QST_Unit3_Question 3


I choose Find and share a resource to support teaching students in secondary years about security in apps (e.g. whatsapp security). Include a brief description.

Secondary Years Classroom Activities

In this lesson, we will explore classroom activities in the area of information systems safety and cryptography.

Activity 1: Australian Computer Academy Cyber Challenge – Data Encryption

This challenge has been designed to provide students with an opportunity to develop their understanding of how data is secured before transmission, and different ways to encrypt and decrypt it. The tasks are scaffolded and do not require any prior programming experience with python. Teacher notes and lesson plan with additional information is available for download.

 

Australian Curriculum: Digital Technologies links relating to this topic include:

  • 7-8: Investigate how data is transmitted and secured in wired, wireless and mobile networks, and how the specifications affect performance [ACTDIK023]
  • 7-8: Investigate how digital systems represent text, image and audio data in binary [ACTDIK024]
  • 7-8: Analyse and visualise data using a range of software to create information, and use structured data to model objects or events [ACTDIP0126]
  • 7-8: Design algorithms represented diagrammatically and in English, and trace algorithms to predict output for a given input and to identify errors [ACTDIP029]
  • 7-8: implement and modify programs with user interfaces involving branching, iteration and functions in a general-purpose programming language [ADTIP030]

 

Students will use Python programming language and work through four modules, each building on the depth of understanding and knowledge of the previous.

  1. Representing Data – Using a range of functions to represent and process data, demonstrating how messages can be stored in images using steganography.
  2. Cryptographic Keys – Introduction to cryptographic keys and the process of encryption and decryption.
  3. Frequency Analysis – Mixed alphabet substitution cipher is explored as protection against brute forces attacks.
  4. Encrypting with binary – The XOR method of encryption and decryption is introduced and students explore the security implications of having longer key lengths.

Embedded within the modules are video resources designed to teach students about specific programming/cipher concepts and provide a view into the field of cyber security professionals.

Activity 2: Design an App – Security Considerations

In this lesson, we extend on the classroom activity of designing an app or digital solution to solve a problem. We have provided a list of elements that could be considered during the design phase rather than being added in on completion. Students will need to draw on their knowledge of cybersecurity elements – encryption/decryption, privacy, data security and ethics.

 

Australian Curriculum: Digital Technologies links relating to this topic include:

  • 7-8: Define and decompose real world problems taking into account functional requirements and economic, environmental, social, technical and usability constraints [ACTDIP027]
  • 7-8: Design the user experience of a digital system, generating, evaluating and communicating alternative designs [ACTDIP028]
  • 9-10: Define and decompose real world problems precisely, taking into account functional and non-functional requirements and including interviewing stakeholders to identify needs [ACTDIP038]
  • 9-10: Design the user experience of a digital system by evaluating alternative designs against criteria including functionality, accessibility, usability, and aesthetics [ACTDIP039]

 

 

Cybersecurity considerations for the developer

  • Does the app allow access to camera /microphone without seeking permissions? How are permissions granted? Once only or each use? Have you applied the principle of least privilege? (minimum requirements to function eg. not accessing user’s contacts data)
  • Are privacy settings set as default ?
  • Are you accessing third-party libraries? What are the potential security weaknesses?
  • Is your code secure?
  • Can the user adjust settings?
  • Are there terms and conditions that are easily read and understood?
  • Is there a procedure in place for users to address concerns? Are there built-in support functions and feedback loops?
  • If there is interaction between users, are procedures in place to secure them? Have you enabled encryption?
  • Are duties and responsibilities of users made clear ?
  • How are users authenticated?

 

More elements for consideration could be found in the eSafety ‘Safety by Design’ Principles. The Principles place user safety as a fundamental design consideration.

SbD Principle 1: Service provider responsibilities

SbD Principle 2: User empowerment and autonomy

SbD Principle 3: Transparency and accountability

 

All these considerations could also be applied to evaluate an existing app.

Activity 3: Connecting the Blocks – Blockchain Unplugged

Goal

The goal of this activity is to emulate how blockchain and hashing works at a very simple level. The activity aims to teach that:

  1. A block chain includes blocks of transactions (a ledger) in a sequential order.
  2. Each block in the blockchain contains data, including the hash from the previous block.
  3. Blockchain hashes are generated using complex algorithms that incorporate the hash from a previous block, making a chain that is difficult to hack.

 

This lesson connects to Mathematics, allowing teachers to create algorithmic problems that engage students in mathematical problem-solving. We have prepared an activity for you with solutions, however, you can edit and remix the cards to suit your needs. This activity aligns to content descriptors in the Australian Curriculum: Digital Technologies related to aspects around data transmission and security across networks and critically reflecting on privacy and security requirements, risks and protocols. In years 7-8 students:

  • Investigate how data is transmitted and secured in wired, wireless and mobile networks, and how the specifications affect performance [ACTDIK023]
  • Evaluate how student solutions and existing information systems meet needs, are innovative, and take account of future risks and sustainability [ACTDIP031]

In years 9-10 students:

  • Develop techniques for acquiring, storing and validating quantitative and qualitative data from a range of sources, considering privacy and security requirements [ACTDIP036]
  • Evaluate critically how student solutions and existing information systems and policies, take account of future risks and sustainability and provide opportunities for innovation and enterprise [ACTDIP042]

Resources

Download and print our Alphabet Key Reference Sheet (included in slide deck for online activity).

Here we have a set of transactions that all occurred on the same day. Print and cut out the sheet for as many groups as you need so students cannot see the correct sequence number. Alternatively, use our slide deck to run the activity with devices or online (share a unique copy of the slide deck with each team). Students work together in teams to work out the correct sequence of transactions in the blockchain by solving the hash puzzles. The first team to put the blocks in the correct sequence (matching your reference sheet) wins! A blockchain will feature a hashing algorithm (a set of instructions) that are applied to each block in the chain to assign a hash. It incorporates the hash from the previous block. A good hash algorithm will always produce a hash that is the same length. For the purpose of this instructional activity, the hash in our blockchain should all have 3 digits (e.g. 321 or 004). The hashing algorithm for this blockchain activity is below. (Teacher note: You could change the algorithm to be anything you like, or have students come up with their own algorithm. We recommend keeping the algorithm simple as it can become complex). Please note, this is not a secure example of a hash algorithm (e.g. using only the first letter of the name is not enough of a unique identifier in true blockchain) and a hash can include both letters and numbers. We have provided an algorithm that is simplified and links to mathematics

 

Have students check their solution with the teacher. Following the activity, bring students together to discuss the cyber security aspects of this blockchain example.

 

Cyber security discussion questions

  • What do you notice if someone was to hack in and change the sender/receiver name or the transaction quantity? How would this impact on the block chain? (Response could be that the previous hash would not match up using our algorithm and it would be obvious something is wrong).
  • If someone hacked a block and used a different name but which had the same first letters (first name and last name), what would happen to the blockchain? (Response: no change to the hash) Why is this problematic? (Response: This implies that the algorithm is not complex enough to ensure robust security).

Extension Ideas

  • Ask students to extend the block chain by creating new transaction blocks.
  • Students could come up with their own simple algorithm for this blockchain (updating the hash numbers) and switch with another team to solve.

Block Solutions

Block 0 Hash (Previous Hash for Block 1):

= A + A + (28 + 5 + 19) * 2 – 000

= 1 +1 + (52) * 2 – 000

= 2 + (52) * 2 – 000

=106

 

Block 1 Hash (Previous Hash for Block 2):

= A + M + (28 + 5 + 19)  * 8 – 106

= 1 + 13 + (52) * 8 – 106

= 1 + 13  + 416 – 106

= 324

 

Block 2 Hash (Previous Hash for Block 3):

= G + D + (28 + 5 + 19) * 7 – 324

= 7 + 4 + (52) * 7 – 324

= 7 + 4 + 364 – 324

= 051

 

Block 3 Hash (Previous Hash for Block 4):

= H + A + (28 + 5 + 19) * 4 – 051

= 8 + 1 + (52) * 4 – 051

= 8 + 1 + 208 – 051

= 166

 

Block 4 Hash (Previous Hash for Block 5):

= A + B (28 + 5 + 19) * 9 – 166

= 1 + 2 + (52) * 9 – 166

= 1 + 2 + 468 – 166

= 305

 

Block 5 Hash:

= A + G + (28 + 5 + 19) *6 – 305

= 1 + 7 + (52) * 6 – 305

= 8 + 312 – 305

= 015

Additional Resources

There are some other ways to engage students in blockchain and specifically cryptocurrency activities.

 

For those of you with access to VR technology, you can launch Bitcoin in VR to see real-time bitcoin (virtual encrypted currency) transactions in  Virtual Reality

Students could use Micro:Bits in a visual programming language to create crypto-currency coins. Following on from the Micro:Bit activity, students could design and make a BitCoin wallet. Bitcoin (along with other cryptocurrencies) are stored in a wallet. There are many different forms of wallet, some of which are more secure than others. To be safe, you should store your Bitcoin in an offline wallet, referred to as “cold storage”. Students could follow this online tutorial to design and make a wallet for their Bitcoin Micro:bit.

 

+ There are no comments

Add yours