Cybersecurity - Lesson 9: Protecting Data Part 1
Overview
In this lesson students explore two different encryption widgets: The Caesar Cipher Widget and the Random Substitution Cipher. Afterwards, students watch a video that reviews these types of encryption and introduces a new concept: public key encryption.
Purpose
The goal of this lesson is for students to gain a working knowledge of the different types of encryption, focusing specifically on symmetrical and asymmetrical encryption. There is a lot of challenging vocabulary in this lesson, and therefore we want students to have a tangible experience with a widget to anchor their knowledge. This lesson is the first in a pair of lessons exploring how data can be protected.
Goals
Students will be able to:
- Explain the difference between asymmetrical and symmetrical encryption.
- Explain how computing tools can be used for decryption.
- Identify why Caesar Cipher and Random Substitution Ciphers are not adequate for most encryption needs.
Preparation
- Explore the encryption widgets
- Watch the video.
Resources
For the Students
Getting Started (5 minutes)
Remarks
We have explored how our data is collected and sometimes misused. In the next two lessons, we are going to dig into protecting our data.
Many of the ideas we use to keep secrets in the digital age are far older than the Internet. The process of encoding a plain text message in some secret way is called Encryption
For example in Roman times Julius Caesar is reported to have encrypted messages to his soldiers and generals by using a simple alphabetic shift - every character was encrypted by substituting it with a character that was some fixed number of letters away in the alphabet.
As a result an alphabetic shift is often referred to as the Caesar Cipher.
Discussion Goal
This message was encrypted using a Caesar Cipher (an "alphabetic shift"). Let's see how long it takes you to decode this message (remember it's just a shifting of the alphabet).
- serr cvmmn va gur pnsrgrevn
- Use the Cesear Cipher Widget to see the answer
With this simple encryption technique it only took a few minutes to decode a small message. What if the message were longer, BUT you had a computational tool to help you?
Teaching Tip
Give students around 3-5 minutes to work on cracking the message. Resist the urget to give students a tool or device to aid in cracking this message - that's coming in the next part of the lesson! Part of the point here is that it's possible without tools. With tools it becomes trivial, as we'll see next.
If students are struggling to start, here are a few strategy suggestions:
- Find a small word and try alphabetic shifts until it's clear that it's an English word.
- Remember the letters aren't randomly substituted - the alphabet is just shifted.
- Once you have found the amount of shift the rest comes easy.
Answer: "free pizza in the cafeteria"
Activity (35 mins)
Do This (5 mins)
- Open a Project: Have students open the CaesarCipher project in the Unit 10 folder of the CSP-Widgets repository.
- Experiment with the tool - click things, poke around, figure out what it's doing.
- Choose one of the messages from the drop-down menu and try to crack it using the tool.
Remarks
With the tool, cracking an alphabetic shift is easy. Once you've done one, it only takes a matter of seconds to do others.
Let's review some terminology here.
Teaching Tip
Students do not need to write down any vocabulary terms here. This is only a review of terms they may encounter in this lesson. Discuss the terms briefly as a class and then move on to the next activity.
Terms
- Encryption: a process of encoding messages to keep them secret, so only "authorized" parties can read it.
- Decryption: a process that reverses encryption, taking a secret message and reproducing the original plain text
- Cipher: the generic term for a technique (or algorithm) that performs encryption
- Caesar's Cipher: a technique for encryption that shifts the alphabet by some number of characters.
- Cracking encryption: When you attempt to decode a secret message without knowing all the specifics of the cipher, you are trying to crack the encryption.
What if instead of shifting the whole alphabet, we matched every letter of the alphabet to a random different letter of th alphabet? This is called a random substitution cipher.
Let's take a look at a new decryption challenge using a random substitution cipher.
Do This (3 mins)
- Open a Project: Have students open the RandomCipher project in the Unit 10 folder of the CSP-Widgets repository.
- Explore the tool: how does it work?
Prompt: How does the widget work? What steps would you take to crack the code?
Do This (10 mins)
Take ten minutes to crack another message using the steps we just talked about.
Teaching Tip
Use this time to clear up any confusion around how the tool works.
Move around the letters to make possible matches. The frequency meter may help you get started - especially in matching letters in short words.
Here are some steps that may be helpful for students:
- Find the short words and "crack" them first. How many one-letter words do you know? ("a"). A very common 3-letter word is "the".
- Once you've done that, you have substitutes for some of the most common letters. You should be able to use intuition to look at other words with these partial substitutions and make good guesses.
- After finding only a handful of hard-fought letters, the rest will tumble quickly.
- Comparing the frequencies of letters gives good insight for making sensible guesses.
Remarks
A random substitution cipher is very crackable by hand, though it might take some time. However, when aided by computational tools, a random substitution cipher can be cracked by a novice in a matter of minutes. Simple substitution ciphers give insight into encryption algorithms, but as we've seen fall way short when a potential adversary is aided with computational tools... our understanding must become more sophisticated.
If we are to create a secure Internet, we will need to develop tool and protocols which can resist the enormous computational power of modern computers.
Video: Watch: The Internet: Encryption and Public Keys
The Internet: Encryption and Public KeysPrompt: What is the difference between symmetric encryption and asymmetric (public key) encryption?
Discussion Goal
Goal: This is the main takeaway. Students need to understand that symmetric encryption involves one key that is shared between the encoder and decoder. Asymmetric (public key) encryption uses two keys - a public and a private one. The encoder and the decoder never need to meet to exchange a key. The modern Internet is built around pulic key encryption.
Wrap up (5 Minutes)
Journal
Students add the following vocaublary words: encryption, decryption, symmetric key encryption, public key encryption.
- Encryption: a process of encoding messages to keep them secret, so only "authorized" parties can read it.
- Decryption: a process that reverses encryption, taking a secret message and reproducing the original plain text.
- Symmetric key encryption: involves one key for both encryption and decryption.
- Public key encryption: pairs a public key for encryption and a private key for decryption. The sender does not need the receiver's private key to encrypt a message, but the receiver's private key is required to decrypt the message
Assessment: Check for Understanding
For Teachers
Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.
For Students
Open a word doc or google doc and copy/paste the following question.
Question
How does asymmetric (public key) encryption keep data secure?
Standards Alignment
- CSTA K-12 Computer Science Standards (2017): 3A-NI-06,3A-NI-07,3B-NI-04
- CSP2021: IOC-2.B
Next Tutorial
In the next tutorial, we will discuss Code.Org Unit 10 Lesson 10, which describes Students investigate the different types of encryption..