Blending cybersecurity education with IoT devices: A u-Learning scenario for introducing the man-in-the-middle attack

ABSTRACT Nowadays, due to the increasing number of cyberattacks, cybersecurity education, training, and awareness are considered crucial for preparing current and future IT professionals. Thus, it is essential for educational institutions to foster well-designed learning strategies in the field of cybersecurity that will not only focus on theory-based learning interventions but also on encapsulating authentic learning practices. In this context, the paper at hand presents a ubiquitous scenario-based learning (SBL) intervention, blended with IoT devices for introducing the topic of the man-in-the-middle attack to 1st-grade students in vocational education. The learning scenario enables two-way plain text communication through a LoRa network. For securing the transmission and assure confidentiality, basic encryption techniques are enabled for the transmitted messages. Meanwhile, an eavesdropper, acting as the man-in-the-middle attacker, tries to intercept the communication, by applying different decryption techniques. For this purpose, a u-Learning app was developed. The app was evaluated by ninety 1st-grade students of an educational institute of vocational training, in terms of effectiveness, efficiency, knowledge acquisition, and learners’ satisfaction. Among others, the results show that the effectiveness and the efficiency of the proposed learning process were 92.03%, and 89.63%, respectively. Finally, learners’ satisfaction was high, and their knowledge acquisition was improved.