In the last post I was talking about the Homemade Capture-the-Flag competition that I’d created for my students as part of a culminating, end-of-semester activity. Students, working in teams, used their computers and technological/programming skills to solve a series of puzzles that I’d created for them.
As mentioned before, there are two main challenges in implementing the CTF: first, the creation of the problems themselves, discussed in the last post. The other challenge is programming the infrastructure that will manage the competition: the delivery of problems, solution submission, scoring, and leaderboard updating.
To do this, I leveraged some of my website, PHP, and MySQL skills to create the small website that students would use to log in, read problems, submit answers, and access the leaderboard.
The MySQL database consisted of three tables that teams of students would interact with. There is the users table which included their a user_id (a primary key), a team name (identified by the email field in the screenshot here), a hash of their password (pass, and the time/date of the team’s last login.
The second table was the problems table, with fields for the problem_id, the problem_num, the problem itself (statement, the correct answer, and the points awarded for successfully solving the problem.
Finally there was the successes table which identified for each problem successfully solved the success_id, the problem_id, the solver_id of the problem, and the time it was solved.
Manipulating these three tables with various queries allowed the site to display the Leaderboard with a running total for all teams: SELECT users.email, SUM(problems.points) from users, problems, successes WHERE successes.solver_id = users.user_id AND problems.problem_id = successes.problem_id GROUP BY users.user_id ORDER BY SUM(problems.points) DESC
For people who have worked with PHP, MySQL, and querying databases, putting together this kind of thing can range in difficulty from a trivial activity for an afternoon to a week-long exercise in PHP debugging hell. For myself, it was just enough of a challenge for me that I found the process to be entertaining and engaging.
If you are not a PHP/MySQL person and don’t have any experience with writing “normalized” databases, you may be wondering whether or not it would be possible to find some way to avoid this whole “build an entire database-driven website just so students can solve a few puzzles.” These are just puzzles, of course, each with a simple answer that a student could submit on paper or whisper in your ear. You’re still almost certainly going to have to deliver computer-based problems by computer, however—a 6MB text file for students to search through, for example, is not something that you can hand out on paper—and without the database, there’s no practical way to create a live leaderboard indicating who is in the lead at any point. For a do-it-yourself CTF, I’d strongly recommend finding a way to make the website experience happen.
If you don’t decide to conduct your own Capture the Flag event, however, there are a number of publicly available competitions for high school-aged students that will work for your students. A quick search online will yield results for CTF events and their corresponding schedules.
I encourage all Computer Science teachers to give these activities a try, and consider making them a part of your curriculum.