Abstract:

A study by Verizon’s Data Breach Investigations Report states that local area network (LAN) access is the top vector for insider threats and misuses. It is critical for students to learn these vulnerabilities and know the common countermeasures.

Although some educational tools exist that are effective in teaching address resolution protocol (ARP) spoofing, they have a few problems. The first one is the difficulty in dissemination for wider adoption. Some of them contain virtual machines that are several gigabytes in size. It will take long time to download and large hard drive space is needed. It is also technically challenging to successfully install and configure virtual machines. The second problem is that they are quite difficult to finish for students with little background knowledge in LAN. The tools lack guided learning components that can lead students to the solution gradually. The last problem is the lack of fun which may not engage students especially for younger ones in high schools.

Games have been successfully used in many areas of education to engage students in learning. Research has shown multiple benefits of cyber security games. Games can provide educational and immersive experiences, which will inspire students to explore more in the security field and help students test their knowledge in authentic settings. Google’s Interland and PBS’s Cybersecurity lab are examples of such games that teach comprehensive cyber security concepts to younger audiences. However, to our knowledge, there is no game developed to teach LAN and ARP spoofing concepts.

In this paper, we present an educational game to teach LAN and ARP spoofing attacks. The game is developed with the Unity game engine and deployed on the world wide web. Therefore, the game is accessible anywhere on the Internet with a web browser. The game has several levels of difficulty that guide learning from the basics of LAN to the countermeasures.

This game’s primary learning objectives are:
1) Learn how switches and hubs work, and how ARP protocol works;
2) Learn how ARP spoofing works;
3) Learn the counter measures against LAN attacks.

We used the Unity game engine and C# programming language to develop the game. The Unity game engine is the leading global game development software. Unity makes it easy to deploy games to different platforms such as desktop, mobile, the Web, etc. The prototype would be hosted on the Web and students would be allowed to play online using the web link and provide feedback. The game is presented in the form of a 3-level building. Each level has multiple rooms where each room holds the content to learn on a different concept. The player must go through each concept and answer the quiz questions before the player can move to the next room. At the end of each level, the player will get additional challenges to complete to move to the next level. At the beginning of each level, the student will be given a set of instructions to play the Game, how to navigate and what objective they will be learning in the level.

The game events which describe the player’s interaction with the game will be logged and submitted for further analysis through the GameSparks. Once the player completes all the levels, the player will enter the post-assessment stage, where they will complete a post-test and survey. The post-assessment results will be automatically collected and submitted for quantitative analysis. The game will be made available on the project website.

Keywords:

Game-based learning, educational game, security and privacy, local area network, address resolution protocol.