Over the past few decades, we have observed numerous cyber-crimes targeting Businesses, Government Organizations, and mainly individuals. As students are easy targets of these cybercrimes [1], there is a need to educate them on cybersecurity trends [2][3]. This work mainly focuses on developing an interactive framework developed in Unity 3D engine that explains RSA Cryptography Algorithm and its uses, using the underlying discrete mathematics [4] using the mathematical concepts of Discrete Structures course. Therefore, this project will focus on the framework for interactive and engaging cybersecurity education and its cognitive evaluation. If this subject is delivered to younger users as an interactive tutorial using game-based principles, it will be learned in a much entertaining way.
more »
« less
Practice-Oriented Smartphone Security Exercises for Developing Cybersecurity Mindset in High School Students
Advancements in technology and the increase in Internet usage through mobile devices have led to greater visibility of organizations and individuals to cybercrimes. Teenagers being easy targets of these cybercrimes, there is a need to educate them on cybersecurity trends since training students on existing cyberattacks is viewed as a powerful tool to teach cybersecurity. We present a pedagogical approach to train students to identify new threats and respond to mitigate them. This is accomplished through observatory, experiential, and real-life practice-oriented cybersecurity exercises. Seven malicious android applications targeting malware class and phishing, namely Email-Lite-Scare, Shop-Shock-Struck, CyberSafe Practices, Play-Read-Disrupt, Fish-A-Phish, Chat-Phish, and Spy-The-Trojan, have been developed. Psychological learning is emphasized in this approach by exercising the application extensively. The underlying goals of this work are to develop a security mindset, spread awareness on threats associated with smartphone/tablet usage, and to inculcate interest in cybersecurity careers among high school students.
more »
« less
- NSF-PAR ID:
- 10280896
- Date Published:
- Journal Name:
- 2020 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE)
- Page Range / eLocation ID:
- 303 to 310
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The integration of cyber-physical systems (CPS) has been extremely advantageous to society, it merges the attention of cybersecurity for vehicles as a timely concern as a matter of public and individual. The failure of any vehicle system could have a serious impact on vehicle control and cause undesired consequences. With the growing demand for security in CPS, there are few hands-on labs/modules available for training current students, future engineers, or IT professionals to understand cybersecurity in CPS. This study describes the execution of a free security testbed to replicate a vehicle’s network system and the implementation of this testbed via hands-on lab designed to introduce concepts of vehicle control systems. The hands-on lab simulates insider threat scenarios where students had to use can-utils toolkits and SavvyCAN to send, modify, and capture the network packet and exploit the system vulnerability threats such as replay attacks and fuzzing attacks on the vehicle system. We conducted a case study with 21 university-level students, and all students completed the hands-on lab, pretest, posttest, and a satisfaction survey as part of a non-graded class assignment. The experimental results show that most students were not familiar with cyber-physical systems and vehicle control systems and never had the chance to do any hands-on lab in this field before. Furthermore, students reported that the hands-on lab helped them learn about CAN-bus and rated high scores for enjoyment. We discussed the design of an affordable tool to teach about vehicle control systems and proposed directions for future work.more » « less
-
Create and Host Cyber Competition Using the Preliminary Persistent Cyber Training Environment (PCTE)null (Ed.)As the world becomes more interconnected and our lives increasingly depend on the cyber world, the increasing threat of cyberattacks and cybercrimes make it critical for us to provide better and practical training of the cybersecurity workforce. In recent years, cybersecurity competition has become one of the most effective and attractive way for educating and training college students or professionals. In this paper, we first systematically introduce in details the step-by-step procedure and technical knowledge on how we take use of the ongoing DoD cyber-range environment called Persistent Cyber Training Environment (PCTE) to set up cyber competition virtualization environment, configure and install operating systems and popular services with various well-representative vulnerabilities, and set up the participant’s access and scoring system. Then we introduce the cybersecurity competition successfully organized by us in I/ITSEC 2019 conference, and the experience and lessons learned from this real-world competition event. The technical details and knowledge presented in this paper could help other researchers and educators to set up their own cyber competition environment or event to better train the future cybersecurity workforce.more » « less
-
The NTT (Nippon Telegraph and Telephone) Data Corporation report found that 80% of U.S. consumers are concerned about their smart home data security. The Internet of Things (IoT) technology brings many benefits to people's homes, and more people across the world are heavily dependent on the technology and its devices. However, many IoT devices are deployed without considering security, increasing the number of attack vectors available to attackers. Numerous Internet of Things devices lacking security features have been compromised by attackers, resulting in many security incidents. Attackers can infiltrate these smart home devices and control the home via turning off the lights, controlling the alarm systems, and unlocking the smart locks, to name a few. Attackers have also been able to access the smart home network, leading to data exfiltration. There are many threats that smart homes face, such as the Man-in-the-Middle (MIM) attacks, data and identity theft, and Denial of Service (DoS) attacks. The hardware vulnerabilities often targeted by attackers are SPI, UART, JTAG, USB, etc. Therefore, to enhance the security of the smart devices used in our daily lives, threat modeling should be implemented early on in developing any given system. This past Spring semester, Morgan State University launched a (senior) capstone project targeting undergraduate (electrical) engineering students who were thus allowed to research with the Cybersecurity Assurance and Policy (CAP) center for four months. The primary purpose of the capstone was to help students further develop both hardware and software skills while researching. For this project, the students mainly focused on the Arduino Mega Board. Some of the expected outcomes for this capstone project include: 1) understanding the physical board components, 2) learning how to attack the board through the STRIDE technique, 3) generating a Data Flow Diagram (DFD) of the system using the Microsoft threat modeling tool, 4) understanding the attack patterns, and 5) generating the threat based on the user's input. To prevent future threats and attacks from taking advantage of systems vulnerabilities, the practice of "threat modeling" is implemented. This method allows the analysis of potential attackers, including their goals and techniques, while also providing solutions and mitigation strategies. Although Threat modeling can be performed throughout the development of a system, implementing it during developmental stages will prevent further problems in the future. Threat Modeling is crucial because it will help identify any potential threat before it propagates in the system. Identifying threats and providing countermeasures will save both time and money while also keeping the consumers safe. As a result, students must grow to understand how essential detecting and preventing attacks are to protect consumer information systems and networks. At the end of this capstone project, students should take away hands-on skills in cyber defense.more » « less
-
null (Ed.)In this paper we introduce an approach to cybersecurity education and helping students develop professional understanding in the form of a Playable Case Study (PCS), a form of educational simulation that draws on affordances of the broader educational simulation genre, case study instruction, and educational Alternate Reality Games (or ARGs). A PCS is an interactive simulation that allows students to “play” through an authentic scenario (case study) as a member of a professional team. We report our findings over a multi-year study of a PCS called Cybermatics, with data from 111 students from two different U.S. universities who interacted with the PCS. Cybermatics increased student understanding about certain key aspects of professional cybersecurity work, improved their confidence in being able to successfully apply certain skills associated with cybersecurity, and increased about half of the students’ interest in pursuing a cybersecurity career. Students also reported a number of reasons why their perceptions changed in these areas (both positive and negative). We also discuss design tensions we experienced in our process that might be encountered by others when creating simulations like a PCS, as they attempt to balance the authenticity of designed learning experiences while also sufficiently scaffolding them for newcomers who have little background in a discipline.more » « less