Unit 4 AP computer Science Principles

Anyone have the answers for the unit 4 exam? Thank you!

• Class purpose General learning

The creator of this class did not yet add a description for what is included in this class.

Unit 4 Lesson 1

Activity Guide - Big Data Sleuth Card

Unit 4 Lesson 3

Unit 4 Lesson 03

Name(s)_______________________________________________ Period ______ Date ___________________

Activity Guide - Research Yourself

Your Digital Self

You may already be aware of information about you that is freely available online, but you probably haven’t thought about it from the standpoint of research. Suppose someone were to research you online. What would they be able to find? What connections could they make from the existing data out there to learn even more about you?

Conducting Your Research

You should look through any publicly available pieces of information online. Start by simply looking up your name in a search engine but then refine your results by adding more specific information, like the place you live. Don’t forget social networks, your school website, or any other websites you frequently use.

Record Your Findings

In the space below record the information you find about yourself. If you know something is available online but can’t get to it now, record it anyway. If you need more space, you can record your findings on the back of this sheet as well.

Now connect the dots.  If someone really wanted to find out about you online, given the information above, what would they know about you?

Of the pieces of information you found above, which do you think poses the biggest threat to your security or privacy? Why do you think so?

Worksheet - Exploring the Vigenère Cipher Widget

Goals:

• Understand how the Vigenere Cipher Algorithm works

• Understand why simple frequency analysis doesn’t work against this cipher

• Figure out what makes for a good v. bad secret key

Instructions:

• You should have a partner for this exploration.

• Go to the interactive Vigenère Cipher Widget

• Click on buttons and try things out!  Solve the mystery of what this tool is doing and how it’s doing it!

You should try each of the following - check off the DONE column once you’ve tried it

.

Thought Questions:

You might want to play with the widget a little bit more in trying to answer these questions, but they can be answered based only on the properties of the Vigenère cipher.

• Describe in your own words what the Vigenere Cipher Algorithm is doing.

The x-axis represents the letter being encrypted and the y-axis represents the associated letter of the key. The ciphers moves to the intersection between two. On each axis, the letter below keeps moving alphabetically downwards.

• What makes for a good v. bad secret key using the Vigenere cipher?  Give examples of a good key and a bad one and explain why.

A good key is one that is longer than the information being put in, not repetitive, and not a word unto itself. A bad key would be like "AAAAA" or "MYKEY" because those are predictable. A good key, like a good password, would be "AWEVDEPOSA".

• Compare and Contrast the difference between a substitution cipher (Caesar or Random) and Vigenere, using the message “I think I can I think I can I think I can” to explain why Vigenère is a stronger form of encryption than a substitution cipher.

Vignere: UXSZMPADAZMEKLFZKLKDOSHJGYZXHRXJZRCZSD_MK

Caesar: Z kyzeb Z tre Z kyzeb Z tre Z kyzeb Z tre

Random: R bhrml R aem R bhrml R aem R bhrml R aem

With a repetitive message like "I think I can", etc. it would be really easy for a hacker to predict the shift or substitution. 

• Will frequency analysis work to crack the Vigenere cipher?  Why or why not? Keep your answer as simple as possible.

• If I promised you that the message at right was encrypted with the Vigenère cipher widget, would that make it easy to crack (yes or no)?  Explain why.  Your explanation should include a description of what you would need to know to decrypt this and how you might go about figuring that out.

Knowing this was a vignere cipher encrypted message would make this very difficult to crack. We would at least need to know the key to decrypt this,

• What if I told you that the message above was encrypted with the Vigenère cipher widget and the key I used was 10 characters long.  Does that make it any easier to crack the message?  Again, what would you need to figure out and how would you go about finding it?

That makes it easier because you could possibly figure out the association between the axes and look at repeated letters every ten, but it would still be extremely difficult.

Worksheet - Keys and Passwords

Answer these questions

These questions are intended to be answered as part of an activity using http://howsecureismypassword.net.  The questions below assume ask you to try things out using that tool.

• Create a few passwords using 8 lowercase ASCII characters (a-z).  What’s the longest amount of time-to-crack you can generate?

• Using any characters on the keyboard, what’s the longest amount of time-to-crack you can generate with an 8-character password?

• As you try passwords, what seems to be the single most significant factor in making a password difficult to crack?  Why do you think this is?

Length. With each new letter, there are more possibilities for what the password can be. With 1 letter, there are 26 options, but with 2 letters, you've more than doubled that number of options, let alone 10 or 15 or more.

• Opinion: Is an 8-character minimum a good password length for websites to require? Give your opinion, yes or no, and explain why you think that.

I think it could be a bit longer, just given how exponentially the length of time needed increases once the length is high enough.

• The AP CS Principles framework contains the following statement: Implementing cybersecurity has software, hardware, and human components.  Based on what you’ve learned so far, describe at least one way that cybersecurity involves “human components.”

Humans are the ones writing these passwords, and so if they follow the rules (8 characters, letters, numbers, symbols, no common phrases or patterns)

Hopefully you can now appreciate this comic: http://xkcd.com/936/

Activity Guide - Public Key Bean Counting

Sending Secret Messages without agreeing a on a secret key ahead of time

In this activity, cups filled with beans will represent information going back and forth between Alice and Bob.  We do this activity to show you a simple version of something called Public Key Encryption so we can introduce you to the basic process of information exchange and to some of the terminology involved (which we’ll get to later).

This activity will show a technique for Alice and Bob to send secret messages to each other, without agreeing on a secret key ahead of time, and only by exchanging messages over public, insecure channels.

Background: A metaphor -- cup of beans as one-way function

• Imagine that putting some beans into a clear plastic cup and then putting a lid on the cup is an encryption function.  Only the person who put the lid on is able to remove it.

• Everyone else can try to count the beans but they can’t take the lid off; they just have to stare into the cup (like trying to count the jelly beans in a jar at the carnival).  This represents a computationally hard problem.

• In this activity, there is a wrinkle: a person can add beans to the cup by pushing them through the slot in the top of the lid. The result is that there will be more beans in the cup, but it’s still hard to count them by looking in from the outside.

Information Exchange Procedure

Materials

• A few handfuls of dried beans

  

• (optional) A lid with a slot in the top that would allow a bean to be pushed through.  If you don’t have lids, you could use plastic wrap, or just use your powers of imagination.

Setup

• Decide who is playing Alice, Bob and Eve.

• Give all of the cups and lids to Alice to start.

• Alice and Bob should each have a handful of beans.

Eve:

Eve, you will direct all the action.  You should read all the instructions of the procedure out loud to everyone, and Alice and Bob should follow along accordingly.  (Alice and Bob can follow along on their sheets as well.)  

Eve reads….

Alice:

1. Alice, turn your back to Eve and Bob while you do this: Put a random number of beans into a cup -- Remember this number (or write it down in a secret location). Put the lid on the cup.

2. Then put the cup onto the table in front of Bob and Eve. NOTE: Eve and Bob can only guess how many beans are in the cup.

Bob:

Bob, take the cup off the table and turn your back to Alice and Eve while you do this: Pick a secret number to send to Alice. Remember this number. Count out that many beans and add them to the cup.

2. Then put the cup back onto the table. NOTE: Even though she might be able to see the number of beans is different, Eve can still only guess how many are in the cup.

Eve:

Quick question for Eve: Do you have any idea what secret number Bob is sending to Alice?  Note: Unless Bob and Alice put so few beans into the cup that you can clearly see from the outside how many there were, your answer should be “No.”  You might be able to make a guess, but you wouldn’t know for sure whether it was right.  Okay...move on.

Alice:

Once more, turn your back to Bob and Eve while you do this: Take the cup off the table   Remove the lid and dump out the beans. Count off the number of beans originally in the cup.   What’s left is Bob’s secret number!

Recap:

• Alice and Bob did not have to agree on anything, or communicate ahead of time.

• Alice and Bob only exchanged information in public, right in front of Eve.

• Eve would have to be able to count the beans in the cup without opening it, both on the way over to Bob and on the way back to Alice, in order to determine what Bob was trying to send Alice.

Try it again?

• Change roles and try the procedure again to see how it works.  Try to make it hard for Eve to guess the secret number.  And, Eve, do try to guess.

• Here’s a fun wrinkle that makes it even more impossible for Eve: Use 3 cups!

• Alice, put a random number of beans into 3 different cups (you need to remember how many total beans you used, or you could remember the 3 separate numbers).  

• Bob, for the number you wish to send, distribute the beans randomly into the 3 cups; it doesn’t matter how many go into each cup as long as the total is the number you want to send.

• Alice, once you have the 3 cups back, either dump all the beans out and take away the total number of beans you originally put into the cups, or subtract the individual amounts from each cup.  Either way, the beans left over are the ones Bob sent you.

What’s the point of the cups and beans activity?

Public key cryptography is what makes secure transactions on the Internet possible. Obviously, computers don’t exchange information with beans in plastic cups; they use data (numbers mostly) and the methods of encryption use some math, which we will see in a later lesson.  Here the number of beans represented data and the cups represented encrypted data. In order to see how the real thing works, we need to know some terms so we can talk about it accurately.

First, NOTICE:

• At no point did Bob or Alice agree on any secret password, number, or key.

• They only exchanged information in public.

• Bob can encrypt a secret message for Alice by using something that Alice puts out in public

• Eve could not tell what was going back forth without simply guessing either Alice or Bob’s private number.

Asymmetric Keys

The cups and beans represent asymmetric (pronounced “A-symmetric”) encryption because the procedure for encrypting a message (which Bob does) is different from the procedure for decrypting the message (which Alice does). Up to this point, the encryption schemes we’ve studied have been symmetric. This means that the key used to encrypt the message is the same key needed to decrypt the message.

Private Key

In the case of this activity, Alice’s secret number - the number of beans that she put into the cup originally is known as her private key.  Only she knows it, and she never shares it with anyone.

Public Key

The sealed container sitting on the table represents Alice’s public key.  In the real world a public key is something related to the private key, that can be safely shared in public, that another person can use to encrypt a message. In this case, the cup with the lid on top.

Encrypting (a message)

When Bob adds beans to the sealed cup, he is using a public key to encrypt a message. Since they get mixed in with the other beans (which are related to Alice’s private key), no one, not even Bob, knows how many total beans there are.

Decrypting (the message)

When Alice receives the cup back from Bob, she can decrypt the message by opening the lid and counting the beans.  Since she knows how many beans she put in in the first place, she can subtract that number of beans and arrive at the number that Bob intended to send.

Public Key Cryptography

This entire form of exchange is called Public Key Cryptography. In this form of secure communication, every participant has both a public and a private key. When sending a message, the sender encrypts his message using the public key of the recipient.

The real math is actually not that complicated.  It essentially uses multiplication and division instead of addition and subtraction.  The next lesson shows how it works.

Name(s)_______________________________________________ Period ______ Date ___________________

Activity Guide - Multiplication + Modulo

Summary

In this activity you’ll you’ll multiply numbers as input into the modulo operation and explore some interesting properties that relate to cryptography.

Goal: Understand how multiplication + modulo can be used to make computationally-hard-to-crack encryption.

Tools:

• Calculator: you probably want a calculator handy for multiplying big numbers

• The “Mod Clock” widget in code studio (pictured at right)

Assumption: You have been introduced to the modulo operation and the “clock” analogy for it.

Step 1:  Experiment with the Mod Clock

Goal: familiarize yourself with properties of the Modulo operation

Get your feet wet - play

• Try inputting different values into the mod clock for both the “number” and the “clock size”.

• Try big numbers and small numbers for both

Questions:

1. Using a clock size of 50, write a list of 5 numbers that produce a result of 0.

1. With clock size of 50 how many total numbers are there that produce a result of 0?  (If the list is short, write it out. If the list is long, describe a pattern of what the numbers are).

1. Using a clock size of 13, can you find a number to input that produces a result of 13?  (If so, what is it? If not, why not?)

No because when you have a remainder of 13 and you are dividing by 13, you just change the result before by 1. So 26 mod 13 could give you 1 remainder 13, but that would not make sense because when you divide it again by 13, you will get 1, and then you may as well add the two 1's together.

1. Using a clock size of 13, find the answers to the following:

Are these results surprising or interesting?  Why or why not?

No because this function is just based in basic division.

Step 2:  Toward encryption - Use multiplication to produce inputs

Experiment - Small changes to inputs, big changes to outputs.

Using a clock size of 37, let’s multiply two numbers (we’ll call them A and B) to use as input, then make small changes to each while holding the other constant.  We’ll always use the formula A * B MOD M. We’ll start with A=20 and B=50 and M=37. So here is the first result...

20 * 50 MOD 37 = 1

Now find in the rest of these values making small adjustments to A and B individually.

Use a calculator, if necessary, to compute A * B.  Use the Mod Clock to compute the modulus of the result.

Result: What do you notice about these results?  Is there a pattern?  Could you predict the result of 25 * 50 MOD 37?

Yes you just add 13 to the previous result which is the difference between 50 and 37.

Experiment 2 - Guessing inputs is hard?: Using a clock size of 101, we’ll give you the value of A and even hold the result of the modulo operation constant. Your task: find a value for B (the blank) that makes the math work out.

Takeaways:

Solving modulus equations like 2 * ___ MOD 101 = 1 is “hard” because you can’t solve it like a typical equation. There are no easy patterns or shortcuts like other equations you might see in a math class. As you learned in step 1 (hopefully) there is an infinite list of single values for which  ___ MOD 101 = 1.  (The list is 1, 102, 203, 304, 405...etc). With multiplication, to solve 2 * ___ MOD 101 = 1 you end up randomly guessing to find some number to multiply by 2 that gives you a result in that list.

Things get especially “hard” when you use a prime number as the clock size. Thanks to some special properties of prime numbers with a prime clock size there’s only one solution to each modulus equation. You are guaranteed that there is the number less than the clock size itself, but there are still 100 different values you have to try. With a brute force search you could go through them all in a couple minutes.  But what if the clock size were a 50-digit prime number?

Encryption!

Whenever you have a problem for which the only way to solve it is by random guessing or brute force search over a large range of values, you have a candidate for a encryption. Next you’ll get to try it!

Unit Lesson 8

Worksheet - Video Guide for “Cybersecurity and Crime”

Overview

Cybercrime causes huge problems for society - personally, financially, and even in matters of national security. In this video, Jenny Martin from Symantec and Parisa Tabriz from Google explain what cybercrime is, how the same advantages in the Internet’s structure can be exploited as disadvantages, and how to defend against attacks with cybersecurity.

Directions

1. Watch the video, “The Internet - Cybersecurity and Crime”.

2. Answer the questions below.

Questions

1. Name 3 specific examples of cybercrime.

Credit card numbers, social security and health care information, aerial drones have been hacked

1. What is a computer virus?

A virus is an executable program that gets installed, usually unintentionally, and harms the user and their computer.

1. What is a Distributed Denial of Service attack?

A distributed Denial of Service attack is the intentional paralyzing of a computer network by flooding it with data sent simultaneously from many individual computers.

A phishing scam is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

1. Pick a type of cybercrime and explain how to defend against it using cybersecurity techniques mentioned in the video.

Protecting against cybercrime is as easy as using strong passwords, checking for authentic websites, installing system security updates as often as possible and not installing untrustworthy software.