# Lesson 9: Protecting Data Part 1

## Overview

In this lesson students explore two different encryption widgets: The Caesar Cipher Widget and the Random Substitution Cipher. Afterwards, students watch a video that reviews these types of encryption and introduces a new concept: public key encryption.

## Purpose

The goal of this lesson is for students to gain a working knowledge of the different types of encryption, focusing specifically on symmetrical and asymmetrical encryption. There is a lot of challenging vocabulary in this lesson, and therefore we want students to have a tangible experience with a widget to anchor their knowledge. This lesson is the first in a pair of lessons exploring how data can be protected.

## Agenda

### Lesson Modifications

### Warm Up (5 mins)

### Activity (35 mins)

### Wrap Up (5 mins)

### View on Code Studio

## Objectives

### Students will be able to:

- Explain the difference between asymmetrical and symmetrical encryption
- Explain how computing tools can be used for decryption
- Identify why Caesar Cipher and Random Substitution Ciphers are not adequate for most encryption needs

## Preparation

- Explore the encryption widgets
- Watch the video

## Links

**Heads Up!** Please make a copy of any documents you plan to share with students.

### For the Teachers

- CSP Unit 10 - Cybersecurity and Global Impacts - Presentation

### For the Students

# Teaching Guide

## Lesson Modifications

**Attention, teachers!** If you are teaching virtually or in a socially-distanced classroom, please read the full lesson plan below, then click here to access the modifications.

## Warm Up (5 mins)

Remarks

We have explored how our data is collected and sometimes misused. In the next two lessons, we are going to dig into protecting our data.

Many of the ideas we use to keep secrets in the digital age are far older than the Internet. The process of encoding a plain text message in some secret way is called Encryption

For example in Roman times Julius Caesar is reported to have encrypted messages to his soldiers and generals by using a simple alphabetic shift - every character was encrypted by substituting it with a character that was some fixed number of letters away in the alphabet.

As a result an alphabetic shift is often referred to as the Caesar Cipher.

Teaching Tip

Give students around 3-5 minutes to work on cracking the message. Resist the urget to give students a tool or device to aid in cracking this message - that's coming in the next part of the lesson! Part of the point here is that it's possible without tools. With tools it becomes trivial, as we'll see next.

If students are struggling to start, here are a few strategy suggestions:

- Find a small word and try alphabetic shifts until it's clear that it's an English word
- Remember the letters aren't randomly substituted - the alphabet is just shifted
- Once you have found the amount of shift the rest comes easy.

**Answer:** "free pizza in the cafeteria"

**Do This:** This message was encrypted using a Caesar Cipher (an "alphabetic shift"). Let's see how long it takes you to decode this message (remember it's just a shifting of the alphabet).

serr cvmmn va gur pnsrgrevn

- Click through the animation to see the answer

Remarks

With this simple encryption technique it only took a few minutes to decode a small message. What if the message were longer, BUT you had a computational tool to help you?

## Activity (35 mins)

**Do This (5 mins):**

- Navigate to Code Studio, Level 2.
- Experiment with the tool - click things, poke around, figure out what it's doing.
- Choose one of the messages from the drop-down menu and try to crack it using the tool.

Teaching Tip

Students do not need to write down any vocabulary terms here. This is only a review of terms they may encounter in this lesson. Discuss the terms briefly as a class and then move on to the next activity.

Remarks

With the tool, cracking an alphabetic shift is easy. Once you've done one, it only takes a matter of seconds to do others.

Let's review some terminology here.

Terms:

**Encryption:**a process of encoding messages to keep them secret, so only "authorized" parties can read it.**Decryption:**a process that reverses encryption, taking a secret message and reproducing the original plain text**Cipher:**the generic term for a technique (or algorithm) that performs encryption**Caesar's Cipher:**a technique for encryption that shifts the alphabet by some number of characters.**Cracking encryption:**When you attempt to decode a secret message without knowing all the specifics of the cipher, you are trying to crack the encryption.

What if instead of shifting the whole alphabet, we matched every letter of the alphabet to a random different letter of th alphabet? This is called a random substitution cipher.

Let's take a look at a new decryption challenge using a random substitution cipher.

**Do This (3 mins):**

- Navigate to Level 3
- Explore the tool: how does it work?

Teaching Tip

Use this time to clear up any confusion around how the tool works.

Move around the letters to make possible matches. The frequency meter may help you get started - especially in matching letters in short words.

Here are some steps that may be helpful for students:

- Find the short words and "crack" them first. How many one-letter words do you know? ("a"). A very common 3-letter word is "the".
- Once you've done that, you have substitutes for some of the most common letters. You should be able to use intuition to look at other words with these partial substitutions and make good guesses.
- After finding only a handful of hard-fought letters, the rest will tumble quickly.
- Comparing the frequencies of letters gives good insight for making sensible guesses.

**Prompt:** How does the widget work? What steps would you take to crack the code?

**Do This (10 mins):** Take ten minutes to crack another message using the steps we just talked about.

Remarks

A random substitution cipher is very crackable by hand, though it might take some time. However, when aided by computational tools, a random substitution cipher can be cracked by a novice in a matter of minutes. Simple substitution ciphers give insight into encryption algorithms, but as we've seen fall way short when a potential adversary is aided with computational tools... our understanding must become more sophisticated.

If we are to create a secure Internet, we will need to develop tool and protocols which can resist the enormous computational power of modern computers.

**Video:** Watch: The Internet: Encryption and Public Keys

Discussion Goal

**Goal:** This is the main takeaway. Students need to understand that symmetric encryption involves one key that is shared between the encoder and decoder. Asymmetric (public key) encryption uses two keys - a public and a private one. The encoder and the decoder never need to meet to exchange a key. The modern Internet is built around pulic key encryption.

**Prompt:** What is the difference between symmetric encryption and asymmetric (public key) encryption?

## Wrap Up (5 mins)

Teaching Tip

There is no discussion in today's wrap up to give enough time for students to record vocabulary in their journal.

**Journal:** Students add the following words and definitions to their journals: encryption, decryption, symmetric key encryption, public key encryption

### Assessment: Check For Understanding

*Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.*

**Question:** How does asymmetric (public key) encryption keep data secure?

## Standards Alignment

#### View full course alignment

#### CSTA K-12 Computer Science Standards (2017)

**NI** - Networks & the Internet

**3A-NI-06**- Recommend security measures to address various scenarios based on factors such as efficiency, feasibility, and ethical impacts.**3A-NI-07**- Compare various security measures, considering tradeoffs between the usability and security of a computer system.**3B-NI-04**- Compare ways software developers protect devices and information from unauthorized access.

#### CSP2021

**IOC-2** - The use of computing innovations may involve risks to your personal safety and identity

**IOC-2.B** - Explain how computing resources can be protected and can be misused.

**IOC-2.B.5**- Encryption is the process of encoding data to prevent unauthorized access. Decryption is the process of decoding the data. Two common encryption approaches are: ● Symmetric key encryption involves one key for both encryption and decryption.●