Presentation 6: Privacy and Encryption

Show the kids the problem of privacy on the internet and work with them on preventing “curious guys” to read a message from one user to another. First use physical means, such as locked box, then try to confuse the curious guys by decrypting the messages.

Note, we are not covering authentication here, meaning making sure that the identity of a sender / receiver is what one expects.

Preparation

Find a box that can be locked with a hang lock. I used a carton box with a plastic handle which was sticking out through a cut in a top cover of the box. Putting a hang lock on the handle prevented the hangle from sliding back in, which was needed in order to open the box

Also create a big poster with mapping from letters into symbols as well as small printouts to distribute to every kid. This can be a part of the handout which outlines the whole presentation, so that the parents can go over it with the kids later on.

Resources:

Bring:

- a box that can be locked with a hang lock

- 2 sets of hang locks with the keys

- paper, pencil

- A big poster with a mapping from letters into symbols. Ideally, a copy of the mapping for every kid.

- A print out for kids to take home.

Presentation

1. Internet

Do you know what Internet is?

(Most kids who raised their hands said that it is a computer)

Internet is not a single computer but a bunch of computers connecterd with the network.

Now we are going to create internet. Who wants to be a computer?

Pick 2 end users. The rest are the computers. Have kids sit/stand close to each other in order to be able to pass information (a letter or a box) to each other.

2. Passing information via internet

We have two users – Jossi and Andreas. Jossi wants to tell a secret to Andreas via Internet. For example, “I can fly”

Write this sentence with big letters on a sheet of paper, fold it and have Jossi pass it to the first computer closest to him, then have computers pass the sheet to each other until it reaches Andreas.

Have Andreas read the letter received.

3. Privacy

But there is a problem. There are VERY CURIOUS GUYS who want to find the secret.

Choose 2 curious guys, who stand somewhere in the middle of computer chain. Have Jossi pass the letter again, but now have the curious guys intercept it, read it, and pass along to Andreas.

You see, curious guys were able to find out your secret! What can we do?

Listen to suggestions. Take out a box.

Let's put the letter in a box!

Have kids pass the box, but curious guys open it and read the letter again.

(I used the same letter “I can fly”, so the curious guys didn't see much point in trying hard to retrieve the letter since they already knew what is in it.)

You see, the curious guys can open a box, we need to lock it!

Get a hang lock, give the key to Jossi and have him lock the box and send it.

Now curious guys can not open it ... but neither can Andreas!

(Kids started suggesting to send a key, which is a perfectly valid solution. It would be nice to have them come to it with some mental efforts, but it was kind of obvious – Andreas needs a key to open a box, so send the key! I was playing devils advocate and have Jossi send the key first, then the curious guys hold on to it until they got the box, then open it. But then we decided it's a good idea to send the box first.)

+++for older kids you may introduce an “ACK” - acknowledge that the box was received. Otherwise the curious guys can hold on to the box until the get the key

Great, we solved the problem! First we send the box, then when the box is received, we send a key!

4. Do not pass the key

But there is one small problem – once Jossi sent the key, now he can not send anything else, since he can't lock the box anymore! How can we solve the problem without sending the key?

Some kids suggested putting the key in the box, but then we elaborated and realized it's not a good idea.

Somebody suggested putting two locks. This is actually the correct solution: have two locks with keys – Jossi holds on to one lock, Andreas to another lock. Jossi locks the box, sends it to Andreas. Andreas locks the box again and sends it to Jossi. Jossi unlocks the box, and sends it back. The box is still locked with Jossi's lock. He unlocks it and now he can read the letter! And both users have their locks and their keys, so they can send more messages! Iterate over the sequence once again, making it clear for kids how it works and that the curious guys can not access the box content.

5. Simple encoding for a two lock solution

It is possible to show how two lock solution can be implemented on the internet by encoding letters. Let's say key = 1 means offset each letter by 1, key = 2 => offset by 2, etc.

Person A encodes her message using key=1 (e.g. CAB -> DBC)

Person B doesn't know Person's A key, she encodes it with key = 2 (DBC -> FDE) and sends back to person A

Person A doesn't know Person's B key but she knows her own key and she decodes the message with key = -1 ( FDE->ECD) and sends to person B

Person B decodes with her key = -2 ( ECD->CAB) and the message is deciphered!

6. Encryption - invent a new language

We have the solution, Ta-dam! But there is another problem. The curious guys are soooo curious that they decided to get an axe and break the box! So no matter how many locks you put on your box, they can still open it. What can we do?

Listen to suggestions.

I have an idea – let's confuse the curious guys! Let's invent the language the curious guys won't understand!

(Somebody suggested Russian. Since my son was one of the curious guys I said it's not going to work since the curious guys do understand Russian. Kids started suggesting other languages, but I stopped them offering to INVENT the language.)

Let's create language “Pa”. Mypa namepa ispa Mipashapa.

Have kids figure out their names or tell them what their names and the names of their teachers would be in the “Pa” language.

Then re-write the letter - “Ipa canpa flypa”

Our language is so confusing now, that we don't even need a box, because the curious guys would not understand it.

(I would think that the curious guys would have no problem figuring out what's there but apparently they did have hard time, and so did Andreas. I helped him by crossing “pa”s and having him read the letter.)

But the curious guys can figure out how to read this language. Let's create another one.

7. Replacing the characters

Ask the kids if the know the alphabet. I created a mapping from one letter to the next in the alphabet.

+++This was not a good idea – mapping is confusing for the kids, mostly because letters map into the letters. A better idea would be to map letters into symbols, and have the mapping beforehand.

This way kids can play with the language and write different workds with symbols. This could be a good exercise – giving everybody a copy of the mapping and having them encrypt / decrypt words.

I did the same with numbers 1->2, 2->3 ... 

+++Again, not a great idea. Using completely different symbols is much better, it creates a sence of a new language.

8. Encrypting a map of an island

Here is another scenario: Jossi hid his treasure on an island, and he wants to tell Andreas where the treasure is. So he draws a map of the island and marks where the treasure is.

Draw a map of an island and a few trees. Draw a box next to one tree.

So, Jossi sends the map to Anreas ... but the curious guys, or the pirates, get the letter and dig out the treasure! How can we confuse the pirates?

Two kids suggested a pretty good solution – create a new map. I picked it, but then somebody said that the pirates can dig holes based on both maps. Then I suggested that if there are 100 maps the pirates will dig the holes the whole year, but if Jossi tells Anreas the number – which map to use, so that the curious guys don't know, then Andreas will be able to find the treasure much faster than the pirates.

This was a better idea than my initial idea - to cut the map in pieces and somehow specify the way to put the pieces together.

At this point it was time to finish the presentation.

+++ For more information and other approaches check out this link: Security: privacy and encryption  and Encoding