research-article

Public Access

Capture the Flag Unplugged: an Offline Cyber Competition

Authors:

Ambareen Siraj,

Eric BrownAuthors Info & Claims

SIGCSE '17: Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education

Pages 225 - 230

https://doi.org/10.1145/3017680.3017783

Published: 08 March 2017 Publication History

Abstract

In order to meet the cybersecurity workforce demand, it is important to raise cybersecurity interest among the youth. Just like ACM programming competitions, Capture the Flag (CTF) competitions allow students to learn cybersecurity skills in a fun and engaging way. It is an effective platform to increase students' interest in cybersecurity and prepare them for defending against real cyber attackers. A typical CTF competition requires at least some basic technical security knowledge and months of diligent preparation. For this very reason, many computer science students do not feel qualified to participate in CTF competitions, and as a result, do not even try. To overcome this lack of confidence while at the same time raising awareness about the cybersecurity profession in a realistic fashion, we have developed the CTF Unplugged project, as inspired by the CS Unplugged project. The primary goal is to teach students with little or no technical knowledge about the different cybersecurity challenges that a cybersecurity professional must address and the problem-solving skills needed for a cybersecurity career, all without direct use of technology. The effectiveness of CTF unplugged project has been evaluated after exposing 36 high school students participating in the Tennessee Tech University GenCyber Camp to these activities this past summer. Students reported a significant gain in knowledge, confidence and comfort level after participation.

References

[1]

The White House, "Fact Sheet: National Cybersecurity Action Plan". {Online}. Available: https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan

[2]

Cybersecurity Ventures, "Job Report". {Online}. Available: http://cybersecurityventures.com/

[3]

GenCyber, "Summer Cybersecurity Camp Program". {Online}. Available: https://www.gen-cyber.com/

[4]

Cybersecurity Education Research and Outreach Center (CEROC), Tennessee Tech University. {Online}. Available: https://www.tntech.edu/ceroc

[5]

Tennessee Tech University, Governor's. {Online}. Available: https://www.tntech.edu/engineering/academic-programs/governors-school

[6]

NSA Day of Cyber at Tennessee Tech University. {Online}. Available: http://dayofcyber.org/us/tennessee-tech-adds-nsa-day-of-cyber-experience/

[7]

NSA Day of Cyber. {Online}. Available: http://www.dayofcyber.org

[8]

T. Bell, et al. "Computer science unplugged: School students doing real computing without computers." Journal of Applied Computing and Info. Tech. 13.1 (2009): 20--29.

[9]

Network mapper, free security scanner. {Online}. Available: https://nmap.org

[10]

Volatility: memory forensics. {Online}. Available: http://www.volatilityfoundation.org

[11]

Nikto: web scanner. {Online}. Available: https://cirt.net/nikto2

[12]

Wireshark: network protocol analyzer. {Online}. Available: http://www/wireshark.org

[13]

Marzano, Robert J., and Debra J. Pickering. The highly engaged classroom. Solution Tree Press, 2013.

[14]

ASCII table. {Online}. Available: http://www.asciitable.com

[15]

Dcode project, "Caesar cipher". {Online}. Available: http://www.dcode.fr/caesar-cipher

[16]

S. Knight, "Rail Fence Cipher". {Online}. Available: http://www.cs.trincoll.edu/~crypto/historical/railfence.html

[17]

Domain tools, "WHOIS service". {Online}. Available: http://whois.domaintools.com/

[18]

Facebook, "Capture the Flag platform". {Online}. Available: https://github.com/facebook/fbctf

[19]

R. S. Cheung, et al., "Effectiveness of cybersecurity competitions," in Proceedings of the International Conference on Security and Management (SAM), the World Congress in Computer Science, Computer Engineering and Applied Computing, 2012.

[20]

C. Wee and M. Bashir, "Understanding the Personality Characteristics of Cybersecurity Competition Participants to Improve the Effectiveness of Competitions as Recruitment Tools," Advances in Human Factors in Cybersecurity. Springer Publishing, pp. 111--121, 2016.

[21]

R. S. Cheung, J. P. Cohen, H. Z. Lo, and F. Elia, "Challenge based learning in cybersecurity education," in Proceedings of the International Conference on Security & Management, vol. 1. Las Vegas, Nevada, USA: SAM 2011, Jul. 2011.

[22]

J. Werther, M. Zhivich, T. Leek, and N. Zeldovich, "Experiences in cybersecurity education: The MIT Lincoln laboratory capture-the-flag exercise," Cybersecurity Experimentation and Test, vol. 8, 2011.

Digital Library

[23]

C. Eagle and J. L. Clark, "Capture-the-flag: Learning computer security under fire," Naval Postgraduate School, Monterey CA, 2004.

[24]

Capture the Flag competitions. {Online}. Available: https://ctftime.org/

[25]

G. Vigna, et al., "Ten years of iCTF: The good, the bad, and the ugly," USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE). 2014.

[26]

D. R. Krathwohl, "A revision of Bloom's taxonomy: An overview," Theory into practice 41.4 (2002): 212--218.

[27]

CTF Unplugged. {Online}. Available: http://goo.gl/S4UEkO

[28]

P. Chapman, J. Burket, and D. Brumley, "PicoCTF: A game-based computer security competition for high school students," USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), 2014.

[29]

Cyber Security Awareness Week (CSAW). {Online}. Available: https://csaw.engineering.nyu.edu/about

[30]

A Network Security Game d0x3d!. {Online}. Available: http://d0x3d.com/d0x3d/welcome.html

[31]

T. Denning et al., "Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education," in Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security, pp. 915--928, ACM.

Digital Library

[32]

M. F. Thompson and C. E. Irvine, "Active Learning with the CyberCIEGE Video Game," USENIC Workshop on CyberSecurity Experimentation and Test, 2011.

Digital Library

[33]

B. Ledbetter, et al., "CySCom: Cybersecurity COMics," in Proceedings of the IEEE Intelligence and Security Informatics Conference (ISI), 2016.

Digital Library

Cited By

Madariaga LAllendes CNussbaum MBarrios GAcevedo N(2023)Offline and online user experience of gamified robotics for introducing computational thinkingComputers & Education10.1016/j.compedu.2022.104664193:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.compedu.2022.104664
Gardner TLeonard HWaite JSentance S(2022)What do We Know about Computing Education for K-12 in Non-formal Settings? A Systematic Literature Review of Recent ResearchProceedings of the 2022 ACM Conference on International Computing Education Research - Volume 110.1145/3501385.3543960(264-281)Online publication date: 3-Aug-2022
https://dl.acm.org/doi/10.1145/3501385.3543960
Singh MNegi RShukla S(2022)Automated Flag Detection and Participant Performance Evaluation for Pwnable CTFSilicon Valley Cybersecurity Conference10.1007/978-3-030-96057-5_9(126-142)Online publication date: 10-Feb-2022
https://doi.org/10.1007/978-3-030-96057-5_9
Show More Cited By

Index Terms

Capture the Flag Unplugged: an Offline Cyber Competition
1. Applied computing
  1. Education

Recommendations

Using Facebook's Open Source Capture the Flag Platform as a Hands-on Learning and Assessment Tool for Cybersecurity Education

There is a high demand for skilled cybersecurity professionals, however, entry-level employees and college graduates often lack the hands-on and real-world experience they need to be successful in the cybersecurity industry. This high demand has led ...
cs4fn and computational thinking unplugged
WiPSE '13: Proceedings of the 8th Workshop in Primary and Secondary Computing Education

'Computer Science for Fun' (cs4fn) is a public engagement project aiming to both enthuse school students about inter-disciplinary computer science and support computing teachers. It started in 2005, with cs4fn resources now widely used in UK schools as ...
Improving the Educational Efficacy of Beginner-friendly Cybersecurity Competitions
SIGCSE 2023: Proceedings of the 54th ACM Technical Symposium on Computer Science Education V. 2

Cybersecurity is a growing field with ample opportunities for experiential learning, including challenge-based capture-the-flag (CTF) competitions. CTFs are popular training tools among established cybersecurity professionals, and these events grow in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCSE '17: Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education

March 2017

838 pages

ISBN:9781450346986

DOI:10.1145/3017680

General Chairs:
Michael E. Caspersen
Aarhus University
,
Stephen H. Edwards
Virginia Tech
,
Program Chairs:
Tiffany Barnes
North Carolina State University
,
Daniel D. Garcia
University of California, Berkeley

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCSE: ACM Special Interest Group on Computer Science Education

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 March 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

SIGCSE '17

Sponsor:

SIGCSE

SIGCSE '17: The 48th ACM Technical Symposium on Computer Science Education

March 8 - 11, 2017

Washington, Seattle, USA

Acceptance Rates

SIGCSE '17 Paper Acceptance Rate 105 of 348 submissions, 30%;

Overall Acceptance Rate 1,595 of 4,542 submissions, 35%

Upcoming Conference

SIGCSE Virtual 2024

Sponsor:
sigcse

1st ACM Virtual Global Computing Education Conference

December 5 - 8, 2024

Virtual Event , NC , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
1,483
Total Downloads

Downloads (Last 12 months)273
Downloads (Last 6 weeks)28

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Madariaga LAllendes CNussbaum MBarrios GAcevedo N(2023)Offline and online user experience of gamified robotics for introducing computational thinkingComputers & Education10.1016/j.compedu.2022.104664193:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.compedu.2022.104664
Gardner TLeonard HWaite JSentance S(2022)What do We Know about Computing Education for K-12 in Non-formal Settings? A Systematic Literature Review of Recent ResearchProceedings of the 2022 ACM Conference on International Computing Education Research - Volume 110.1145/3501385.3543960(264-281)Online publication date: 3-Aug-2022
https://dl.acm.org/doi/10.1145/3501385.3543960
Singh MNegi RShukla S(2022)Automated Flag Detection and Participant Performance Evaluation for Pwnable CTFSilicon Valley Cybersecurity Conference10.1007/978-3-030-96057-5_9(126-142)Online publication date: 10-Feb-2022
https://doi.org/10.1007/978-3-030-96057-5_9
Merkouris AGarneli VChorianopoulos K(2021)Programming Human-Robot Interactions for Teaching Robotics within a Collaborative Learning Open Space: Robots Playing Capture the Flag GameCHI Greece 2021: 1st International Conference of the ACM Greek SIGCHI Chapter10.1145/3489410.3489422(1-5)Online publication date: 25-Nov-2021
https://dl.acm.org/doi/10.1145/3489410.3489422
Tan KOuh E(2021)Lessons Learnt Conducting Capture the Flag CyberSecurity Competition during COVID-192021 IEEE Frontiers in Education Conference (FIE)10.1109/FIE49875.2021.9637404(1-9)Online publication date: 13-Oct-2021
https://dl.acm.org/doi/10.1109/FIE49875.2021.9637404
Jaffray AFinn CNurse J(2021)SherLOCKED: A Detective-Themed Serious Game for Cyber Security EducationHuman Aspects of Information Security and Assurance10.1007/978-3-030-81111-2_4(35-45)Online publication date: 8-Jul-2021
https://doi.org/10.1007/978-3-030-81111-2_4
Sardar TWahsheh L(2020)Design of a cyber security awareness campaign to be implemented in a quarantine laboratoryJournal of Computing Sciences in Colleges10.5555/3417682.341768335:9(11-18)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3417682.3417683
Khoo L(2020)Design and Develop a Cybersecurity Education Framework Using Capture the Flag (CTF)Research Anthology on Artificial Intelligence Applications in Security10.4018/978-1-7998-7705-9.ch011(225-249)Online publication date: 27-Nov-2020
https://doi.org/10.4018/978-1-7998-7705-9.ch011
Fernández-Caramés TFraga-Lamas P(2020)Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use CasesSensors10.3390/s2011304820:11(3048)Online publication date: 27-May-2020
https://doi.org/10.3390/s20113048
González-Tablas AGonzález Vasco MCascos IPlanet Palomino Á(2020)Shuffle, Cut, and Learn: Crypto Go, a Card Game for Teaching CryptographyMathematics10.3390/math81119938:11(1993)Online publication date: 8-Nov-2020
https://doi.org/10.3390/math8111993
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents