Part 1
Imagine that two people, Alice and Bob, who live in separate states, need to mail important and secret messages to each other without the risk of any corrupt postal workers reading them. They would like to be able to send encrypted letters for which only they have the key. That way, even if a postal worker opens a letter, she won’t be able to read it. The problem is that right now, they have no shared secret key. Use the following information to come up with a plan, so that Alice and Bob can securely send their letters.
- Alice has a heavy duty metal box that can be sent in the mail.
- Alice has a heavy duty padlock, and only she has access to the key.
- Bob has a heavy duty padlock, and only he has access to the key.
- Alice and Bob can send the box back and forth as many times as possible, but sending the box is more expensive than sending letters, so ideally they want to send it as few times as possible.
(HINT: What is going to be sent in the box?)
Possible Solution
Alice comes up with a secret key and places it in the metal box. She then locks it with her padlock, and sends it to Bob. Bob adds his padlock to the box and sends it back to Alice. Alice unlocks her padlock and sends it back to Bob. Bob unlocks his padlock and retrieves the secret key. They can now exchange encrypted letters.
Part 2
Eve is a very intelligent and very corrupt postal worker. When Alice sends her locked box, she realizes that something secret and probably lucrative is going on. Use the following information to come up with a plan so that Eve will be able to intercept and read all the encrypted letters without them realizing it.
- Eve has a heavy duty padlock, and only she has access to the key.
Possible Solution
Alice sends the locked box to Bob, but Eve intercepts it. She places her own lock on the box and sends it back to Alice. Alice removes her own padlock, thinking it came from Bob and sends it back to Eve, thinking it’s Bob. Eve removes her own padlock and gets the secret key. After making a copy of the secret key, she replaces it in the box, locks it, and sends it to Bob. Bob places his padlock on the box and sends it back to Eve, thinking that it’s Alice. Eve removes her padlock and sends it back to Bob, who removes his padlock and gets the secret key. Now all three have the key, but Alice and Bob don’t know that Eve has it. They send encrypted letters, which Eve intercepts, decrypts, and reads.
Discussion
The point of this activity is to get students thinking about the difficulties of using private key encryption schemes in the real world. The reliance on a shared secret begs the question of how that secret is to be shared securely. Let this be an introduction to public key cryptography.
Discuss how this system with boxes and padlocks could be translated to a digital encryption scheme. For example:
Let K be the secret key to be shared.
- Alice sends to Bob: EA(K) where EA represents encryption with her private key.
- Bob sends to Alice: EB(EA(K))
- Alice sends to Bob: DA(EB(EA(K)) = EB(K)
- Bob calculates: DB(EB(K)) = K
What is the assumption here, though? In order for this to work, the order of decryption cannot matter. Not all encryption schemes meet this requirement.
This discussion can lead in to a discussion of the Diffie-Hellman Key Exchange protocol, which was one of the first public key encryption schemes. A good discussion of this is found at https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange. There is a nice visual representation of the process using paint colors, as well as fairly simple examples of the math. It also shows the process with three users.
Part 2 is an example of the Man in the Middle Attack (MITM), which is something that comes up a lot in security. When you connect to a network, how do you know it is the network you think it is? When you access a website, how do you know it is the website you think it is? In order to understand security needs and strategies, it is important for people to “think like the bad guys.” Understanding how different kinds of attacks happen can help us figure out better ways to protect our information.
A discussion of MITM could lead to brainstorming about ways to increase the security of this kind of communication and to an important topic in security: authentication. The MITM attack also means that the data itself cannot be trusted. Eve might not want to simply eavesdrop on a conversation. With the information she has, she could easily intercept Alice’s message and send Bob her own message. This is another important aspect of information security– integrity.