Abstract
Capture the Flag (CTF) challenges are typically used for hosting competitions related to cybersecurity. Like any other event, CTF competitions vary in terms of context, topics and purpose and integrate various features and characteristics. This article presents the results of a comparative evaluation between 4 popular open source CTF platforms, regarding their use for learning purposes. We conducted this evaluation as part of the user-centered design process by demonstrating the platforms to the potential participants, in order to collect descriptive insights regarding the features of each platform. The results of this evaluation demonstrated that participants approved the high importance of the selected features and their significance for enhancing the learning process. This study may be useful for organizers of learning events to select the right platform, as well as for future researchers to upgrade and to extend any particular platform according to their needs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hendrix, M., Al-Sherbaz, A., Victoria, B.: Game based cyber security training: are serious games suitable for cyber security training? Int. J. Serious Games 3(1), 53–61 (2016). https://doi.org/10.17083/ijsg.v3i1.107
Matias, P., Barbosa, P., Cardoso, T.N., Campos, D.M., Aranha, D.F.: NIZKCTF: a noninteractive zero-knowledge capture-the-flag platform. IEEE Secur. Priv. 16(6), 42–51 (2018). https://doi.org/10.1109/MSEC.2018.2875324
Bowen, B.M., Devarajan, R., Stolfo, S.: Measuring the human factor of cyber security. In: 2011 IEEE International Conference on Technologies for Homeland Security (HST), pp. 230–235. IEEE, Boston (2011). https://doi.org/10.1109/THS.2011.6107876
Davis, A., Leek, T., Zhivich, M., Gwinnup, K., Leonard, W.: The fun and future of CTF. In: Proceedings of the 23rd USENIX Summit on Gaming, Games, and Gamification in Security Education 2014 (3GSE 14), San Diego. USENIX (2014)
McDaniel, L., Talvi, E., Hay, B.: Capture the flag as cyber security introduction. In: 2016 49th Hawaii International Conference on System Sciences 2016 (HICSS), Koloa, USA, pp. 5479–5486. IEEE (2016). https://doi.org/10.1109/HICSS.2016.677
Mansurov, A.: A CTF-based approach in information security education: an extracurricular activity in teaching students at Altai State University. Russia. Mod. Appl. Sci. 10(11), 159–166 (2016). https://doi.org/10.5539/mas.v10n11p159
Cherinka, R., Prezzama, J.: Innovative approaches to building comprehensive talent pipelines: helping to grow a strong and diverse professional workforce. Syst. Cybern. Inform. 13(6), 82–86 (2015)
Boopathi, K., Sreejith, S., Bithin, A.: Learning cyber security through gamification. Indian J. Sci. Technol. 8(7), 642–649 (2015)
Burket, J., Chapman, P., Becker, T., Ganas, C., Brumley, D.: Automatic problem generation for capture-the-flag competitions. In: Proceedings of the 24th USENIX Summit on Gaming, Games, and Gamification in Security Education 2015 (3GSE 15), Washington. USENIX (2015)
Chapman, P., Burket, J., Brumley, D.: PicoCTF: a game-based computer security competition for high school students. In: Proceedings of the 23rd USENIX Summit on Gaming, Games, and Gamification in Security Education 2014 (3GSE 14), San Diego. USENIX (2014)
Schreuders, Z.C., Butterfield, E.: Gamification for teaching and learning computer security in higher education. In: Proceedings of USENIX Workshop on Advances in Security Education 2016 (ASE 16), Austin, USA (2016)
Conti, G., Babbitt, T., Nelson, J.: Hacking competitions and their untapped potential for security education. IEEE Secur. Priv. 9(3), 56–59 (2011). https://doi.org/10.1109/MSP.2011.51
Eagle, C., Clark, J.L.: Capture-the-flag: learning computer security under fire. In: Proceedings of the 6th Workshop on Education in Computer Security 2004 (WECS), pp. 17–21. Naval Postgraduate School, Monterey, CA (2004)
Antonioli, D., Ghaeini, H.R., Adepu, S., Ochoa, M., Tippenhauer.: Gamifying education and research on ICS security: design, implementation and results of S3. In: Proceedings of the 3rd Workshop on Cyber-Physical Systems Security and PrivaCy 2017, Dallas, Texas, USA, pp. 93–102. ACM (2017)
Leune, K., Petrilli Jr., S.J.: Using capture-the-flag to enhance the effectiveness of cybersecurity education. In: Proceedings of the 18th Annual Conference on Information Technology Education 2017, Rochester, New York, USA, pp. 47–52. ACM (2017). https://doi.org/10.1145/3125659.3125686
Noor Azam, M.H., Beuran, R.: Usability evaluation of open source and online capture the flag platforms. Japan Advanced Institute of Science and Technology (JAIST), Technical report, IS-RR-2018-001 (2018)
Raman, R., Sunny, S., Pavithran, V., Achuthan, K.: Framework for evaluating Capture The Flag (CTF) security competitions. In: The Proceedings of the International Conference for Convergence for Technology 2014 (I2CT 2014), Pune, India, pp. 136–140. IEEE (2014). https://doi.org/10.1109/I2CT.2014.7092098
Chung, K., Cohen, J.: Learning obstacles in the capture the flag model. In: Proceedings of the 23rd USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 2014), San Diego, CA. USENIX (2014)
Chung, K.: Live lesson: lowering the barriers to capture the flag administration and participation. In: Proceedings of USENIX Workshop on Advances in Security Education (ASE 2017), Vancouver, BC, Canada (2017)
Ahmad, R., Hussain, A., Baharom, F.: Software sustainability characteristic for software development towards long living software. WSEAS Trans. Bus. Econ. 15, 55–72 (2018)
Kucek, S., Leitner, M.: An empirical survey of functions and configurations of open source capture the Flag (CTF) environments. J. Netw. Comput. Appl., 102470 (2019). https://doi.org/10.1016/j.jnca.2019.102470
MartÃnez-Torres, M.R., Toral MarÃn, S.L., Garcia, F.B., Vazquez, S.G., Oliva, M.A., Torres, T.: A technological acceptance of e-learning tools used in practical and laboratory teaching, according to the European higher education area. Behav. Inf. Technol. 27(6), 495–505 (2008). https://doi.org/10.1080/01449290600958965
Khan, J.A., Rehman, I.U., Khan, Y.H., Khan, I.J., Rashid, S.: Comparison of requirement prioritization techniques to find best prioritization technique. Int. J. Mod. Educ. Comput. Sci. 7(11), 53–59 (2015). https://doi.org/10.5815/ijmecs.2015.11.06
Piras, L., et al.: DEFeND architecture: a privacy by design platform for GDPR compliance. In: Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) TrustBus 2019. LNCS, vol. 11711, pp. 78–93. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27813-7_6
Acknowledgements
This project has received funding from the GSRT for the European Union’s Horizon 2020 research and innovation programme DEFeND under grant agreement No 787068.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 IFIP International Federation for Information Processing
About this paper
Cite this paper
Karagiannis, S., Maragkos-Belmpas, E., Magkos, E. (2020). An Analysis and Evaluation of Open Source Capture the Flag Platforms as Cybersecurity e-Learning Tools. In: Drevin, L., Von Solms, S., Theocharidou, M. (eds) Information Security Education. Information Security in Action. WISE 2020. IFIP Advances in Information and Communication Technology, vol 579. Springer, Cham. https://doi.org/10.1007/978-3-030-59291-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-59291-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59290-5
Online ISBN: 978-3-030-59291-2
eBook Packages: Computer ScienceComputer Science (R0)
