ABSTRACT
This paper presents Criminal Investigations, a gamified, scalable web-based framework for teaching and assessing Internet-of-Things (IoT) security skills. Criminal Investigations is packaged as a series of stackable IoT security activities; the current version uses React for the front-end development and Python for the back-end, and is deployed as a web application on a university server. Criminal Investigations promotes student engagement and learning by incorporating gamification concepts such as storytelling, experience points, just-in-time learning content delivery and checkpoints into activity design. This paper presents a pilot deployment of Criminal Investigations' first, fully-deployed, prototype activity "Reverse Engineering and Analyzing IoT Firmware''. The results of the pilot deployment indicate that Criminal Investigations provides an engaging, user-friendly, accessible environment, and helps students achieve the learning objectives of the prototype activity.
- [n.d.]. Process Oriented Guided Inquiry Learning. https://pogil.org/.Google Scholar
- [n.d.]. Process Oriented Guided Inquiry Learning. http://cspogil.org/Home.Google Scholar
- [n.d.]. The Need for Diversity in Cybersecurity. https://medium.com/diversityunscripted/the-need-for-diversity-in-cybersecurity-1ec1c14e1770.Google Scholar
- Muhammad Rizwan Asghar and Andrew Luxton-Reilly. 2018. Teaching Cyber Security Using Competitive Software Obfuscation and Reverse Engineering Activities. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education. 179--184.Google ScholarDigital Library
- Attify. [n.d.]. Offensive IoT Exploitation. https://www.attify.com/iot-securityexploitation-training. Accessed: 2020--1--13.Google Scholar
- Jonathan Bergmann and Aaron Sams. 2012. Flip your classroom: Reach every student in every class every day. International society for technology in education.Google Scholar
- J. Bergmann and A. Sams. 2014. Flipped Learning: Gateway to Student Engagement. International Society for Technology in Education.Google Scholar
- Jacob Lowell Bishop and Matthew A Verleger. 2013. The flipped classroom: A survey of the research. In ASEE National Conference Proceedings, Atlanta, GA, Vol. 30. 1--18.Google ScholarCross Ref
- Charles C Bonwell and James A Eison. 1991. Active Learning: Creating Excitement in the Classroom. 1991 ASHE-ERIC Higher Education Reports. ERIC.Google Scholar
- Brian Russel and Sunil Gupta. [n.d.]. Securing IoT: From Security to Practical Pentesting on IoT. https://www.udemy.com/course/securing-iot-from-securityto-practical-pentesting-on-iot/. Accessed: 06-07--2019.Google Scholar
- Patrick Buckley and Elaine Doyle. 2016. Gamification and student motivation. Interactive Learning Environments 24, 6 (2016), 1162--1175. https://doi.org/10. 1080/10494820.2014.964263Google ScholarCross Ref
- Tom Chothia and Joeri de Ruiter. 2016. Learning From Others' Mistakes: Penetration Testing IoT Devices in the Classroom. In USENIX Workshop on Advances in Security Education (ASE 16).Google Scholar
- OverTheWire (community). [n.d.]. Wargames. http://overthewire.org/ wargames/.Google Scholar
- Chris Crawford. 2003. Chris Crawford on Game Design. New Riders Publishing, USA.Google ScholarDigital Library
- DataUSA. [n.d.]. INFORMATION SECURITY ANALYSTS. https://datausa.io/ profile/soc/151122/#demographics. Accessed on 04--22--2019.Google Scholar
- Tamara Denning, Adam Lerner, Adam Shostack, and Tadayoshi Kohno. 2013. Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security (CCS). 915--928.Google ScholarDigital Library
- Distributed Management Task Force (DMTF). [n.d.]. Open Virtualization Format. https://www.dmtf.org/standards/ovf. Accessed on 01--14--2021.Google Scholar
- edx. [n.d.]. Cybersecurity and Privacy in the IoT. https://www.edx.org/course/ cybersecurity-and-privacy-in-the-iot. Accessed: 2019--5--7.Google Scholar
- edX-Curtin University. [n.d.]. Cybersecurity and Privacy in the IoT. https: //www.edx.org/course/cybersecurity-and-privacy-in-the-iot. Accessed: 06-07- 2019.Google Scholar
- Facebook Inc. [n.d.]. React-A JavaScript library for building user interfaces. https://reactjs.org/. Accessed on 08--26--2020.Google Scholar
- Zachary Fitz-Walter. 2020. What is Gamification? https://www.gamify.com/whatis-gamification.Google Scholar
- Scott Freeman, Sarah L Eddy, Miles McDonough, Michelle K Smith, Nnadozie Okoroafor, Hannah Jordt, and Mary Pat Wenderoth. 2014. Active learning increases student performance in science, engineering, and mathematics. Proceedings of the National Academy of Sciences 111, 23 (2014), 8410--8415.Google ScholarCross Ref
- GiantBomb.com. 2020. Experience Points. https://www.giantbomb.com/ experience-points/3015--39/.Google Scholar
- Craig Heffner. 2010. Binwalk: Firmware analysis tool. (2010).Google Scholar
- Helen H. Hu and Clifton Kussmaul. 2012. Promoting Student-centered Learning with POGIL. In Proceedings of the 43rd ACM Technical Symposium on Computer Science Education (SIGCSE '12). 579--580.Google Scholar
- Helen H Hu and Tricia D Shepherd. 2014. Teaching CS 1 with POGIL activities and roles. In Proceedings of the 45th ACM technical symposium on Computer science education. ACM, 127--132.Google ScholarDigital Library
- (ISC)2 . [n.d.]. Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens: (ISC)2 CYBERSECURITY WORKFORCE STUDY, 2018. Technical Report. Accessed on 04--22--2019.Google Scholar
- json.org. [n.d.]. Introducing JSON. https://www.json.org/json-en.html. Accessed on 01--14--2021.Google Scholar
- Jesper Juul. 2011. Half-real: Video games between real rules and fictional worlds. MIT press.Google ScholarDigital Library
- David R. Krathwohl. 2002. A Revision of Bloom's Taxonomy: An Overview. Theory Into Practice 41, 4 (2002), 212--218.Google ScholarCross Ref
- Clifton Kussmaul. 2012. Process oriented guided inquiry learning (POGIL) for computer science. In SIGCSE.Google Scholar
- Celine Latulipe, N. Bruce Long, and Carlos E. Seminario. 2015. Structuring Flipped Classes with Lightweight Teams and Gamification. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (Kansas City, Missouri, USA) (SIGCSE '15). ACM, New York, NY, USA, 392--397.Google Scholar
- Chengcheng Li and Rucha Kulkarni. 2016. Survey of Cybersecurity Education through Gamification. In Proceedings of the ASEE Annual Conference & Exposition.Google ScholarCross Ref
- Peter Loshin. [n.d.]. McAfee CISO explains why diversity in cybersecurity matters. https://searchsecurity.techtarget.com/feature/McAfee-CISO-explainswhy-diversity-in-cybersecurity-matters. Accessed on 04--22--2019.Google Scholar
- Stephen MacNeil, Celine Latulipe, Bruce Long, and Aman Yadav. 2016. Exploring Lightweight Teams in a Distributed Learning Environment. In Proceedings of the 47th ACM Technical Symposium on Computing Science Education (Memphis, Tennessee, USA) (SIGCSE '16). ACM, New York, NY, USA, 193--198.Google ScholarDigital Library
- Mary Lou Maher, Celine Latulipe, Heather Lipford, and Audrey Rorrer. 2015. Flipped Classroom Strategies for CS Education. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15). 218--223.Google ScholarDigital Library
- Michael Mateas and Phoebe Sengers. 1998. Narrative Intelligence. In The Proceedings of AAAI Fall Symposium.Google Scholar
- M Mateas and A Stern. 2003. Fa{ç}ade: An experiment in building a fully-realized interactive drama. In The Proceedings of Game Developers Conference, Game Design track. Citeseer.Google Scholar
- Matt Trobbiani. [n.d.]. Hacknet Labyrinths. https://store.steampowered.com/ app/521840/Hacknet__Labyrinths/. Accessed on 08--25--2020.Google Scholar
- Chet Meyers and Thomas B Jones. 1993. Promoting Active Learning. Strategies for the College Classroom. ERIC.Google Scholar
- MongoDB, Inc. [n.d.]. MongoDB-The database for modern applications. https: //www.mongodb.com/. Accessed on 01--13--2021.Google Scholar
- Rick Moog. 2014. Process oriented guided inquiry learning. Washington University Libraries.Google Scholar
- Richard S Moog, James N Spencer, and Andrei R Straumanis. 2006. Processoriented guided inquiry learning: POGIL and the POGIL project. Metropolitan Universities 17, 4 (2006), 41--52.Google Scholar
- NLTK Project. [n.d.]. Natural Language Toolkit. https://www.nltk.org/. Accessed on 08--11--2021.Google Scholar
- Nokia. 2020. Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices. https://nokia.ly/3azsLiV.Google Scholar
- Pallets. [n.d.]. Flask-web development, one drop at a time. https://flask. palletsprojects.com/en/1.1.x/. Accessed on 08--26--2020.Google Scholar
- Katie Salen and Eric Zimmerman. 2003. Rules of Play: Game Design Fundamentals. The MIT Press.Google ScholarDigital Library
- Z. Cliffe Schreuders and Emlyn Butterfield. 2016. Gamification for Teaching and Learning Computer Security in Higher Education. In Proceedings of the USENIX Workshop on Advances in Security Education (ASE 16).Google Scholar
- Security Today. 2020. The IoT Rundown For 2020: Stats, Risks, and Solutions. https://securitytoday.com/Articles/2020/01/13/The-IoT-Rundown-for2020.aspx?Page=2.Google Scholar
- Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker.. In Proceedings of the USENIX Annual Technical Conference. 309--318.Google Scholar
- Tactical Network Solutions. [n.d.]. IoT Firmware Exploitation. https://www. tacnetsol.com/store/aRyibNKX. Accessed: 2020--1--13.Google Scholar
- TeachThought Staff. 2020. 12 Examples Of Gamification In The Classroom. https://www.teachthought.com/the-future-of-learning/12-examples-ofgamification-in-the-classroom/.Google Scholar
- Tonex. [n.d.]. IoT Security Training. https://www.tonex.com/training-courses/ iot-security-training-iot-security-awareness/. Accessed: 2020--1--13.Google Scholar
- Trend Micro: The fugle company. [n.d.]. Targeted Attack: The Game. http: //targetedattacks.trendmicro.com/. Accessed on 08--25--2020.Google Scholar
- Udemy. [n.d.]. Fundamentals of IoT Security. https://www.udemy.com/ fundamentals-of-iot-security. Accessed: 2019--5--7.Google Scholar
- Stacey Watson and Heather Richter Lipford. 2019. Motivating Students Beyond Course Requirements with a Serious Game. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education, SIGCSE. Association for Computing Machinery, 211--217.Google ScholarDigital Library
- William Crumpler. 2019. The Cybersecurity Workforce Gap. https://bit.ly/ 2IZ5snw.Google Scholar
- wingkwong on Github. [n.d.]. react-quiz-component. https://github.com/ wingkwong/react-quiz-component. Accessed on 08--26--2020.Google Scholar
- Michal Zalewski. 2010. American Fuzzy Lop: a security-oriented fuzzer. (2010).Google Scholar
Index Terms
- Criminal Investigations: An Interactive Experience to Improve Student Engagement and Achievement in Cybersecurity Courses
Recommendations
Criminal Investigations: An InteractiveExperience to Improve Student Engagement and Achievement in Cybersecurity courses
SIGCSE '21: Proceedings of the 52nd ACM Technical Symposium on Computer Science EducationThis poster presents Criminal Investigations, a text-based interactive activity designed to teach and assess reverse-engineering and firmware analysis skills in upper-division undergraduate cybersecurity courses. The activity incorporates elements of ...
Lessons in Copyright Activism: K-12 Education and the DMCA 1201 Exemption Rulemaking Process
Digital learning is being transformed by changes in copyright law. This article discusses the author's personal journey as a copyright education activist through two rounds of rulemaking proceedings before the Copyright Office concerning the anti-...
From the learner's perspective: A systematic review of MOOC learner experiences (2008–2021)
AbstractWe report the results of a systematic review of learners' experiences and perspectives in massive open online courses (MOOCs). This systematic review includes 51 articles published between 2008 and 2021 that appeared in top educational ...
Highlights- MOOC learners' diverse intentions and motivations for enrollment influence their experiences within the course.
Comments