acm-header
Sign In

Communications of the ACM

ACM Careers

Card Game Lets Players Try Their Hand at Computer Security


View as: Print Mobile App Share:
Tamara Denning and Yoshi Kohno playing card game

Tamara Denning (left) and Yoshi Kohno in the University of Washington's Security and Privacy Research Lab, playing the card game they created. The game gives players a taste of what it's like to be a computer security professional.

Credit: Mary Levin / University of Washington

Do you have what it takes to be an ethical hacker? Can you step into the shoes of a professional paid to outsmart supposedly locked-down systems?

Now you can at least try, no matter what your background, with a new card game developed by University of Washington computer scientists.

"Control-Alt-Hack" gives teenage and young-adult players a taste of what it means to be a computer-security professional defending against an ever-expanding range of digital threats. The game's creators will present it this week in Las Vegas at Black Hat 2012, an annual information-security meeting.

"Hopefully players will come away thinking differently about computer security," says creator Yoshi Kohno, a UW associate professor of computer science and engineering.

The target audience is 15- to 30-year-olds with some knowledge of computer science, though not necessarily of computer security. The game could supplement a high school or introductory college-level computer science course, Kohno says, or it could appeal to information technology professionals who may not follow the evolution of computer security.

In the game, players work for Hackers Inc., a small company that performs security audits and consultations for a fee. Three to six players take turns choosing a card that presents a hacking challenge that ranges in difficulty and level of seriousness. Game play involves completing missions by rolling the dice, using skills, and occasionally pulling something out of a bag of tricks.

In one mission, a player on a business trip gets bored and hacks the hotel minibar to disrupt its radio-tag payment system, then tells the manager. (A real project being presented at the Black Hat conference this year exposes a security hole in hotel keycard systems.)

"We went out of our way to incorporate humor," says co-creator Tamara Denning, a UW doctoral student in computer science and engineering. "We wanted it to be based in reality, but more importantly we want it to be fun for the players."

This is not an educational game that tries to teach something specific, Denning says, but a game that's mainly designed to be fun and contains some real content as a side benefit. The team decided on an old-fashioned tabletop card game to make it social and encourage interaction.

Some scenarios incorporate research from Kohno's

Security and Privacy Research Lab

, such as security threats to cars, toy robots and implanted medical devices. The missions also touch other hot topics in computer security, such as botnets that use hundreds of hijacked computers to send spam, and vulnerabilities in online medical records.

Characters have various skills they can deploy. In addition to the predictable "software wizardry," skills include "lock picking" (for instance, breaking into a locked server room) and "social engineering" (like tricking somebody into revealing a password).

Graduate students who are current or former members of the UW lab served as loose models for many of the game's characters. Cards depict the characters doing hobbies, such as motorcycling and rock climbing, that their real-life models enjoy.

"We wanted to dispel people's stereotypes about what it means to be a computer scientist," Denning says.

The UW group licensed the game's mechanics from award-winning game designer Steve Jackson of Austin, Texas. The group hired artist Rob Kelly to draw the characters and Seattle-based Gravity Design to design the graphics. Adam Shostack, a security professional who helped develop a threat modeling card game at Microsoft in 2010, is a collaborator and co-author.

Intel Corp. funded the game as a way to promote a broader awareness of computer-security issues among future computer scientists and current technology professionals. Additional funding came from the U.S. National Science Foundation and the Association for Computing Machinery's Special Interest Group on Computer Science Education.

"Control-Alt-Hack" is scheduled to go on sale in the fall for a retail price of about $30. Educators in the continental U.S. can apply to get a free copy of the game while supplies last.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account