Tamara Denning and Yoshi Kohno in the UW’s Security and Privacy Research Lab, playing the game they created. Their game gives players a taste of what it’s like to be a computer security professional. Research assistant Thomas Winegarden, a UW undergraduate, is on the left. Mary Levin, UW Photography |
Do
you have what it takes to be an ethical hacker? Can you step into the
shoes of a professional paid to outsmart supposedly locked-down systems?
Now
you can at least try, no matter what your background, with a new card
game developed by University of Washington computer scientists.
“Control-Alt-Hack”
gives teenage and young-adult players a taste of what it means to be a
computer-security professional defending against an ever-expanding range
of digital threats. The game’s creators will present it this week in
Las Vegas at Black Hat 2012, an annual information-security meeting.
“Hopefully
players will come away thinking differently about computer security,”
said creator Yoshi Kohno, a UW associate professor of computer science
and engineering.
The
target audience is 15- to 30-year-olds with some knowledge of computer
science, though not necessarily of computer security. The game could
supplement a high school or introductory college-level computer science
course, Kohno said, or it could appeal to information technology
professionals who may not follow the evolution of computer security.
In
the game, players work for Hackers Inc., a small company that performs
security audits and consultations for a fee. Three to six players take
turns choosing a card that presents a hacking
challenge that ranges in difficulty and level of seriousness.
In
one mission, a player on a business trip gets bored and hacks the hotel
minibar to disrupt its radio-tag payment system, then tells the
manager. (A real project being presented at Black Hat this year exposes a security hole in hotel keycard systems.)
“We
went out of our way to incorporate humor,” said co-creator Tamara
Denning, a UW doctoral student in computer science and engineering. “We
wanted it to be based in reality, but more importantly we want it to be
fun for the players.”
|
This
is not an educational game that tries to teach something specific,
Denning said, but a game that’s mainly designed to be fun and contains
some real content as a side benefit. The team decided on an
old-fashioned tabletop card game to make it social and encourage
interaction.
Some
scenarios incorporate research from Kohno’s Security and Privacy
Research Lab, such as security threats to cars, toy robots and implanted
medical devices. The missions also touch other hot topics in computer
security, such as botnets that use hundreds of hijacked computers to
send spam, and vulnerabilities in online medical records.
Characters
have various skills they can deploy. In addition to the predictable
“software wizardry,” skills include “lock picking” (for instance,
breaking into a locked server room) and “social engineering” (like
tricking somebody into revealing a password).
Graduate
students who are current or former members of the UW lab served as
loose models for many of the game’s characters. Cards depict the
characters doing hobbies, such as motorcycling and rock climbing, that
their real-life models enjoy.
“We wanted to dispel people’s stereotypes about what it means to be a computer scientist,” Denning said.
The
UW group licensed the game’s mechanics from award-winning game designer
Steve Jackson of Austin, Texas. The group hired an artist to draw the
characters and a Seattle firm to design the graphics. Adam Shostack, a
security professional who helped develop a card game at Microsoft in
2010, is a collaborator and co-author.
Intel
Corp. funded the game as a way to promote a broader awareness of
computer-security issues among future computer scientists and current
technology professionals. Additional funding came from the National
Science Foundation and the Association for Computing Machinery’s Special
Interest Group on Computer Science Education.
Educators
in the continental U.S. can apply to get a free copy of the game while
supplies last. It’s scheduled to go on sale in the fall for a retail
price of about $30.
Source: University of Washington
