Decrease size
Reset to Default
Increase size

Game-based Interactive Simulator for Training Professionals in Cybersecurity Vulnerabilities

Primary Information

Domain

Security & Defence

Project No.

7804

Sanction and Project Initiation

Sanction No: F.NO. 41-2/2015-T.S.I (PT) dtd.9-Jan-2016

Sanction Date: 09/01/2016

Project Initiation date: 13/12/2017

Project Duration: 36

Partner Ministry/Agency/Industry

MHRD/DRDO

 

Role of partner: DRDO is main stakeholder in using the research outcome and reviewer of the project.

 

Support from partner: DRDO as 50 % funding partner has total stake in using the research outcome of this project. DRDO through its CAIR lab is to associate with the three IITs in a continuous manner to review and provide corrective feedback to the investigators of this project.

Principal Investigator

PI Image

Manmohan Prasad Gupta
Indian Institute of Technology, Delhi

Host Institute

Co-PIs

PI Image

Subodh Sharma
Indian Institute of Technology, Delhi

PI Image

R.P. Sundarraj
Indian Institute of Technology, Madras

PI Image

Bernard Menezes
Indian Institute of Technology, Bombay

PI Image

Arpan Kar
Indian Institute of Technology, Delhi

Scope and Objectives

To design a software application product, to facilitate training in vulnerabilities of cyber security, using game based interactive approach.

Deliverables

This project will result in a an interactive simulation-based training engine that covers people, processes and technology aspects of cyber-security in the existing and evolving domains such as mobile/cloud computing and IoT. To increase the efficacy of our system, we envisage using a game-based approach. The product will not only be useful to create a workforce of security professionals and system administrators but also help to spread awareness among common users on the usage of these technologies.

 

Videos

Video is being developed and youtube link would be provided shortly.

Scientific Output

Use of Unity 3D platform for creating basic game structure has been achieved. This would pave the way for additional level of Cyber security games. Some basic games to teach concepts of Phishing, Authentication, Firewalls, Denial of Service Attacks and SQL injections are being attempted in consultation with reviewer from CAIR lab Bangalore.

 

Results and outcome till date

The game engine that has been chosen is Unity 3D (Personal edition). Using Unity analytics, in combination with Firebase database, we are attempting to analyse the game play in real time and profile user in terms of his proficiency on the topic of game. IIT Bombay has made some headway in migrating the SQL injection game to Android platform using Unity APIs.

 

Societal benefit and impact anticipated

The game based cybersecurity training would address our critical shortage of trained manpower. More people are likely to engage through the medium of games as learning would be fun.

Next steps

After having designed illustrative games on Fire wall configuration, SQL injections and Incidence Handling at three partner IITs, we now plan to validates , in next 6 months, these games on "Learning Outcome", "Effectiveness of Game" and "Subjective User Experience" aspects by adopting approaches described in current literature on Serious Games. The project has gone through periodic review by CAIR on 08 Oct 18, 03 May 19 and 21 Oct 19. The design process is being closely monitored by CAIR lab of DRDO. DRDO Hq review is scheduled on 31 Oct 19.

Publications and reports

1. Dynamic Symbolic Verification of MPI programs Authors: Dhriti Khanna, Subodh Sharma, Cesar Rodriguez, Rahul Parader International Symposium of Formal Methods , July 2018, Oxford, UK
2.Dixon Prem Daniel R and R. P. Sundarraj, " An Elaborated Action Design Research Approach Towards Game based Learning in Cybersecurity," Design Science Research in Information Systems and Technology (DESRIST) 2019, Worcester, MA, USA.
3. Dixon Prem Daniel R and R. P. Sundarraj, An e-ADR elaborated Action Design Research Approach Towards Game-based Learning in Cybersecurity Incident Detection and Handling, 53rd Hawaii International Conference on System Sciences ,HICSS, 2020, Hawaii, USA.
4. C Ashok kumar, Bholanath Roy, M Bhargav Sri Venkatesh, Bernard L Menezes:S-Box" Implementation of AES is NOT side-channel resistant", to appear in Journal of Hardware and Systems Security, Springer
5. Tikaram Sanyashi, Anasuya Acharya, Bernard Menezes: "Plaintext Recovery Attacks and their Mitigation in an Application-Specific SHE Scheme", PDCAT-2019, Gold Coast, Australia. Dec 5-7, 2019
6. Tikaram Sanyashi, Darshil Desai, Bernard Menezes: "Cryptanalysis of Homomorphic Encryption Schemes based on the Approximate GCD Problem", Volume:2, pp. 517--522 SECRYPT, Prague,Czech Republic, July 26-28, 2019
7. Tikaram Sanyashi, M. Bhargav Sri Venkatesh, Kapil Agarwal, Manish Verma, Bernard Menezes: "A new Hybrid Lattice Attack on Galbraith's Binary LWE Cryptosystem", Currently being revised for a conference/journal. Preliminary copy available at Computing Research Repository ( CoRR ), Abs/ 1904.04590 (2019)
8. C Ashok kumar, M. Bhargav Sri Venkatesh, Ravi Prakash Giri, Bholanath Roy, Bernard Menezes:"An error-tolerant approach for efficient AES key retrieval in the presence of cache prefetching - Experiments, Results, Analysis",Sadhana - the Journal of the Indian Academy of Sciences, Springer, Volume 44, Issue 4, April 2019
9. Tikaram Sanyashi, Sreyans Nahata, Rushang Dhanesha, Bernard Menezes: "Learning Plaintext in Galbraith's LWE Crypto system",Volume 2, pp. 725-731 SECRYPT, Porto, Portugal, July 26-28, 2018

Patents

Nil

Scholars and Project Staff

Dr.Manmohan Chaturvedi, is engaged as Project Consultant at IIT Delhi.
Mr Devottam Gaurav is engaged to assist Co-PI at IIT Delhi
Dr.Subodh Sharma. Mr Ankush Dubey and Mr Dixon Daniel are engaged at IIT Bombay and IIT Madras respectively to assist Co-PIs.
IIT students with interest in this domain are being engaged to work on various aspects of Game design as part of credit courses opted for by them.

Challenges faced

Serious Games are gaining ever more interest as an instructional tool capitalising on the appeal of games and the effectiveness of Information and Communication Technologies. Recent ICT advances have led to the implementation of realistic virtual environments and simulations, where players can live compelling adventures while acquiring, practicing and verifying knowledge, according to various pedagogical paradigms. However, a major challenge lies in translating interest and potential into actual adoption and use. Serious Games must demonstrate the transfer of learning , whilst also remaining engaging and entertaining. The balance between fun and educational measures should be targeted throughout the development starting from the design phase.

Other information

Cyber security is a field with multiple, technically complex and ever changing aspects.Cyber threats can affect individuals as well as large organisations like businesses or governments. As a consequence, there is a real need to educate people to the most basic cyber security principles. The principles of learning and game-play are different and frequently conflicting, but they can coexist in well designed Serious Games.

Financial Information

  • Total sanction: Rs. 19560000.00

  • Amount received: Rs. 8640000.00

  • Amount utilised for Equipment: Rs. 664763.00

  • Amount utilised for Manpower: Rs. 2281723.00

  • Amount utilised for Consumables: Rs. 0

  • Amount utilised for Contingency: Rs. 222186.00

  • Amount utilised for Travel: Rs. 706864.00

  • Amount utilised for Other Expenses: 38468.00

  • Amount utilised for Overheads: Rs. 2077500.00

Equipment and facilities

 

Software tools and licences would be purchased on as required basis.