HomeExperimentsMiddle school experiments

Internet security lab

Tue, 2006-09-12 20:41 — tex




Internet Security Lab

by Theodore Shrader and Dave Clark

Grade Level:  Middle School, 5th-8th  

Related classroom topics:  Computer Science, Electrical Engineering

The following experiment demonstrates internet security in three stages.

Introduction

This lab provides a fun and unique way for middle and high school students to learn about the software engineering concepts and techniques behind providing security over the Internet. The Internet is an unsecured network. Anyone with a packet sniffer can intercept and read messages going across the Internet. To provide secure communication, software engineers had to construct algorithms and an architecture to allow messages that to be authenticated, verified for integrity, and remain confidential. Authentication involves verifying the sender of the message. Message integrity ensures that a message was not modified in transit, and confidentiality involves encrypting the message so that only the intended recipient can read the contents. This lab was battle tested with multiple classes of high school students. The lab uses hands on activities in three stages:

  1. Demonstrate how unsecured the Internet is by showing a message intercepted in transit.
  2. Introduce secret key encryption technology and its benefits and limitations. Show how a secret key is great for encryption, but it's difficult to distribute the secret key to the receiving party.
  3. Introduce public and private key encryption technology and how this technology solves the problem of encryption and key distribution. Show public and private keys in action and describe how this technology is used in e-business messages and merchant Web sites.

Dividing the class into groups allows them to work together to encode, decode, and send messages across a simulated Internet.

Procedure: 

  • Activity based on a class of 32 students, but can scale upwards or downwards depending on the class size.
  • Divide the class into four pairs of two groups and have each group create a group name. Write the group name on a tent card that is placed on a table with the group.  Each group has four students, but adjust the group sizes proportionally to the class size.
  • Each group must designate someone to represent the Internet flow, carrying a message to the other group.
  • Later in the activity, group A will select someone to represent the hacker and group B will select someone to represent the certificate store.
  • Each pair will sit across from the other; group A' will sit across from group B', group A'' will sit across from group B'', etc.
  • Do not distribute any of the keys until needed in the lab.

Materials Needed (per class)

  • 8 secret notecards
  • 4 Group A public key notecards
  • 4 Group A private key notecards
  • 4 Group B public key notecards
  • 4 Group B private key notecards
  • 40 Blank notecards
  • 4 Envelopes to contain messages in transit
  • Secret Key

Put the following on the secret key notecard:

  • Secret key: Write the letters backwards.
  • Example encryption of TEXAS is SAXET.
  • Example decryption of SAXET is TEXAS

Group B Public and Private Keys

Put the following on the Group B public and private key notecards. The two keys must be on separate notecards.

Group B Public Key

Group B Private Key

A->P

A->P

B->M

B->J

C->X

C->O

D->O

D->M

E->V

E->K

F->N

F->N

G->S

G->Q

H->Z

H->Z

I->U

I->T

J->B

J->V

K->E

K->U

L->Y

L->Y

M->D

M->B

N->F

N->F

O->C

O->D

P->A

P->A

Q->G

Q->R

R->Q

R->S

S->R

S->G

T->I

T->W

U->K

U->I

V->J

V->E

W->T

W->X

X->W

X->C

Y->L

Y->L

Z->H

Z->H

Example encryption of TEXAS is IVWPR.

Example decryption of IVWPR is TEXAS.

 


 

Group A Public and Private Keys

Put the following on the Group A public and private key notecards. The two keys must be on separate notecards.

Group A Public Key

Group A Private Key

A->H

A->H

B->F

B->R

C->U

C->M

D->S

D->O

E->L

E->T

F->G

F->B

G->T

G->F

H->A

H->A

I->M

I->X

J->Q

J->W

K->Y

K->P

L->X

L->E

M->C

M->I

N->O

N->Z

O->D

O->N

P->K

P->V

Q->Z

Q->J

R->B

R->Y

S->V

S->D

T->E

T->G

U->W

U->C

V->P

V->S

W->J

W->U

X->I

X->L

Y->R

Y->K

Z->N

Z->Q

Example encryption of TEXAS is ELIHV.

Example decryption of ELIHV is TEXAS

Process: Unsecured message

Explain that we are going to learn about Internet security and the role that software engineers and their technologies play in keeping the Internet safe.

  1. Divide the class into groups as described earlier
  2. Have each group pick out a name for themselves
  3. Have each group pick an Internet messenger for themselves
  4. Have group A write a word, representing a message, on a blank notecard.
  5. Group A sends the message via a messenger to group B.
  6. Ask group B what group A's message was.
  7. Ask group A if that was the correct message.
  8. Have group B write a word, representing a message, on a blank notecard.
  9. This time there's a hacker intercepting messages. Have group A select the hacker and move the hacker between group A and group B.
  10. Group B starts to send the message via a messenger to group A.
  11. Hacker intercepts and reads the message, giving it back to group B's messenger.
  12. Ask group A what group B's message was.
  13. Ask the hacker what group B's message was.
  14. Ask group B if that was the correct message for both group A and the hacker.
  15. Discuss the vulnerability of the Internet and how it is a public and unsecured network.

Process: Using a secret key

Discuss the need for encryption to protect the contents of messages. One way to encrypt is to use a secret key where the same key and algorithm is used to encrypt and decrypt messages.

  1. Give the secret key to group A. Tell them not to share it with anyone.
  2. Tell group A to encrypt a word representing the message with the secret key algorithm and place the encrypted word on a blank notecard.
  3. Ask if group B can read the encrypted message from group A without the secret key. No, so group A will need to send it along with the message. (Alternatively, have them send the encrypted message without the secret key to demonstrate the group B won't be able to read the message.)
  4. Have group A send the encrypted word and secret key to group B.
  5. Hacker intercepts and reads the message and secret key on the way.
  6. Ask if group B and the hacker can read the message. They both can
  7. Discuss why the secret key had to be sent with the message. Otherwise the recipient couldn't decrypt the message.

Process: Using a Public and Private Key

Discuss the need for key distribution to parties who haven't had contact with each other earlier. Discuss public and private key technology. One key encrypts the message and only the other corresponding key can decrypt the encrypted message. The private key is kept hidden by the owner, but the public key is given to everyone. Note the difference. With secret key technology, only one key is used to encrypt and decrypt.

  1. Discuss the need for a trusted party, in this case a trust (or certificate) authority, to keep the keys. Even though a public key is available to everyone, how do you know that a public key is associated with a particular person or entity. Certificates provide trust, an association of the key's owner with the key, and certificate authorities generate certificates in a trusted fashion.
  2. Group B selects someone to act as a trust authority. This person is removed from group B and sits across from the hacker
  3. Distribute the unique public and private keys to group A and to group B.
  4. Have the groups give their public keys to the trust authority.
  5. Tell group A to get group B's public key from the trust authority.Tell group A to encrypt a word representing the message with the public key of group B and place the encrypted word on a blank notecard.
  6. Group A sends the encrypted message to group B.
  7. The hacker intercepts the encrypted message.
  8. Group B decrypts the encrypted message with group B's private key.
  9. Ask the hacker if they know what the encrypted message is. They shouldn't.
  10. Ask Group B if they know what the encrypted message is. Group A should confirm this.
  11. If time is available, have Group B perform the same process (6-12) in reverse to send an encrypted message to group A.
  12. Discuss the advantages of public key technologies in secrecy and key distribution.
  13. Discuss current implementations:
  • Sending encrypted email
  • Ordering online from an e-business like amazon.com. (This actually uses a combination of secret and public and private keys.)
  • If time is available, discuss the use of signatures for the recipient to know who actually sent the message. A signature is an encrypted hash of the message, generated by encrypting the computed hash of the message with the private key of the sender. Signatures help authenticate the sender of a message by allowing the recipient to verify the encrypted hash by decrypting the encrypted hash with the public key of the sender and comparing the decrypted hash with the computed hash of the original message. If the two are the same, the recipient can verify the sender and the integrity of the message