Top

Published in:

2020 | OriginalPaper | Chapter

An Analysis and Evaluation of Open Source Capture the Flag Platforms as Cybersecurity e-Learning Tools

Authors : Stylianos Karagiannis, Elpidoforos Maragkos-Belmpas, Emmanouil Magkos

Published in: Information Security Education. Information Security in Action

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Capture the Flag (CTF) challenges are typically used for hosting competitions related to cybersecurity. Like any other event, CTF competitions vary in terms of context, topics and purpose and integrate various features and characteristics. This article presents the results of a comparative evaluation between 4 popular open source CTF platforms, regarding their use for learning purposes. We conducted this evaluation as part of the user-centered design process by demonstrating the platforms to the potential participants, in order to collect descriptive insights regarding the features of each platform. The results of this evaluation demonstrated that participants approved the high importance of the selected features and their significance for enhancing the learning process. This study may be useful for organizers of learning events to select the right platform, as well as for future researchers to upgrade and to extend any particular platform according to their needs.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Quality Criteria for Cyber Security MOOCs

next chapter Designing Competency Models for Cybersecurity Professionals for the Banking Sector

https://github.com/facebook/fbctf.

https://github.com/CTFd/CTFd.

https://github.com/Nakiami/mellivora.

https://github.com/moloch--/RootTheBox/.

https://www.hackthebox.eu.

https://ctf365.com.

https://shellterlabs.com.

https://csaw.engineering.nyu.edu.

https://github.com/CTFd/plugins.

Hendrix, M., Al-Sherbaz, A., Victoria, B.: Game based cyber security training: are serious games suitable for cyber security training? Int. J. Serious Games 3(1), 53–61 (2016). https://doi.org/10.17083/ijsg.v3i1.107

Matias, P., Barbosa, P., Cardoso, T.N., Campos, D.M., Aranha, D.F.: NIZKCTF: a noninteractive zero-knowledge capture-the-flag platform. IEEE Secur. Priv. 16(6), 42–51 (2018). https://doi.org/10.1109/MSEC.2018.2875324CrossRef

Bowen, B.M., Devarajan, R., Stolfo, S.: Measuring the human factor of cyber security. In: 2011 IEEE International Conference on Technologies for Homeland Security (HST), pp. 230–235. IEEE, Boston (2011). https://doi.org/10.1109/THS.2011.6107876

Davis, A., Leek, T., Zhivich, M., Gwinnup, K., Leonard, W.: The fun and future of CTF. In: Proceedings of the 23rd USENIX Summit on Gaming, Games, and Gamification in Security Education 2014 (3GSE 14), San Diego. USENIX (2014)

McDaniel, L., Talvi, E., Hay, B.: Capture the flag as cyber security introduction. In: 2016 49th Hawaii International Conference on System Sciences 2016 (HICSS), Koloa, USA, pp. 5479–5486. IEEE (2016). https://doi.org/10.1109/HICSS.2016.677

Mansurov, A.: A CTF-based approach in information security education: an extracurricular activity in teaching students at Altai State University. Russia. Mod. Appl. Sci. 10(11), 159–166 (2016). https://doi.org/10.5539/mas.v10n11p159CrossRef

Cherinka, R., Prezzama, J.: Innovative approaches to building comprehensive talent pipelines: helping to grow a strong and diverse professional workforce. Syst. Cybern. Inform. 13(6), 82–86 (2015)

Boopathi, K., Sreejith, S., Bithin, A.: Learning cyber security through gamification. Indian J. Sci. Technol. 8(7), 642–649 (2015)CrossRef

Burket, J., Chapman, P., Becker, T., Ganas, C., Brumley, D.: Automatic problem generation for capture-the-flag competitions. In: Proceedings of the 24th USENIX Summit on Gaming, Games, and Gamification in Security Education 2015 (3GSE 15), Washington. USENIX (2015)

10.

Chapman, P., Burket, J., Brumley, D.: PicoCTF: a game-based computer security competition for high school students. In: Proceedings of the 23rd USENIX Summit on Gaming, Games, and Gamification in Security Education 2014 (3GSE 14), San Diego. USENIX (2014)

11.

Schreuders, Z.C., Butterfield, E.: Gamification for teaching and learning computer security in higher education. In: Proceedings of USENIX Workshop on Advances in Security Education 2016 (ASE 16), Austin, USA (2016)

12.

Conti, G., Babbitt, T., Nelson, J.: Hacking competitions and their untapped potential for security education. IEEE Secur. Priv. 9(3), 56–59 (2011). https://doi.org/10.1109/MSP.2011.51CrossRef

13.

Eagle, C., Clark, J.L.: Capture-the-flag: learning computer security under fire. In: Proceedings of the 6th Workshop on Education in Computer Security 2004 (WECS), pp. 17–21. Naval Postgraduate School, Monterey, CA (2004)

14.

Antonioli, D., Ghaeini, H.R., Adepu, S., Ochoa, M., Tippenhauer.: Gamifying education and research on ICS security: design, implementation and results of S3. In: Proceedings of the 3rd Workshop on Cyber-Physical Systems Security and PrivaCy 2017, Dallas, Texas, USA, pp. 93–102. ACM (2017)

15.

Leune, K., Petrilli Jr., S.J.: Using capture-the-flag to enhance the effectiveness of cybersecurity education. In: Proceedings of the 18th Annual Conference on Information Technology Education 2017, Rochester, New York, USA, pp. 47–52. ACM (2017). https://doi.org/10.1145/3125659.3125686

16.

Noor Azam, M.H., Beuran, R.: Usability evaluation of open source and online capture the flag platforms. Japan Advanced Institute of Science and Technology (JAIST), Technical report, IS-RR-2018-001 (2018)

17.

Raman, R., Sunny, S., Pavithran, V., Achuthan, K.: Framework for evaluating Capture The Flag (CTF) security competitions. In: The Proceedings of the International Conference for Convergence for Technology 2014 (I2CT 2014), Pune, India, pp. 136–140. IEEE (2014). https://doi.org/10.1109/I2CT.2014.7092098

18.

Chung, K., Cohen, J.: Learning obstacles in the capture the flag model. In: Proceedings of the 23rd USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 2014), San Diego, CA. USENIX (2014)

19.

Chung, K.: Live lesson: lowering the barriers to capture the flag administration and participation. In: Proceedings of USENIX Workshop on Advances in Security Education (ASE 2017), Vancouver, BC, Canada (2017)

20.

Ahmad, R., Hussain, A., Baharom, F.: Software sustainability characteristic for software development towards long living software. WSEAS Trans. Bus. Econ. 15, 55–72 (2018)

21.

Kucek, S., Leitner, M.: An empirical survey of functions and configurations of open source capture the Flag (CTF) environments. J. Netw. Comput. Appl., 102470 (2019). https://doi.org/10.1016/j.jnca.2019.102470

22.

Martínez-Torres, M.R., Toral Marín, S.L., Garcia, F.B., Vazquez, S.G., Oliva, M.A., Torres, T.: A technological acceptance of e-learning tools used in practical and laboratory teaching, according to the European higher education area. Behav. Inf. Technol. 27(6), 495–505 (2008). https://doi.org/10.1080/01449290600958965CrossRef

23.

Khan, J.A., Rehman, I.U., Khan, Y.H., Khan, I.J., Rashid, S.: Comparison of requirement prioritization techniques to find best prioritization technique. Int. J. Mod. Educ. Comput. Sci. 7(11), 53–59 (2015). https://doi.org/10.5815/ijmecs.2015.11.06CrossRef

24.

Piras, L., et al.: DEFeND architecture: a privacy by design platform for GDPR compliance. In: Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) TrustBus 2019. LNCS, vol. 11711, pp. 78–93. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27813-7_6CrossRef

Title: An Analysis and Evaluation of Open Source Capture the Flag Platforms as Cybersecurity e-Learning Tools
Authors: Stylianos Karagiannis
Elpidoforos Maragkos-Belmpas
Emmanouil Magkos
Publisher: Springer International Publishing
Book: Information Security Education. Information Security in Action
Print ISBN: 978-3-030-59290-5

Electronic ISBN: 978-3-030-59291-2

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-59291-2_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner