Hack the Room: Exploring the potential of an augmented reality game for teaching cyber security

There is a need for creating new educational paths for beginners as well as experienced students for cyber security. Recently, ethical hacking gamification platforms like Capture the Flag (CTF) have grown in popularity, providing newcomers with entertaining and engaging material that encourages the development of offensive and defensive cyber security skills. However, augmented reality (AR) applications for the development of cyber security skills remain mostly an untapped resource. The purpose of this work-in-progress study is to investigate whether CTF games in AR might improve learning in information security and increase security situational awareness (SA). In particular, we investigate how AR gamification influences training and overall experience in the context of ethical hacking tasks. To do this, we developed a Unity-based ethical hacking game in which participants complete CTF-style objectives. The game requires the player to execute basic Linux terminal commands, such as listing files in folders and reading data stored on virtual machines. Each gameplay session lasts up to twenty minutes and consists of three objectives. The game may be altered or made more challenging by modifying the virtual machines. In a pilot, our game was tested with six individuals separated into two groups: an expert group (N=3) and a novice group (N=3). The questionnaire given to the expert group examined their SA during the game, whereas the questionnaire administered to the novice group measured learning and remembering certain things they did in the game. In this paper we discuss our observations from the pilot.