CyberQuest

In today’s online world, the importance of cybersecurity is ever-increasing. It feels like a company is hacked every other week. To combat this issue, education in cybersecurity has drastically increased over the past years—on a technical front, as well as on an awareness front.

Various interactive platforms exist which teach different topics of cybersecurity to their users. However, most of these platforms are either focusing on furthering the education of existing industry professionals, or they are used in a leisure setting to host various cybersecurity-related challenges (“capture the flag” competitions, say). The small number of platforms which are actually targeting a younger and/or less experienced audience mostly still have a rather high entry barrier, as they require the setup of additional software and potentially depend on existing programming knowledge.

CyberQuest
(https://cyberquest.ch) introduces a novel highly interactive learning platform focussing on teaching cybersecurity topics to high school students. The platform is fully browser-based and does not require any prior programming experience, thus removing the entry barrier of existing platforms.

It consists of three basic components: a lesson center, target applications, and helper tools. The lesson center holds various lessons which can be worked through by the students, while the target applications serve as playgrounds for the students to apply their newly learned knowledge and experiment with their own ideas. More specifically, the idea behind the target applications is to mimic tools that the students interact with regularly.

In turn, the helper tools provide a means to take a look “behind the scenes” when interacting with the target applications and raising awareness for certain aspects of these interactions.

Currently implemented target aplications are a mock social media network, an e-mail client, a chat application, and a frontend for an SQL database.

As a concrete example, the social media network can be set up for high school classes, where teachers receive a privileged account. Students can then interact with each other, create posts, like posts of their friends, etc. At the same time, an HTTP request inspector serves (among others) as helper tool.

Through the interactive lessons presented in the lesson center, the students are guided towards investigating what kind of data is stored about users, or even exploiting the vulnerabilities of the social media network. The students need to answer questions and solve tasks based on their interactions with the social media network, while learning about cookies and authentication mechanisms, say. They also discover that “deleting an image” may not necessarily mean that the image is in fact deleted from the server. Another goal is to “hack” the platform and hijack a target account.

Students therefore take the role of an “adversary” in order to sensitize them for the pitfalls of social media.

Experiments with teachers and students are ongoing to investigate effective ways to promote cybersecurity knowledge and awareness with CyberQuest being a central element of the lessons.