Reference Publications

Topic: RSS Feed

An Inexpensive Device for Teaching Public Key Encryption

Journal of Information Systems Education, Fall 2009 by Pendegraft, Norman

ABSTRACT

An inexpensive device to assist in teaching the main ideas of Public Key encryption and its use in class to illustrate the operation of public key encryption is described. It illustrates that there are two keys, and is particularly useful for illustrating that privacy is achieved by using the public key. Initial data from in class use seem to confirm its utility.

Keywords: Public Key Encryption

1. INTRODUCTION

Information Assurance (IA), the general problem of maintaining information system security, is an important topic for Information Systems (IS) majors as well as for general business students. While there is a considerable student interest, the topic is highly technical, and so it presents problems when teaching a non technical authence. One specific IA issue of great economic importance is public key encryption infrastructure (PKI). Students seem to be very interested, but they struggle with remembering that the public key is used for guaranteeing privacy. This paper describes a device used to illustrate the operation of PKI.

Temkin (2007) confirms the importance of teaching encryption basics to general students. Yurcik and Doss (2001) discuss several approaches to teaching IS security. Although their focus seems to be on a course devoted entirely to security, their conclusions seem valid for a more general authence. They identify topic selection as the most difficult problem. They also note that differences in learning styles are important. In particular, many students respond best to a hands-on approach. They also recommend real life cases. They discuss a number of approaches in more detail including projects, research, and labs. Several other authors describe a variety of approaches for teaching about security including using a chat room (Mitchener and Vahdat, 2001) and a laboratory exercise (Rawles and Baker, 2003) Sanders (2003) describes a project involving identifying a hacker. Cao et.al. (2002) used a programming project in which students develop applications that exchange encrypted traffic. Reid, Piatt, and Wei (2005) also describe a teaching module to introduce encryption. Many of these are appropriate for a IS course with a technical authence and substantial time to devote to security, but they appear to be less attractive for a short presentation to a general authence.

Because of its importance in e-commerce, PKI is one of the most important topics for general business authences. (It is also fun.) Teaching encryption is challenging because understanding modem ciphers requires a high level of mathematical sophistication. The challenge is making the structure of PKI accessible to a more general authence.

This device described here was developed for the IS component of our Integrated Business Curriculum, a 17 credit two semester course covering all of the business core topics (Pendegraft et.al. 2000). In that course we have a general authence and generally spend 3-4 hours on IA of which only part is devoted to encryption. It has been the author's experience, that after a lecture and discussion, many still fail to grasp the key idea, namely that the receiver's public key is used to ensure privacy. Instead, their intuition tells them that a private key should be used for privacy.

A search of the internet revealed only one other device to help teach encryption (Yuan, 2008), but it is expensive. Further, its operation is unclear from the web site. It appears to be a lockable box with two different keys, one for locking and the other for unlocking. It is not clear how well it enhances student's understanding. A patent search revealed no similar devices.

The device described herein is intended to illustrate PKI in concrete terms, and at low cost. Further, the device is simple enough that the students can understand how it works, thereby increasing the likelihood that they will remember the lesson. The author has used it to teach the topic and found that students responded well to the demonstration.

The remainder of the paper briefly describes PKI, describes the device and its use in the classroom, and offers some evidence suggesting that the device was well received.

2. PUBLIC KEY INFRASTRUCTURE

Public key encryption is described by many authors. For example, Fitzgerald and Dennis (2009) offer a nice, elementary discussion while Stallings (2006) presents a more detailed mathematical discussion. The theory of PKI is beyond the scope the course in which this discussion takes place. Consequently, only a brief outline of the operation of PKI (of similar scope to the classroom discussion) will be given here. The device illustrates only how PKI behaves so far as users are concerned, but not the mathematics behind the algorithms.

PKI uses asymmetric encryption which means that there are two keys. One key is used for encryption and another that is used for decryption. Thus, each user has a pair of keys. The keys are chosen so that if one is used to encrypt a message the other must be used to decrypt and vice versa. They are chosen in such a way that even if an attacker knows one of them, finding the other is computationally intractable. One (the public key) is posted in a public place. The other (the private key) is secret and is known only to its owner.


 

BNET TalkbackShare your ideas and expertise on this topic

Please add your comment:
  1. You are currently: a Guest |
  4.  

Basic HTML tags that work in comments are: bold (<b></b>), italic (<i></i>), underline (<u></u>), and hyperlink (<a href></a)

advertisement
Click Here
advertisement
  • Click Here
  • Click Here
  • Click Here
advertisement
Click Here

Content provided in partnership with ProQuest