of all ages. To aid us in this endeavor, we decided to introduce an interesting method that gamifies cybersecurity. Our methodology tests whether our new method is a viable vehicle for cybersecurity education. To do this, we asked participants to take surveys and included our own observations. We conclude our paper with our analysis of survey results and future improvements for an effective educational tool.
Conference Paper
We are living in a world which is continually evolving and where modern conflicts have moved to the cyber domain. In its 2010 Strategic Concept, NATO affirmed its engagement to reinforce the defence and deterrence of its state members. In this light, it has been suggested that the gamification of training and education for cyber security will be beneficial. Although serious games have demonstrated pedagogic effectiveness in this field, they have only been used in a limited number of contexts, revealing some limitations. Thus, it is argued that serious games could be used in informal contexts while achieving similar pedagogic results. It is also argued that the use of such a serious game could potentially reach a larger audience than existing serious games, while complying with national cyber strategies. To this end, a framework for designing serious games which are aimed at raising an awareness of cyber security to those with little or no knowledge of the subject is presented. The framework, based upon existing frameworks and methodologies, is also accompanied with a set of cyber security skills, itself based upon content extracted from government sponsored awareness campaigns, and a method of integrating these skills into the framework. Finally, future research will be conducted to refine the framework and to improve the set of cyber security related skills in order to suit a larger range of players. A proof of concept will also be designed in order to collect empirical data and to validate the effectiveness of the framework.
Article
The iCTF is a security competition—a one-day, live hacking event that happens each December. It has evolved over the years from a dozen or so universities to nearly 70, with approximately 900 people playing at one time. This year differed slightly from previous years—IEEE Security & Privacy and Adobe offered cash prizes, and the competition featured different designs than in the past. Brian Pak is an undergrad student at Carnegie Mellon University and leader of the Plaid Parliament of Pwning, the team that won the 2010 International Capture the Flag Competition organized by Giovanni Vigna every year. Here, Giovanni Vigna talks with Brian about the competition.
Leveraging Competitive Gamification for Sustainable Fun and Profit in Security Education
  • Adrian Dabrowski
  • Markus Kammerstetter
  • Eduard Thamm
  • Edgar Weippl
  • Wolfgang Kastner
Adrian Dabrowski, Markus Kammerstetter, Eduard Thamm, Edgar Weippl, and Wolfgang Kastner. 2015. Leveraging Competitive Gamification for Sustainable Fun and Profit in Security Education. In 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15). USENIX Association, Washington, D.C. https://www.usenix.org/conference/3gse15/summitprogram/presentation/dabrowski