Hack the room:an augmented reality game for non-experts to learn ethical hacking

Abstract. The shortage of cybersecurity skills caused by a widespread talent drought is having a signifcant economic impact on organizations globally. Several initiatives have been implemented to address this defcit, providing new educational pathways for novice and advanced students. Recently, ethical hacking gamifcation platforms and Capture the Flag (CTF) online games have risen in popularity, offering fun and engaging content that motivate beginners to acquire offensive and defensive cybersecurity skills. However, the use of augmented reality (AR) applications for cybersecurity skill development remains mostly unexplored. Against this backdrop, the overall aim of the thesis is to examine whether CTF games in AR can improve learning outcomes in information security and enhance security situational awareness. Specifcally, we explore how AR gamifcation impacts training and overall experience in the context of ethical hacking tasks. To achieve this, we have created Hack the Room, which is an ethical hacking game developed in Unity, where players use Linux terminals to solve CTF-style tasks. The game can be used for learning key cybersecurity concepts vital for organizations, and target users who have no previous cybersecurity experience, and need to be retrained for future-proofng organizations. In the game, the player has to use simple simple Linux terminal commands like listing fles in directories and reading fles stored in virtual machines hosted in the cloud (CSC Pouta) to reach the predetermined tasks. Each playthrough lasts 20 minutes and features three tasks. The game can be modifed or made more diffcult by changing the tasks in the virtual machine. The main goal of the game is to complete all of the tasks in the game. Our gamifcation concept was evaluated in a feld experiment that included six participants divided into two groups, an expert group (N=3) and a non-expert group (N=3). The expert group responded to a questionnaire that assessed their situational awareness during the game, while the non-expert group responded to a questionnaire that evaluated learning outcomes. The participants reported positive learning outcomes and high situational awareness after playing the game.Hack the room : lisätyn todellisuuden peli eettisen hakkeroinnin oppimiseen. Tiivistelmä. Pula tietoturvaosaamisesta vaikuttaa taloudellisesti organisaatioihin maailmanlaajuisesti. Tämän puutteen korjaamiseksi on tehty useita aloitteita, joissa tarjotaan oppipolkuja aloitteleville sekä edistyneemmille oppillaille. Eettisen hakkeroinnin pelillistämisalustat sekä Capture the Flag- (CTF) (suom. lipunryöstö) verkkopelit ovat lisänneet suosiotaan viime vuosina ja ne tarjoavat hyvän mahdollisuuden vasta-alkajille opetella tietoturvahyökkäämistä ja -puolustamista. Lisätyn todellisuuden hyödyntämistä tietoturvakoulutuksessa ei ole kuitenkaan tutkittu laajalti. Tässä kandidaatin tutkinnossa käsitellään lisätyn todellisuuden hyödyntämistä CTF-peleissä sekä sitä, miten lisätty todellisuus vaikuttaa tietoturvallisuuden ja turvallisuuden tilannetietoisuuden oppimiseen. Käsittelemme erityisesti, miten lisätyn todellisuuden pelillistäminen vaikuttaa harjoitteluun sekä yleiseen kokemukseen eettisissä hakkerointitehtävissä. Tämän mahdollistamiseksi loimme Hack the Roomin, joka on Unityssä kehitetty kyberturvallisuuspeli, jossa pelaajat käyttävät Linux-terminaaleja läpäistäkseen lipunryöstötyyppisiä tehtäviä. Sitä voidaan käyttää työkaluna henkilöiden tietoturvaan tutustuttamiseen, kouluttamiseen ja uudelleen opettamiseen. Pelin tehtävät koostuivat yksinkertaisista tehtävistä, joissa käytettiin Linuxkomentoja, kuten tiedostojen listaamista ja -lukemista. Jokainen pelikerta on 20 minuutin pituinen ja sisältää kolme tehtävää. Peliä voi muokata tarpeiden mukaan, esimerkiksi nostaa vaikeustasoa muuttamalla pelin virtuaalikonetta. Pelin käyttämä virtuaalikone sijaitsee CSC Pouta-palvelimella. Kehittämämme pelillistämiskonsepti evaluoitiin kenttäkokeella. Kokeessa oli 6 osallistujaa, jotka jaettiin kahteen ryhmään. Ryhmät koostuivat asiantuntijoista ja henkilöistä, joilla ei ollut aiempaa kokemusta eettisestä hakkeroinnista. Asiantuntijoiden ryhmä vastasi kyselyyn, joka mittasi heidän tilannetietoisuuttaan ja toinen ryhmä kyselyyn, joka mittasi heidän oppimistaan pelissä. Kenttäkoe osoitti sekä positiivisia oppimistuloksia, että korkeaa tilannetietoisuutta pelissä

Game based cyber security training: are serious games suitable for cyber security training?

Security research and training is attracting a lot of investment and interest from governments and the private sector. Most efforts have focused on physical security, while cyber security or digital security has been given less importance. With recent high-profile attacks it has become clear that training in cyber security is needed. Serious Games have the capability to be effective tools for public engagement and behavioural change and role play games, are already used by security professionals. Thus cyber security seems especially well-suited to Serious Games. This paper investigates whether games can be effective cyber security training tools. The study is conducted by means of a structured literature review supplemented with a general web search. While there are early positive indications there is not yet enough evidence to draw any definite conclusions. There is a clear gap in target audience with almost all products and studies targeting the general public and very little attention given to IT professionals and managers. The products and studies also mostly work over a short period, while it is known that short-term interventions are not particularly effective at affecting behavioural change

A Cybersecurity Model for a Roblox-based Metaverse Architecture Framework

The adoption of virtual reality VR and augmented reality AR headsets in futuristic and science fiction has made it possible for the Metaverse to exist as a single universal immersive virtual universe By extending technology outside of our physical reality the Metaverse alters the human experience The four categories we use to categorize metaverse definitions are environment interface interaction and social value Currently it is unclear what the metaverse s structure and elements are A cybersecurity framework for these devices is necessary as the world grows more interconnected and immersive technologies are increasingly widely used in business government and consumer markets Used was a literature revie

Gamification as a neuroergonomic approach to improving interpersonal situational awareness in cyber defense

In cyber threat situations, the establishment of a shared situational awareness as a basis for cyber defense decision-making results from adequate communication of a Recognized Cyber Picture (RCP). RCPs consist of actively selected information and have the goal of accurately presenting the severity and potential consequences of the situation. RCPs must be communicated between individuals, but also between organizations, and often from technical to non-/less technical personnel. The communication of RCPs is subject to many challenges that may affect the transfer of critical information between individuals. There are currently no common best practices for training communication for shared situational awareness among cyber defense personnel. The Orient, Locate, Bridge (OLB) model is a pedagogic tool to improve communication between individuals during a cyber threat situation. According to the model, an individual must apply meta-cognitive awareness (O), perspective taking (L), and communication skills (B) to successfully communicate the RCP. Gamification (applying game elements to non-game contexts) has shown promise as an approach to learning. We propose a novel OLB-based Gamification design to improve dyadic communication for shared situational awareness among (technical and non-technical) individuals during a cyber threat situation. The design includes the Gamification elements of narrative, scoring, feedback, and judgment of self. The proposed concept contributes to the educational development of cyber operators from both military and civilian organizations responsible for defending and securing digital infrastructure. This is achieved by combining the elements of a novel communication model with Gamification in a context in urgent need for educational input.publishedVersio

Enhancing Situational Awareness for Tutors of Cybersecurity Capture the Flag Games

Supervised Capture the Flag games represent a popular method of practical hands-on training in cybersecurity education. However, as cybersecurity training sessions are process-oriented, tutors have only a limited insight into what trainees are doing and how they deal with the tasks. From their perspective, it is necessary to have situational awareness, enabling them to identify and react to any issues during a training session as soon as they emerge. We propose a tool designed in collaboration with cybersecurity educators. Based on user requirements, we developed the Progress Visualization Tool, which provides educators with timely feedback through the session. More specifically, the tool informs educators of the training progression, helps identify the students who might struggle with their tasks, and reveals overall deviation from the schedule. We validated the tool through formative and summative qualitative in-lab evaluations. The participants appraised the impact on the training workflow and gave further insights regarding the tool. We discuss the insights and recommendations that arose from the evaluations as they could aid the design of future tools for supporting educators, not only of CTFs but also in other domains.Supervised Capture the Flag games represent a popular method of practical hands-on training in cybersecurity education. However, as cybersecurity training sessions are process-oriented, tutors have only a limited insight into what trainees are doing and how they deal with the tasks. From their perspective, it is necessary to have situational awareness, enabling them to identify and react to any issues during a training session as soon as they emerge. We propose a tool designed in collaboration with cybersecurity educators. Based on user requirements, we developed the Progress Visualization Tool, which provides educators with timely feedback through the session. More specifically, the tool informs educators of the training progression, helps identify the students who might struggle with their tasks, and reveals overall deviation from the schedule. We validated the tool through formative and summative qualitative in-lab evaluations. The participants appraised the impact on the training workflow and gave further insights regarding the tool. We discuss the insights and recommendations that arose from the evaluations as they could aid the design of future tools for supporting educators, not only of CTFs but also in other domains

Proceedings of the CUNY Games Conference 6.0

The CUNY Games Network is an organization dedicated to encouraging research, scholarship and teaching in the developing field of games-based learning. We connect educators from every campus and discipline at CUNY and beyond who are interested in digital and non-digital games, simulations, and other forms of interactive teaching and inquiry-based learning. These proceedings summarize the CUNY Games Conference 6.0, where scholars shared research findings at a three-day event to promote and discuss game-based pedagogy in higher education. Presenters could share findings in oral presentations, posters, demos, or play testing sessions. The conference also included workshops on how to modify existing games for the classroom, how to incorporate elements of play into simulations and critical thinking activities, math games, and how to create computer games

Multimodal teaching, learning and training in virtual reality: a review and case study

It is becoming increasingly prevalent in digital learning research to encompass an array of different meanings, spaces, processes, and teaching strategies for discerning a global perspective on constructing the student learning experience. Multimodality is an emergent phenomenon that may influence how digital learning is designed, especially when employed in highly interactive and immersive learning environments such as Virtual Reality (VR). VR environments may aid students' efforts to be active learners through consciously attending to, and reflecting on, critique leveraging reflexivity and novel meaning-making most likely to lead to a conceptual change. This paper employs eleven industrial case-studies to highlight the application of multimodal VR-based teaching and training as a pedagogically rich strategy that may be designed, mapped and visualized through distinct VR-design elements and features. The outcomes of the use cases contribute to discern in-VR multimodal teaching as an emerging discourse that couples system design-based paradigms with embodied, situated and reflective praxis in spatial, emotional and temporal VR learning environments

National Conference on COMPUTING 4.0 EMPOWERING THE NEXT GENERATION OF TECHNOLOGY (Era of Computing 4.0 and its impact on technology and intelligent systems)

As we enter the era of Computing 4.0, the landscape of technology and intelligent systems is rapidly evolving, with groundbreaking advancements in artificial intelligence, machine learning, data science, and beyond. The theme of this conference revolves around exploring and shaping the future of these intelligent systems that will revolutionize industries and transform the way we live, work, and interact with technology. Conference Topics Quantum Computing and Quantum Information Edge Computing and Fog Computing Artificial Intelligence and Machine Learning in Computing 4.0 Internet of Things (IOT) and Smart Cities Block chain and Distributed Ledger Technologies Cybersecurity and Privacy in the Computing 4.0 Era High-Performance Computing and Parallel Processing Augmented Reality (AR) and Virtual Reality (VR) Applications Cognitive Computing and Natural Language Processing Neuromorphic Computing and Brain-Inspired Architectures Autonomous Systems and Robotics Big Data Analytics and Data Science in Computing 4.0https://www.interscience.in/conf_proc_volumes/1088/thumbnail.jp

Challenges of rapid migration to fully virtual education in the age of the Corona virus pandemic: experiences from across the world

The social disruption caused by the sudden eruption of the Corona Virus pandemic has shaken the whole world, influencing all levels of education immensely. Notwithstanding there was a lack of preparedness for this global public health emergency which continues to affect all aspects of work and life. The problem is, naturally, multifaceted, fast evolving and complex, affecting everyone, threatening our well-being, the global economy, the environment and all societal and cultural norms and our everyday activities. In a recent UNESCO report it is noted that nearly a billion and a quarter (which is 67,7 % of the total number) of learners have been affected by the Corona Virus pandemic worldwide. The education sector at all levels has been one of the hardest hit sectors particularly as the academic/school year was in full swing. The impact of the pandemic is widespread, representing a health hazard worldwide. Being such, it profoundly affects society as a whole, and its members that are, in particular, i) individuals (the learners, their parents, educators, support staff), ii) schools, training organisations, pedagogical institutions and education systems, iii) quickly transformed policies, methods and pedagogies to serve the newly appeared needs of the latter. Lengthy developments of such scale usually take years of consultation, strategic planning and implementation. In addition to raising awareness across the population of the dangers of the virus transmission and instigating total lockdown, it has been necessary to develop mechanisms for continuing the delivery of education as well as demanding mechanisms for assuring the quality of the educational experience and educational results. There is often scepticism about securing quality standards in such a fast moving situation. Often in the recent past, the perception was that courses and degrees leading to an award are inferior if the course modules (and sometimes its assessment components) were wholly online. Over the last three decades most Higher Education institutions developed both considerable infrastructure and knowhow enabling distance mode delivery schools (Primary and Secondary) had hardly any necessary infrastructure nor adequate knowhow for enabling virtual education. In addition, community education and various training providers were mainly delivered face-to-face and that had to either stop altogether or rapidly convert materials, exercises and tests for online delivery and testing. A high degree of flexibility and commitment was demanded of all involved and particularly from the educators, who undertook to produce new educational materials in order to provide online support to pupils and students. Apart from the delivery mode of education, which is serving for certificated programmes, it is essential to ensure that learners’ needs are thoroughly and continuously addressed and are efficiently supported throughout the Coronavirus or any other future lockdown. The latter can be originated by various causes and reasons that vary in nature, such as natural or socioeconomical. Readiness, thus, in addition to preparedness, is the primary key question and solution when it comes to quality education for any lockdown. In most countries, the compulsory primary and secondary education sectors have been facing a more difficult challenge than that faced by Higher Education. The poor or in many cases non-existent technological infrastructure and low technological expertise of the teachers, instructors and parents, make the delivery of virtual education difficult or even impossible. The latter, coupled with phenomena such as social exclusion and digital divide where thousands of households do not have adequate access to broadband Internet, Wi-Fi infrastructure and personal computers hamper the promising and strenuous virtual solutions. The shockwaves of the sudden demands on all sectors of society and on individuals required rapid decisions and actions. We will not attempt to answer the question “Why was the world unprepared for the onslaught of the Coronavirus pandemic” but need to ascertain the level of preparedness and readiness particularly of the education sector, to effect the required rapid transition. We aimed to identify the challenges, and problems faced by the educators and their institutions. Through first-hand experiences we also identify best practices and solutions reached. Thus we constructed a questionnaire to gather our own responses but also experiences from colleagues and members of our environment, family, friends, and colleagues. This paper reports the first-hand experiences and knowledge of 33 co-authors from 27 institutions and from 13 different countries from Europe, Asia, and Africa. The communication technologies and development platforms used are identified; the challenges faced as well as solutions and best practices are reported. The findings are consolidated into the four areas explored i.e. Development Platforms, Communications Technologies, Challenges/Problems and Solutions/Best Practices. The conclusion summarises the findings into emerging themes and similarities. Reflections on the lasting impact of the effect of Coronavirus on education, limitations of study, and indications of future work complete the paper