Teaching IoT Security using CTF Problems

In recent years, the Internet of Things (IoT) has become increasingly prevalent in modern societies. By integrating various sensors and logic controllers, IoT devices are utilized for automation in many different contexts, such as smart homes, agriculture, and manufacturing. Unfortunately, these devices are prone to have security vulnerabilities. This could be because these devices were designed with no bad actors in mind, or because their implementations contain security flaws. In order to provide more students with an opportunity to learn about potential IoT security risks, it would be highly desirable to provide hands-on exercises that are economical, scalable and safe to use. This thesis aims to develop new learning resources to support this goal, and it makes two contributions: (i) the design of a fictional factory that uses various IoT devices and protocols in an automated production line, showcasing an emerging paradigm known as Industrial IoT (IIoT); and (ii) the design and implementation of a set of Jeopardy-style CTF challenges that uses the IoT devices in this factory in a coherent storyline to test the skills and knowledge of students in various security concepts related to these devices.