Lesson 8: Protecting Data Part 1

We have explored how our data is collected and sometimes misused. In the next two lessons, we are going to dig into protecting our data.

Many of the ideas we use to keep secrets in the digital age are far older than the Internet. The process of encoding a plain text message in some secret way is called Encryption

For example in Roman times Julius Caesar is reported to have encrypted messages to his soldiers and generals by using a simple alphabetic shift - every character was encrypted by substituting it with a character that was some fixed number of letters away in the alphabet.

As a result an alphabetic shift is often referred to as the Caesar Cipher.

Do This: This message was encrypted using a Caesar Cipher (an "alphabetic shift"). Let's see how long it takes you to decode this message (remember it's just a shifting of the alphabet).

Give students around 3-5 minutes to work on cracking the message. Resist the urget to give students a tool or device to aid in cracking this message - that's coming in the next part of the lesson! Part of the point here is that it's possible without tools. With tools it becomes trivial, as we'll see next.

If students are struggling to start, here are a few strategy suggestions:

• Find a small word and try alphabetic shifts until it's clear that it's an English word
• Remember the letters aren't randomly substituted - the alphabet is just shifted
• Once you have found the amount of shift the rest comes easy.

Answer: "free pizza in the cafeteria"

serr cvmmn va gur pnsrgrevn

• Click through the animation to see the answer

With this simple encryption technique it only took a few minutes to decode a small message. What if the message were longer, BUT you had a computational tool to help you?

Do This (5 mins):

• Navigate to Code Studio, Level 1.
• Experiment with the tool - click things, poke around, figure out what it's doing.
• Choose one of the messages from the drop-down menu and try to crack it using the tool.

With the tool, cracking an alphabetic shift is easy. Once you've done one, it only takes a matter of seconds to do others.Let's review some terminology here.

Terms:

• Encryption: a process of encoding messages to keep them secret, so only "authorized" parties can read it.
• Decryption: a process that reverses encryption, taking a secret message and reproducing the original plain text
• Cipher: the generic term for a technique (or algorithm) that performs encryption
• Caesar's Cipher: a technique for encryption that shifts the alphabet by some number of characters.
• Cracking encryption: When you attempt to decode a secret message without knowing all the specifics of the cipher, you are trying to crack the encryption.

What if instead of shifting the whole alphabet, we matched every letter of the alphabet to a random different letter of th alphabet? This is called a random substitution cipher.

Let's take a look at a new decryption challenge using a random substitution cipher.

Students do not need to write down any vocabulary terms here. This is only a review of terms they may encounter in this lesson. Discuss the terms briefly as a class and then move on to the next activity.

Do This (3 mins):

• Navigate to Level 2
• Explore the tool: how does it work?

Discuss: How does the widget work? What steps would you take to crack the code?

Use this time to clear up any confusion around how the tool works.

Move around the letters to make possible matches. The frequency meter may help you get started - especially in matching letters in short words.

Here are some steps that may be helpful for students:

• Find the short words and "crack" them first. How many one-letter words do you know? ("a"). A very common 3-letter word is "the".
• Once you've done that, you have substitutes for some of the most common letters. You should be able to use intuition to look at other words with these partial substitutions and make good guesses.
• After finding only a handful of hard-fought letters, the rest will tumble quickly.
• Comparing the frequencies of letters gives good insight for making sensible guesses.

Do This (10 mins): Take ten minutes to crack another message using the steps we just talked about.

A random substitution cipher is very crackable by hand, though it might take some time. However, when aided by computational tools, a random substitution cipher can be cracked by a novice in a matter of minutes. Simple substitution ciphers give insight into encryption algorithms, but as we've seen fall way short when a potential adversary is aided with computational tools... our understanding must become more sophisticated.

If we are to create a secure Internet, we will need to develop tool and protocols which can resist the enormous computational power of modern computers.

Video: Watch: Encryption and Public Keys

Discuss: What is the difference between symmetric encryption and asymmetric (public key) encryption?

Discussion Goal: This is the main takeaway. Students need to understand that symmetric encryption involves one key that is shared between the encoder and decoder. Asymmetric (public key) encryption uses two keys - a public and a private one. The encoder and the decoder never need to meet to exchange a key. The modern Internet is built around pulic key encryption.

Journal: Students add the following words and definitions to their journals: encryption, decryption, symmetric key encryption, public key encryption

There is no discussion in today's wrap up to give enough time for students to record vocabulary in their journal.

Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.

Question: How does asymmetric (public key) encryption keep data secure?