Hands-on cybersecurity

By Ákos Lédeczi, Gordon Stein, Miklós Maróti & Brian Broll. Posted

Students use robots to interact with cybersecurity issues

Originally published in Hello World Issue 18: Cybersecurity, March 2022. All information true at the time of original publishing.

Researchers from Vanderbilt University share how they introduced hands-on cybersecurity to high-school students with networked robots

Since 2015, our team at Vanderbilt University has been working on a block-based educational programming environment called NetsBlox. Similar to Scratch and based on the open-source code base of Snap!, NetsBlox uses networking abstractions including services and message passing to introduce computer networking concepts to students in an accessible manner. It uses these same networking abstractions to allow students to program robot vehicles and interact with cybersecurity issues in a hands-on way. In this article, we will first introduce NetsBlox, before discussing its applications for cybersecurity learning and its use at a cybersecurity summer camp we ran.

NetsBlox

The NetsBlox server hosts a number of services that can be accessed by a single new block called call (see Figure 1). These services allow students to get various interesting data from the internet, such as weather conditions, Covid-19 numbers, movie ratings, and stock quotes. They can visualise the data on top of Google Maps backgrounds or generate plots using the chart service. The call block is self-documenting: selecting a service configures a drop-down menu of the various functions available. Selecting a function shows the required input argument slots.

Figure 1: Example calls in NetsBlox

The other networking abstraction is message passing. A NetsBlox program can send messages with configurable data payload to any other NetsBlox program running on the internet. Just two new blocks are needed: send message and when I receive. Message passing makes it possible for students to create online multiplayer games and social applications.

Robots and cybersecurity

NetsBlox uses the very same networking abstractions (services and message passing) to allow students to program robot vehicles. A new service, RoboScape, will enable students to send commands to a Wi-Fi–enabled robot (currently limited to the Parallax ActivityBot 360°). The robot, in turn, responds with messages of acknowledgement or sensor values, depending on the command. Figure 2 shows an example command making a robot spin by turning its left and right wheels in opposite directions, followed by a message header that is triggered every time the robot with the ID ‘robot’ sends a message with the content provided in the variable ‘message’.

Figure 2: Example robot command and message

This is a new twist on educational robotics. Firstly, the student’s program runs in the browser, making it much easier to debug; and no wires are needed, as there is nothing to compile and download. This also enables remote robotics: the student and the robot do not need to be co-located; only a video stream of the robot’s location is required. What makes RoboScape truly unique, though, is the ability for students to eavesdrop on the wireless communication between other students and their robots. They can even send commands to any unprotected robot on the network, which it will gladly execute. This provides an eye-opening illustration to students of why cybersecurity is so crucial. Once they realise how vulnerable their robots are, we can introduce them to the various mechanisms included with RoboScape to defend their robots from cyberattacks.

Cybersecurity camp

Using NetsBlox and RoboScape, we created a curriculum for a week-long cybersecurity summer camp for high-school students. The curriculum covers attacks and attack detection; denial of service; encryption; key cracking; insecure key exchange; and replay attack, all using NetsBlox and RoboScape. This curriculum is not intended as a thorough coverage of all important cybersecurity concepts. Rather, our goal is to introduce cybersecurity in an engaging and motivating manner to spark students’ interest in exploring the topic further.

After an introduction to NetsBlox and RoboScape, we first task students to detect whether somebody is trying to attack their robot. This can be done by comparing the number of commands they sent versus the number of commands the robot acknowledged receiving. Next, we illustrate denial of service attacks. We pick one student and ask them to drive around the room while all other students are repeatedly sending short beep commands to the same robot. Soon, the robot becomes unresponsive and starts to drive erratically. To defend against this type of attack, RoboScape includes rate control: the students can set how many commands per second the robot will accept from any one program and also the penalty timeout it enforces when the limit is exceeded. This sets up a fun game we call tug of war: two students share a single robot set in the middle of an arena. They need to drive the robot to their side of the field by using any commands they wish, but especially rate control. This was a very popular activity in our camps. Students came up with many innovative strategies to try to shut out the other student by making them exceed the rate limit.

The rest of the camp curriculum has similar fun activities related to robotics and cybersecurity. We have run six such camps in the last couple of years with over 100 pupils in total. Engagement has been very high, with one teacher remarking, “... their cell phones, I didn’t see them out, they were not distracted by them”. Our post-camp surveys have indicated that the camps and their hands-on teaching increased many students’ interest in computer science and cybersecurity. We truly believe that making learning fun and engaging is the way to increase participation in STEM. To make the curriculum even more widely accessible, we now have a simulated 3D environment where multiple students can join remotely and run the same programs on the virtual robots. You can find an overview of each unit in the curriculum and an introductory video at helloworld.cc/roboscape.


More articles from Hello World magazine

See more articles

Print

Free - UK only

If you’re a UK-based teacher, volunteer, librarian or something in between, we'll send each issue free to your door.

Digital

Free

Just want to read the free PDF? Get each new issue delivered straight to your inbox. No fuss and no spam.

Buy

From £6

If you’re not a UK-based educator, you can buy print copies from our store.