is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
9 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Enigma/Python_Enigma/Rotor1.py:
--------------------------------------------------------------------------------
1 | #Rotor I
2 | alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
3 | rotor = "EKMFLGDQVZNTOWYHXUSPAIBRCJ"
4 | notch = "Q"
5 |
6 | def setStart(letter):
7 | while(rotor[0] != letter):
8 | rotate()
9 |
10 | def translate(letter):
11 | spot = alphabet.find(letter)
12 | return rotor[spot]
13 |
14 | def reverse(letter):
15 | spot = rotor.find(letter)
16 | return alphabet[spot]
17 |
18 | def rotate():
19 | global rotor
20 | turnOver = False
21 | if rotor[0] == notch:
22 | turnOver = True
23 | rotor = rotor[1:] + rotor[0]
24 |
25 | return turnOver
26 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Enigma/Python_Enigma/Rotor3.py:
--------------------------------------------------------------------------------
1 | #Rotor III
2 | alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
3 | rotor = "BDFHJLCPRTXVZNYEIWGAKMUSQO"
4 | notch = "V"
5 |
6 | def setStart(letter):
7 | while(rotor[0] != letter):
8 | rotate()
9 |
10 | def translate(letter):
11 | spot = alphabet.find(letter)
12 | return rotor[spot]
13 |
14 | def reverse(letter):
15 | spot = rotor.find(letter)
16 | return alphabet[spot]
17 |
18 | def rotate():
19 | global rotor
20 | turnOver = False
21 | if rotor[0] == notch:
22 | turnOver = True
23 | rotor = rotor[1:] + rotor[0]
24 |
25 | return turnOver
26 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Enigma/Python_Enigma/Rotor2.py:
--------------------------------------------------------------------------------
1 | #Rotor II
2 | alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
3 | rotor = "AJDKSIRUXBLHWTMCQGZNPYFVOE"
4 | notch = "E"
5 |
6 | def setStart(letter):
7 | while(rotor[0] != letter):
8 | rotate()
9 |
10 | def translate(letter):
11 | spot = alphabet.find(letter)
12 | return rotor[spot]
13 |
14 | def reverse(letter):
15 | spot = rotor.find(letter)
16 | return alphabet[spot]
17 |
18 | def rotate():
19 | global rotor
20 | turnOver = False
21 | if rotor[0] == notch:
22 | turnOver = True
23 | rotor = rotor[1:] + rotor[0]
24 |
25 | return turnOver
26 |
--------------------------------------------------------------------------------
/Physical_Security/readme.md:
--------------------------------------------------------------------------------
1 | # Physical Security
2 |
3 | 1. [Combo Locks](combo_locks.md)
4 | 1. [Keys & Locks](keys.md)
5 | 1. [Credit Cards & Payment Methods](credit_cards.md)
6 | 1. RFID
7 |
8 | ## License
9 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
10 |
--------------------------------------------------------------------------------
/Web_Security/readme.md:
--------------------------------------------------------------------------------
1 | # Web Security
2 |
3 | 1. [HTML & CSS](html_css.md)
4 | 1. [Setup Site on Remote Server](setup_server.md)
5 | 1. [Linux Command Line](linux_cli.md)
6 | 1. [PHP & SQL](php_sql.md)
7 | 1. [Network Security](networks.md)
8 |
9 | ----
10 | ## License
11 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
12 |
--------------------------------------------------------------------------------
/Security_Principles/readme.md:
--------------------------------------------------------------------------------
1 | # General Security Principles
2 |
3 | 1. [Passwords](passwords.md)
4 | 1. [E-Mail](email.md)
5 | 1. [Protection Software](protection_software.md)
6 | 1. [Online Detective/Social Engineering](online_detective.md)
7 | 1. [Cyber Warfare](cyber_warfare.md)
8 |
9 | ## License
10 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
11 |
--------------------------------------------------------------------------------
/Modern_Cryptography/readme.md:
--------------------------------------------------------------------------------
1 | # Modern Cryptography
2 |
3 | ## Modern Cryptography Lessons
4 | 1. [Enigma](Enigma.md)
5 | 1. [Steganography](Steganography.md)
6 | 1. [Public Key Cryptography](Public_Key.md)
7 | 1. [RSA Encryption](/RSA/RSA.md)
8 | 1. [Salting & Hashing Passwords](Salt.md)
9 |
10 | ## License
11 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
12 |
--------------------------------------------------------------------------------
/Modern_Cryptography/HashSalt/HashDemo.py:
--------------------------------------------------------------------------------
1 | #HashDemo.py
2 | import hashlib
3 |
4 | #Get a password or phrase from the user.
5 | mystring = input('Enter String to hash: ')
6 | #Hash using MD5
7 | hash_object = hashlib.md5(mystring.encode());
8 | print("MD5:", mystring, "\t" , hash_object.hexdigest())
9 | #Hash using SHA256
10 | hash_object = hashlib.sha256(mystring.encode())
11 | print("SHA256:", mystring, "\t" , hash_object.hexdigest())
12 |
13 | #now add salt
14 | salt = "!@#$%"
15 | print ("Now with salt of", salt)
16 |
17 | hash_object = hashlib.md5(mystring.encode() + salt.encode())
18 | print("MD5:", mystring, "\t" , hash_object.hexdigest())
19 | hash_object = hashlib.sha256(mystring.encode() + salt.encode())
20 | print("SHA256:", mystring, "\t" , hash_object.hexdigest())
21 |
--------------------------------------------------------------------------------
/Teachers.md:
--------------------------------------------------------------------------------
1 | ### Instructor Teaching this Course
2 |
3 | I'm so excited you're using my curriculum to teach cybersecurity! Please introduce yourself to other teachers using this curriculum. By entering your contact information, you agree to allow other teachers to reach out to you if they have questions about your implementation/resources/etc.
4 |
5 | |First Name|Last Name|District/School|email|
6 | |----|----|----|----|
7 | |Jenna|Garcia|Nextech|jenna@nextech.org|
8 | |Tim|Clegg|Blue River Valley|timothy.clegg@brv.k12.in.us|
9 | |Sue|O'Connell|Duneland/Chesterton High School|soconnell@duneland.k12.in.us|
10 | |Jo|Cox|Yorktown Community Schools|jcox@yorktown.k12.in.us|
11 | |Nick|Zivanovic|Griffith High School|nickz1@gmail.com|
12 | |Alex|McKinstry|FWCS Career Academy|alexander.mckinstry@fwcs.k12.in.us|
13 |
14 |
--------------------------------------------------------------------------------
/Security_Principles/passwords/LockedFile1.py:
--------------------------------------------------------------------------------
1 | import hashlib
2 |
3 | msg = [67, 111, 110, 103, 114, 97, 116, 117, 108, 97, 116, 105, 111, 110, 115, 44, 32, 121, 111, 117, 32, 104, 97, 118, 101, 32, 102, 111, 117, 110, 100, 32, 116, 104, 101, 32, 99, 111, 114, 114, 101, 99, 116, 32, 112, 97, 115, 115, 119, 111, 114, 100, 46]
4 |
5 | def openMessage(password = None):
6 | if (password == None):
7 | password = input("Enter password: ")
8 |
9 | if (hash(password) == '2d86bdac01a3315b95794ffa7360edc3'):
10 | secret = ""
11 | for num in msg:
12 | secret = secret + chr(num)
13 | return secret
14 | else:
15 | return "Incorrect password."
16 |
17 | def hash(password):
18 | userHash = hashlib.md5(password.encode()).hexdigest()
19 |
20 | return userHash
21 |
--------------------------------------------------------------------------------
/Security_Principles/passwords/LockedFile3.py:
--------------------------------------------------------------------------------
1 | import hashlib
2 | msg = [87, 104, 97, 116, 32, 100, 111, 32, 119, 101, 32, 110, 101, 101, 100, 32, 116, 111, 32, 100, 111, 32, 116, 111, 32, 109, 97, 107, 101, 32, 112, 97, 115, 115, 119, 111, 114, 100, 115, 32, 101, 118, 101, 110, 32, 109, 111, 114, 101, 32, 115, 101, 99, 117, 114, 101, 63]
3 |
4 | def openMessage(password = None):
5 | if (password == None):
6 | password = input("Enter password: ")
7 |
8 | if (hash(password) == '22748b40f878b0080f8358cecd9112c6'):
9 | secret = ""
10 | for num in msg:
11 | secret = secret + chr(num)
12 | return secret
13 | else:
14 | return "Incorrect password."
15 |
16 |
17 | def hash(password):
18 | userHash = hashlib.md5(password.encode()).hexdigest()
19 |
20 | return userHash
21 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Steganography/Java_Program/ViewMessage.java:
--------------------------------------------------------------------------------
1 | import java.awt.Color;
2 |
3 | public class ViewMessage
4 | {
5 | public static void main(String[] args)
6 | {
7 | //open an image file and display
8 | PictureEdit pic = new PictureEdit();
9 | pic.displayImage();
10 |
11 | //get a message from the user
12 | String message = "";
13 |
14 |
15 | int x = 0;
16 | int y = 0;
17 |
18 | while (x < 20)
19 | {
20 | //read the color at one specific pixel
21 | Color pixColor = pic.getColor(x, y);
22 | int red = pixColor.getRed();
23 | int green = pixColor.getGreen();
24 | int blue = pixColor.getBlue();
25 | //build the message
26 | message = message + red;
27 |
28 | x = x + 1;
29 | }
30 |
31 | System.out.println("Message: " + message);
32 | }
33 | }
--------------------------------------------------------------------------------
/Web_Security/html/ExampleForms.php:
--------------------------------------------------------------------------------
1 |
2 |
26 |
--------------------------------------------------------------------------------
/Security_Principles/passwords/LockedFile2.py:
--------------------------------------------------------------------------------
1 | import hashlib
2 | msg = [84, 104, 101, 115, 101, 32, 112, 97, 115, 115, 119, 111, 114, 100, 115, 32, 97, 114, 101, 32, 103, 101, 116, 116, 105, 110, 103, 32, 104, 97, 114, 100, 101, 114, 46, 46, 46, 32, 73, 32, 97, 109, 32, 105, 109, 112, 114, 101, 115, 115, 101, 100, 32, 119, 105, 116, 104, 32, 121, 111, 117, 114, 32, 99, 111, 100, 101, 32, 98, 114, 101, 97, 107, 105, 110, 103, 32, 97, 98, 105, 108, 105, 116, 121, 46]
3 |
4 | def openMessage(password = None):
5 | if (password == None):
6 | password = input("Enter password: ")
7 |
8 | if (hash(password) == '09f39696b2fb3851e7e995bb5b37dbf4'):
9 | secret = ""
10 | for num in msg:
11 | secret = secret + chr(num)
12 | return secret
13 | else:
14 | return "Incorrect password."
15 |
16 |
17 | def hash(password):
18 | userHash = hashlib.md5(password.encode()).hexdigest()
19 |
20 | return userHash
21 |
--------------------------------------------------------------------------------
/Classic_Cryptography/code/LetterFrequency.py:
--------------------------------------------------------------------------------
1 | #LetterFrequency.py
2 | #This program will create a CSV file of frequencies based on a text file.
3 | #Use Excel or similar spreadsheet software to visualize the frequencies of the CSV file.
4 |
5 | import os
6 |
7 | def countLetters(message):
8 | dir_path = os.path.dirname(os.path.realpath(__file__))
9 | os.chdir(dir_path)
10 |
11 | alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
12 | message = message.upper()
13 |
14 | freq = [0] * 26
15 |
16 | for letter in message:
17 | spot = alpha.find(letter)
18 | if spot >= 0:
19 | freq[spot] += 1
20 |
21 | freqFile = open("frq.csv", 'w')
22 |
23 | for i in range(26):
24 | print (alpha[i], ":", freq[i])
25 | line = alpha[i] + "," + str(freq[i]) + "\n"
26 | freqFile.write(line)
27 |
28 | freqFile.close()
29 |
30 | def main():
31 | msg = input("Enter a message: ")
32 | countLetters(msg)
33 |
34 | main()
35 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Steganography/Java_Program/HideMessage.java:
--------------------------------------------------------------------------------
1 | import java.awt.Color;
2 | import java.util.Scanner;
3 |
4 | public class HideMessage
5 | {
6 | public static void main(String[] args)
7 | {
8 | //open an image file and display
9 | PictureEdit pic = new PictureEdit();
10 | pic.displayImage();
11 |
12 | //get a message from the user
13 | Scanner in = new Scanner(System.in);
14 | System.out.print("Enter message: ");
15 | String message = in.nextLine();
16 |
17 |
18 | int x = 0;
19 | int y = 0;
20 |
21 | //read the color at one specific pixel
22 | Color pixColor = pic.getColor(x, y);
23 | int red = pixColor.getRed();
24 | int green = pixColor.getGreen();
25 | int blue = pixColor.getBlue();
26 | Color change = new Color(red, green, blue);
27 | pic.setColor(x, y, change);
28 |
29 |
30 |
31 | //display and save the new image
32 | pic.displayImage();
33 | pic.saveAs();
34 | }
35 | }
--------------------------------------------------------------------------------
/Web_Security/html/contact.php:
--------------------------------------------------------------------------------
1 |
26 | 27 | Back 28 | -------------------------------------------------------------------------------- /Web_Security/html/pullData.php: -------------------------------------------------------------------------------- 1 | 2 | 3 |
7 | Database information 8 |
9 | host_info.")"; 18 | echo ""; 19 | //This is the SQL command 20 | $sqlStr = "Select * from names;"; 21 | 22 | $selRes = $link->query($sqlStr); 23 | echo $sqlRes; 24 | if ($selRes) 25 | { 26 | while($selRow = mysqli_fetch_assoc($selRes)) 27 | { 28 | echo $selRow['lastName'] . ', ' . $selRow['firstName'] . '
'; 29 | } 30 | } 31 | // Close connection 32 | mysqli_close($link); 33 | ?> 34 | 35 | 36 | -------------------------------------------------------------------------------- /Classic_Cryptography/code/MorseCode.py: -------------------------------------------------------------------------------- 1 | #Morse Code Translator 2 | #In Morse Code, every letter has a specific set of dots and dashes 3 | #We need to create a legend that connects each letter with the code. 4 | 5 | morseCode = [".-", "-...", "-.-.", "-..", "."] 6 | 7 | def encode(message): 8 | alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 9 | message = message.upper() 10 | code = "" 11 | 12 | for letter in message: 13 | if (alpha.find(letter) >= 0): #check to see if the letter is actually a letter 14 | spot = alpha.find(letter) 15 | code = code + morseCode[spot] + " " 16 | elif letter == " ": 17 | code = code + "/ " 18 | 19 | return code 20 | 21 | 22 | def main(): 23 | message = input("Enter a message: ") 24 | 25 | code = encode(message) 26 | print ("Morse Code:", code) 27 | 28 | #The program works fine as long as you don't use a letter past E in the 29 | #Alphabet. Can you make it work for all letters? What about numbers? 30 | 31 | #Further challenge, can you create a method to decode the messages? 32 | 33 | -------------------------------------------------------------------------------- /Classic_Cryptography/code/CaesarCipher.py: -------------------------------------------------------------------------------- 1 | #Caesar Cipher 2 | #The Caesar cipher moves each letter forward in the alphabet by 3 | #the key. The resulting message has all the letters advanced by 'key' 4 | #letters. 5 | #To run the code, run the main() function 6 | 7 | def encode(message, key): 8 | alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 9 | message = message.upper() 10 | secret = "" 11 | 12 | for letter in message: 13 | if (alpha.find(letter) >= 0): #check to see if the letter is actually a letter 14 | spot = (alpha.find(letter) + key) % 26 15 | secret = secret + alpha[spot] 16 | else: # letter must have been a number, symbol, or punctuation. 17 | secret = secret + letter 18 | 19 | return secret 20 | 21 | #def decode(message, key): 22 | #We will want to decode the message here. 23 | 24 | def main(): 25 | message = input("Enter a message: ") 26 | key = int(input("Enter a key: ")) 27 | 28 | secret = encode(message, key) 29 | print ("Encrypted:", secret) 30 | #plaintext = decode(secret, key) 31 | #print ("Decrypted:", plaintext) 32 | 33 | 34 | main() 35 | -------------------------------------------------------------------------------- /Ethics_Society/General_Concepts.md: -------------------------------------------------------------------------------- 1 | # General Concepts 2 | 3 | ## Overview 4 | There are major themes that will re-occur as we go through the course. You should be aware of how these concepts pertain to different aspects of security. 5 | 6 | 7 | ## Purpose 8 | 9 | 10 | ### Objectives 11 | #### Students will be able to: 12 | 13 | ### Preparation 14 | 15 | ### Links 16 | - For the Teacher 17 | 18 | - For the Students 19 | 20 | 21 | ### Vocabulary 22 | 23 | ## Teaching Guide 24 | ### Getting Started 25 | 26 | ### Activity 27 | 28 | ### Wrap-up 29 | 30 | 31 | ### Assessment Questions 32 | 33 | 34 | ### Extended Learning 35 | 36 | ### Standards Alignment 37 | Indiana CS3S-1.1 38 | 39 | ## License 40 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity)
is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
41 |
--------------------------------------------------------------------------------
/Classic_Cryptography/code/VigenereCipher.py:
--------------------------------------------------------------------------------
1 | #VigenereCipher.py
2 | import CaesarCipher
3 |
4 | alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
5 |
6 | def findKey(keyword, letterCount):
7 | keyword.upper()
8 | spot = letterCount % len(keyword)
9 | key = alpha.find(keyword[spot])
10 |
11 | return key
12 |
13 | #use the encode/decode methods from your Caesar Cipher.
14 | #The key will change for each letter so you'll be encoding
15 | #a one-letter phrase using the Caesar Cipher and adding the results together.
16 |
17 |
18 |
19 |
20 | def main():
21 |
22 | message = input("Enter message: ")
23 | keyword = input("Enter keyword: ")
24 |
25 | secret = ""
26 | letterCount = 0
27 |
28 | message = message.upper()
29 | for letter in message:
30 |
31 | key = findKey(keyword, letterCount)
32 |
33 | if (alpha.find(letter) >= 0): #check to see if the letter is actually a letter
34 | spot = (alpha.find(letter) + key) % 26
35 | letterCount = letterCount + 1
36 | secret = secret + alpha[spot]
37 | else: # letter must have been a number, symbol, or punctuation.
38 | secret = secret + letter
39 |
40 |
41 | print ("Encoded message:", secret)
42 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Enigma/Python_Enigma/Enigma.py:
--------------------------------------------------------------------------------
1 | #Enigma Machine
2 |
3 | import Rotor1 as LEFT
4 | import Rotor2 as MIDDLE
5 | import Rotor3 as RIGHT
6 | import ReflectorA as RF
7 |
8 | alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
9 | def setStart(l1, l2, l3):
10 | LEFT.setStart(l1)
11 | MIDDLE.setStart(l2)
12 | RIGHT.setStart(l3)
13 |
14 |
15 | def encode(message):
16 | secret = ""
17 | message = message.upper()
18 |
19 | for letter in message:
20 | if alphabet.find(letter) >= 0:
21 | letter = RIGHT.translate(letter)
22 | letter = MIDDLE.translate(letter)
23 | letter = LEFT.translate(letter)
24 | letter = RF.reflect(letter)
25 | letter = LEFT.reverse(letter)
26 | letter = MIDDLE.reverse(letter)
27 | letter = RIGHT.reverse(letter)
28 | turnOver = RIGHT.rotate()
29 | if turnOver == True:
30 | turnOver = MIDDLE.rotate()
31 | if turnOver == True:
32 | LEFT.rotate()
33 |
34 | secret = secret + letter
35 |
36 | return secret
37 |
38 |
39 | def main():
40 | setStart("A", "B", "C")
41 | msg = input("Enter a message: ")
42 |
43 | code = encode(msg)
44 | print (code)
45 |
46 | main()
47 |
--------------------------------------------------------------------------------
/Classic_Cryptography/code/AsciiEncoding.py:
--------------------------------------------------------------------------------
1 | #Text to binary converter
2 | #The ASCII and UNICODE charts give every character a numerical value.
3 | #We want to convert text to this number.
4 |
5 | def encode(message):
6 | #Python has a built-in function to see the "ordinal value" of a letter
7 | print (ord('a'))
8 |
9 | #we can also look at a string of letters, one letter at a time with a for loop
10 | for letter in message:
11 | print (letter)
12 |
13 | #we can also create a list of numbers
14 | nums = []
15 | for n in range(10):
16 | nums.append(n) #we are adding the new number to the list of nums
17 |
18 | return nums #share the value we've computed with the function that called this function
19 |
20 |
21 |
22 | def main():
23 | message = input("Enter a message: ")
24 |
25 | asciiMessage = encode(message)
26 | print ("Ascii Message:", asciiMessage)
27 |
28 | #All of the pieces are here but the program doesn't quite do what we want
29 | #Modify the code to get the ASCII values for your message
30 |
31 |
32 | #Extention: can you display the binary values of the ASCII numbers?
33 | #Python also has a built-in binary converter bin(num)
34 | #bin(123)
35 | #This would convert the base-10 number to a binary string with the prefix '0b'
36 |
37 |
38 |
--------------------------------------------------------------------------------
/Classic_Cryptography/readme.md:
--------------------------------------------------------------------------------
1 | # Classic Cryptography
2 | Classic cryptography covers encryption and decryption of various ciphers and their historical context. Whenever possible the cipher includes a method of encoding by hand and scales to programming activities with the cipher.
3 |
4 | ## Classic Cryptography Lessons
5 | 1. [Symbolic Encoding - Mary Queen of Scots](Encoding_Mary.md)
6 | 1. [Encoding - Morse Code](Encoding_Morse.md)
7 | 1. [Ascii Encoding and Binary Numbers](Encoding_Binary.md)
8 | 1. [Shortest Message Encoding](Shortest_Message.md)
9 | 1. [Caesar Cipher](Caesar_Cipher.md)
10 | 1. [Substitution Cipher, Keyword Cipher and Frequency Analysis](Substitution_Cipher.md)
11 | 1. [Vigenere Cipher](Vigenere_Cipher.md)
12 | 1. [Physical Ciphers - Scytale & Railfence Ciphers](Physical_Ciphers.md)
13 | 1. [Continuing Activities](Extended_Learning.md)
14 |
15 |
16 | ## License
17 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
18 |
--------------------------------------------------------------------------------
/Web_Security/html/messages.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | 7 | Messages: 8 |
9 | host_info.")"; 18 | echo ""; 19 | //This is the SQL command 20 | $sqlStr = "Select * from messages;"; 21 | 22 | $selRes = $link->query($sqlStr); 23 | //echo $sqlRes; 24 | if ($selRes) 25 | { 26 | echo "
| Name | Subject | Message |
| "; 32 | echo $selRow['name']; 33 | echo " | "; 34 | echo $selRow['subject']; 35 | echo " | "; 36 | echo $selRow['message']; 37 | echo " |
is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
40 |
--------------------------------------------------------------------------------
/Web_Security/html/pullDataAdmin.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | 8 | Database information 9 |
10 | 11 | host_info.")"; 20 | echo ""; 21 | //Get the username and password that they typed 22 | $name = $_POST['username']; 23 | $pass = $_POST['password']; 24 | //Check our database to see if there are any records where this matches. 25 | $sqlStr = "SELECT * FROM users WHERE username = '$name' and password = '$pass';"; 26 | 27 | $result = $link->query($sqlStr); 28 | $num_rows = $result->num_rows; 29 | 30 | //If there are one or more people in our user list with this user/password combo, display info. 31 | if ($num_rows > 0) 32 | { 33 | 34 | $sqlStr = "Select * from names;"; 35 | 36 | $selRes = $link->query($sqlStr); 37 | echo $sqlRes; 38 | if ($selRes) 39 | { 40 | while($selRow = mysqli_fetch_assoc($selRes)) 41 | { 42 | echo $selRow['lastName'] . ', ' . $selRow['firstName'] . '
'; 43 | } 44 | } 45 | } 46 | 47 | //There was nobody with this name & password. 48 | else 49 | { 50 | echo 'Invalid username & password.'; 51 | } 52 | // Close connection 53 | mysqli_close($link); 54 | ?> 55 | 56 | 57 | -------------------------------------------------------------------------------- /Security_Principles/passwords/PasswordCracker.py: -------------------------------------------------------------------------------- 1 | #This password cracker will bruteforce the password for several locked files. 2 | #We will need to try all of the possible permutations of passwords until we 3 | #get the correct one. 4 | 5 | #SETUP 6 | fileName = "LockedFile1" 7 | letters = "abcdefghijklmnopqrstuvwxyz" 8 | passLength = 4 #How many characters is the password? 9 | viewAll = True #True or False, select False for maximum speed. 10 | 11 | #There are three files we want to break. 12 | #LockedFile1 - we know the password is only 4 characters and only lowercase letters 13 | #LockedFile2 - 4 characters long but mix of upper and lowercase letters 14 | #LockedFile3 - Between 4-6 characters long, mix of upper, lowercase and symbols. 15 | 16 | #-------------------------------------------------------------------------- 17 | 18 | #Need to convert a list of numbers to a word 19 | def convertPass(nums, letterList): 20 | p = "" 21 | for num in nums: 22 | p = p +letterList[num] 23 | return p 24 | 25 | exec("import %s as attackFile" %(fileName)) 26 | import time 27 | 28 | def passwordCrack(): 29 | startTime = time.time() 30 | 31 | password = [] 32 | 33 | for i in range(passLength): 34 | password.append(0) 35 | 36 | word = convertPass(password, letters) 37 | msg = "Incorrect password." 38 | 39 | while(msg == "Incorrect password."): 40 | last = passLength - 1 41 | password[last] = password[last] + 1 42 | for spot in range(last, 0, -1): 43 | if password[spot] >= len(letters): 44 | password[spot-1] = password[spot-1] + 1 45 | password[spot] = 0 46 | 47 | word = convertPass(password, letters) 48 | msg = attackFile.openMessage(word) 49 | if viewAll: 50 | print(word + ": " + msg) 51 | 52 | endTime = time.time() 53 | print("Password cracked in %0.4f seconds." %(endTime - startTime)) 54 | print ("Password:", word) 55 | print ("Message:",msg) 56 | 57 | passwordCrack() 58 | -------------------------------------------------------------------------------- /Web_Security/linux_cli.md: -------------------------------------------------------------------------------- 1 | # Linux Command Line 2 | 3 | ## Overview 4 | Students will learn basic commands on the Linux Command Line. We will need to be able to navigate a Linux system in our next lessons. 5 | 6 | ## Purpose 7 | Linux systems make up the majority of web servers and other internet appliances. It is important to be able to navigate their command structure through the command line interface. 8 | 9 | ### Objectives 10 | #### Students will be able to: 11 | - Navigate a linux file system 12 | - Preform commands to create files, change directories, search for data 13 | 14 | ### Preparation 15 | 16 | ### Links 17 | - For the Teacher 18 | 19 | - For the Students 20 | - Linux Command Line 21 | - https://www.codecademy.com/learn/learn-the-command-line 22 | - Terminus 23 | - http://web.mit.edu/mprat/Public/web/Terminus/Web/main.html 24 | - Command Line Challenge 25 | - https://cmdchallenge.com/ 26 | 27 | 28 | ### Vocabulary 29 | 30 | ## Teaching Guide 31 | ### Getting Started: 32 | - Linus Torvalds (video) 33 | - https://www.ted.com/talks/linus_torvalds_the_mind_behind_linux 34 | 35 | ### Activity: 36 | - Linux Command Line - Code Academy 37 | 38 | ### Activity: 39 | - Terminus Game 40 | 41 | ### Wrap-up 42 | #### Discussion: 43 | - Why would a command line interface be preferable to a graphic environment? 44 | - What are the difficulties with a CLI that a GUI makes better? 45 | 46 | ### Assessment Questions 47 | - What is the command to change directories? 48 | - How would I see the contents of a file called "fish.txt"? 49 | 50 | ### Standards Alignment 51 | 52 | ## License 53 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity)
is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
54 |
--------------------------------------------------------------------------------
/Web_Security/html/messagesAdmin.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | 7 | Messages: 8 |
9 | host_info.")"; 18 | echo ""; 19 | //Get the username and password that they typed 20 | $name = $_POST['username']; 21 | $pass = $_POST['password']; 22 | //Check our database to see if there are any records where this matches. 23 | $sqlStr = "SELECT * FROM users WHERE username = '$name' and password = '$pass';"; 24 | 25 | $result = $link->query($sqlStr); 26 | $num_rows = $result->num_rows; 27 | 28 | //If there are one or more people in our user list with this user/password combo, display info. 29 | if ($num_rows > 0){ 30 | //This is the SQL command 31 | $sqlStr = "Select * from messages;"; 32 | 33 | $selRes = $link->query($sqlStr); 34 | //echo $sqlRes; 35 | if ($selRes){ 36 | echo "
| Name | Subject | Message |
| "; 41 | echo $selRow['name']; 42 | echo " | "; 43 | echo $selRow['subject']; 44 | echo " | "; 45 | echo $selRow['message']; 46 | echo " |
59 | Back 60 | 61 | 62 | -------------------------------------------------------------------------------- /Web_Security/setup_c9.md: -------------------------------------------------------------------------------- 1 | # Setup Site on Cloud 9 2 | ## Overview 3 | We will be creating a new workspace in Cloud 9 for HTML development. This will allow us to create pages that can be shown to others and we have the benefit of a full server. 4 | 5 | ## Purpose 6 | Use Cloud 9, a development environment, to host a web site and begin engaging with some of the server-side elements of a web site. 7 | 8 | ### Objectives 9 | #### Students will be able to: 10 | - Create a project in Cloud 9 11 | - Upload a local web site to the Cloud 9 server 12 | 13 | ### Preparation 14 | - [x] Setup C9 account and give students access to your "team" 15 | 16 | ### Links 17 | - For the Teacher 18 | - https://c9.io/ 19 | - For the Students 20 | - https://c9.io/TEAMNAME 21 | - [Using MySQL on Cloud9.docx](/docs/Using_MySQL_Cloud9.docx) 22 | 23 | ### Vocabulary 24 | 25 | ## Teaching Guide 26 | ### Getting Started: 27 | - Discuss what a web server is and how it is different than a personal computer. 28 | - What are some of the services that we will use that are on a server? 29 | 30 | ### Activity: 31 | - Create a new workspace on your Cloud 9 account. 32 | - Choose the HTML template for this workspace. 33 | - Make a basic HTML site to explore how HTML works on Cloud 9. 34 | 35 | ### Activity: 36 | - Follow the [Using MySQL on Cloud9.docx](/docs/Using_MySQL_Cloud9.docx) 37 | - Create a SQL database on Cloud 9. 38 | - This will be used in later lessons. 39 | 40 | ### Wrap-up 41 | #### Discussion: 42 | - What software is on a server that is not on your computer? 43 | - What are some benefits of using a virtual development environment like Cloud 9? 44 | 45 | ### Assessment Questions 46 | 47 | ### Extended Learning 48 | 49 | ### Standards Alignment 50 | 51 | ## License 52 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity)
is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
53 |
--------------------------------------------------------------------------------
/Classic_Cryptography/Physical_Ciphers.md:
--------------------------------------------------------------------------------
1 | # Physical Ciphers
2 |
3 | ## Overview
4 | Create encryption/decryption schemes that are based on physical items.
5 |
6 | ## Purpose
7 | Demonstrate how encoding can happen based on objects that act as keys.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Encode/decode a message using a scytale.
12 | - Encode/decode a message using a railfence cipher.
13 |
14 | ### Preparation
15 | - [x] Several Dowels or PVC Pipes of various diameter
16 | - [x] Strips of paper - 1/2 inch
17 | - [x] Tape
18 |
19 | ### Links
20 | - For the Teacher
21 | - https://en.wikipedia.org/wiki/Scytale
22 | - https://en.wikipedia.org/wiki/Rail_fence_cipher
23 | - For the Students
24 |
25 | ### Vocabulary
26 |
27 | ## Teaching Guide
28 | ### Getting Started
29 | Describe the Scytale (pronounced skittle-e, rhymes with Italy) and how the message is written on a strip wrapped around.
30 |
31 | ### Activity
32 | Have students pick a scytale and write a message. Once a message is written, they should trade with another group and try to determine the scytale the other group had used. The different diameters will affect the decoded message.
33 |
34 | After groups have explored the scytale, describe a railfence where the message is written diagonally, bouncing up and down between two "fences".
35 | The encoded message is obtained by reading the message along the horizontal rows.
36 |
37 | ### Wrap-up
38 | #### Discussion
39 | - How are these two ciphers similar? Different?
40 | - What level of security do they offer?
41 | - Can these ciphers be used in a digital context?
42 |
43 | ### Assessment Questions
44 | - What method could you use to break the scytale or railfence cipher?
45 | - What is another physical way of encrypting a message?
46 |
47 | ### Extended Learning
48 |
49 | ### Standards Alignment
50 |
51 | ## License
52 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
53 |
--------------------------------------------------------------------------------
/Web_Security/networks.md:
--------------------------------------------------------------------------------
1 | # Network Security
2 |
3 | ## Overview
4 | The Internet is built on a hierarchy of connected devices like servers, routers, switches, hubs, and many more connected devices. These devices talk to each other using protocols that are well defined and allow for new devices to be added to the network. We want to understand how these networks communicate and the protocols that they use.
5 |
6 | ## Purpose
7 | Explore the protocols and systems that are used in networks that allow for communication between devices.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Describe what ports are and identify which ports are used for common protocols
12 | - Use basic web services like DNS lookup, WHOIS, and other network tools.
13 | ### Preparation
14 |
15 | ### Links
16 | - For the Teacher
17 | - Print or distribute the [Network Tests](docs/Network_Tests.docx) document.
18 | - Print or distribute the [Ports](docs/Ports.docx) document.
19 | - For the Students
20 |
21 | ### Vocabulary
22 |
23 | ## Teaching Guide
24 | ### Getting Started
25 | Watch the Internet series of videos used in Code.org's CSP course.
26 | - https://www.youtube.com/watch?v=Dxcc6ycZ73M&list=PLzdnOPI1iJNfMRZm5DDxco3UdsFegvuB7
27 |
28 | ### Activity
29 | Work through the [Network Tests](docs/Network_Tests.docx) document and answer the reflection questions.
30 |
31 | ### Activity
32 | Work through the [Ports](docs/Ports.docx) document.
33 |
34 | ### Wrap-up
35 | Discussion:
36 | - Why was the internet developed the way it was?
37 | - How are new network devices connected to the larger network.
38 | - Is there a central authority that needs to be notified when a new device is added to the network?
39 |
40 |
41 | ### Assessment Questions
42 |
43 | ### Extended Learning
44 | - https://www.hacksplaining.com/lessons
45 |
46 | ### Standards Alignment
47 | Indiana - CS3S-3.2
48 |
49 | ## License
50 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
51 |
--------------------------------------------------------------------------------
/Classic_Cryptography/code/SubstitutionCipher.py:
--------------------------------------------------------------------------------
1 | #substitution cipher
2 | #The user will supply an alphabet as a key.
3 | import random
4 |
5 | #You will need to write the methods to encode and decode given a key.
6 | #-------------------------------------------------------------------
7 | def encode(message, key):
8 | alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
9 | message = message.upper()
10 | secret = ""
11 |
12 | # To look at every letter in a message
13 | for letter in message:
14 |
15 | #To find the spot of a letter
16 | spot = alpha.find(letter) #this is the numbered spot (0 - 25) of your letter in the alphabet.
17 | #To print the spot letter in the key
18 | if(spot >= 0 ):
19 | secret = secret + key[spot]
20 | else:
21 | secret = secret + letter
22 |
23 | return secret
24 |
25 | def decode(message, key):
26 | alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
27 | message = message.upper()
28 | plaintext = ""
29 |
30 |
31 | return plaintext
32 |
33 | #--------------------------------------------------------------------
34 |
35 | #Generates a key using a password.
36 | #The first letters of the alphabet come from the password. Duplicate letters are ignored
37 | #The remaining letters of the alphabet are placed in order to generate the key
38 | def generatePasswordKey(password =""):
39 | alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
40 | password = password.upper()
41 | key = ""
42 |
43 | for letter in password:
44 | if key.find(letter) == -1: #letter not yet in key
45 | key = key + letter
46 |
47 | for letter in alpha:
48 | if key.find(letter) == -1: #letter not yet in key
49 | key = key + letter
50 |
51 | return key
52 |
53 | #Generates a random permutation of the alphabet and returns the key.
54 | def generateRandomKey():
55 | alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
56 | key = ""
57 | alphaList =[]
58 | for letter in alpha:
59 | alphaList.append(letter)
60 |
61 | random.shuffle(alphaList)
62 |
63 | for letter in alphaList:
64 | key += letter
65 |
66 | return key
67 |
68 |
69 |
70 | def main():
71 | message = input("Enter a message: ")
72 | key = input("Enter a key: ")
73 |
74 | secret = encode(message, key)
75 | print ("Encrypted:", secret)
76 | plaintext = decode(secret, key)
77 | print ("Decrypted:", plaintext)
78 |
--------------------------------------------------------------------------------
/Web_Security/setup_server.md:
--------------------------------------------------------------------------------
1 | # Setup Remote Server
2 | ## Overview
3 | We will be working on a server for HTML development. This will allow us to create pages that can be shown to others and we have the benefit of a full server. This also allows for server-side functions like PHP and SQL.
4 |
5 | ## Purpose
6 | Use a development environment, to host a web site and begin engaging with some of the server-side elements of a web site.
7 |
8 | ### Objectives
9 | #### Students will be able to:
10 | - Create a project in on a remote server
11 | - Upload a local web site to the server
12 |
13 | ### Preparation
14 | - [x] Examine several server options and determine what works best for your context.
15 |
16 | - [x] Setup C9 account and give students access to your "team"
17 |
18 | ### Links
19 | - For the Teacher
20 | - https://paiza.cloud/
21 | - https://codio.com
22 | - https://projects.raspberrypi.org/en/projects/lamp-web-server-with-wordpress
23 | - For the Students
24 |
25 | ### Vocabulary
26 |
27 | ## Teaching Guide
28 | ### Getting Started:
29 | - Discuss what a web server is and how it is different than a personal computer.
30 | - What are some of the services that we will use that are on a server?
31 |
32 | ### Activity:
33 | - Create a new workspace on your server.
34 | - Upload (or copy & paste) the HTML that you built on your local machine.
35 |
36 | ### Activity:
37 | - Follow the [Using MySQL](docs/Using_MySQL.docx)
38 | - Create a SQL database.
39 | - This will be used in later lessons.
40 |
41 | ### Wrap-up
42 | #### Discussion:
43 | - What software is on a server that is not on your computer?
44 | - What are some benefits of using a virtual development environment?
45 |
46 | ### Assessment Questions
47 |
48 | ### Extended Learning
49 | - SQL Tutorial w3schools
50 | - [https://www.w3schools.com/sql/](https://www.w3schools.com/sql/)
51 | - SQL Code Academy
52 | - [https://www.codecademy.com/learn/learn-sql](https://www.codecademy.com/learn/learn-sql)
53 | ### Standards Alignment
54 |
55 | ## License
56 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
57 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Steganography/Java_Program/StegApp.java:
--------------------------------------------------------------------------------
1 | import javax.swing.*;
2 | import javax.swing.border.*;
3 | import java.awt.*;
4 | import java.util.*;
5 | import java.awt.event.*;
6 |
7 | public class StegApp implements ActionListener
8 | {
9 | private JFrame jf;
10 | private Container cp;
11 | private JButton openBtn, saveBtn;
12 | private JButton encodeBtn, decodeBtn;
13 | private JTextArea textField;
14 | private PictureEdit pic;
15 |
16 |
17 | public void setupGUI()
18 | {
19 | jf = new JFrame("Steg App");
20 | cp = jf.getContentPane();
21 |
22 | jf.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
23 | jf.setSize(600, 400);
24 | jf.setLayout(new GridLayout(2, 1));
25 |
26 | Container buttonsCtr = new Container();
27 | buttonsCtr.setLayout(new GridLayout(2,2, 5, 5));
28 |
29 |
30 | JPanel msgCtr = new JPanel();
31 | msgCtr.setLayout(new GridLayout(1,1));
32 | TitledBorder title;
33 | title = BorderFactory.createTitledBorder("Message");
34 | msgCtr.setBorder(title);
35 |
36 | textField = new JTextArea();
37 | msgCtr.add(textField);
38 |
39 | openBtn = new JButton("Open Image");
40 | saveBtn = new JButton("Save Image");
41 | encodeBtn = new JButton("Encode Message");
42 | decodeBtn = new JButton("Decode Message");
43 | openBtn.addActionListener(this);
44 | saveBtn.addActionListener(this);
45 | encodeBtn.addActionListener(this);
46 | decodeBtn.addActionListener(this);
47 |
48 | buttonsCtr.add(openBtn);
49 | buttonsCtr.add(saveBtn);
50 | buttonsCtr.add(encodeBtn);
51 | buttonsCtr.add(decodeBtn);
52 |
53 | cp.add(buttonsCtr);
54 | cp.add(msgCtr);
55 |
56 | jf.setLocation(100, 100);
57 |
58 | jf.setVisible(true);
59 | }
60 |
61 | public void actionPerformed(ActionEvent e)
62 | {
63 | if (e.getActionCommand().equals("Open Image"))
64 | {
65 | pic = new PictureEdit();
66 | pic.displayImage();
67 | }
68 | if (pic == null)
69 | {
70 | return;
71 | }
72 | if(e.getActionCommand().equals("Save Image"))
73 | {
74 | pic.saveAs();
75 | }
76 |
77 | if(e.getActionCommand().equals("Encode Message"))
78 | {
79 | String msg = textField.getText();
80 | pic = Steganography.encode(pic, msg);
81 | textField.setText(msg);
82 | }
83 |
84 | if(e.getActionCommand().equals("Decode Message"))
85 | {
86 | String msg = Steganography.decode(pic);
87 | textField.setText(msg);
88 | }
89 | }
90 |
91 | public static void main(String[] args)
92 | {
93 | StegApp myApp = new StegApp();
94 | myApp.setupGUI();
95 | }
96 | }
--------------------------------------------------------------------------------
/Modern_Cryptography/Steganography/Java_Program/Steganography.java:
--------------------------------------------------------------------------------
1 | import java.awt.*;
2 | public class Steganography
3 | {
4 | public static PictureEdit encode(PictureEdit pic, String message)
5 | {
6 | //change the first red to the number of letters
7 | int length = message.length();
8 | Color pixColor = pic.getColor(0,0);
9 | int r = length;
10 | int g = pixColor.getGreen();
11 | int b = pixColor.getBlue();
12 | pic.setColor(0, 0, new Color(r, g, b));
13 |
14 | int count = 0;
15 | for (int ch = 0; ch < length; ch++)
16 | {
17 | char letter = message.charAt(ch);
18 | int num = (int)letter;
19 | String binary = toBinary(num);
20 |
21 | while(binary.length() < 9)
22 | binary = "0" + binary;
23 | //binary is now 9 digits long
24 |
25 | for (int i = 0; i < 9; i+= 3)
26 | {
27 | count++;
28 | int x = count % pic.getWidth();
29 | int y = count / pic.getWidth();
30 |
31 | pixColor = pic.getColor(x, y);
32 | r = pixColor.getRed();
33 | g = pixColor.getGreen();
34 | b = pixColor.getBlue();
35 | if(binary.charAt(i) == '0' && r % 2 == 1)
36 | r--;
37 | else if (binary.charAt(i) == '1' && r % 2 == 0)
38 | r++;
39 |
40 | if(binary.charAt(i + 1) == '0' && g % 2 == 1)
41 | g--;
42 | else if (binary.charAt(i + 1) == '1' && g % 2 == 0)
43 | g++;
44 |
45 | if(binary.charAt(i + 2) == '0' && b % 2 == 1)
46 | b--;
47 | else if (binary.charAt(i + 2) == '1' && b % 2 == 0)
48 | b++;
49 |
50 | pic.setColor(x, y, new Color(r, g, b));
51 | }
52 | }
53 | return pic;
54 | }
55 |
56 | public static String decode(PictureEdit pic)
57 | {
58 | String msg = "";
59 | Color pixColor = pic.getColor(0,0);
60 | int r = pixColor.getRed();
61 | int g = pixColor.getGreen();
62 | int b = pixColor.getBlue();
63 | int length = r;
64 |
65 | for (int i = 0; i < length * 3; i += 3)
66 | {
67 | String bin = "";
68 | for (int j = 0; j < 3; j++)
69 | {
70 | int x = (i + j + 1) % pic.getWidth();
71 | int y = (i + j + 1) / pic.getWidth();
72 | pixColor = pic.getColor(x,y);
73 | r = pixColor.getRed();
74 | g = pixColor.getGreen();
75 | b = pixColor.getBlue();
76 | bin = bin + (r % 2);
77 | bin = bin + (g % 2);
78 | bin = bin + (b % 2);
79 | }
80 | msg = msg + (char)toNumber(bin);
81 | }
82 | return msg;
83 | }
84 |
85 | private static String toBinary(int num)
86 | {
87 | return Integer.toBinaryString(num);
88 | }
89 |
90 | private static int toNumber(String bin)
91 | {
92 | return Integer.valueOf(bin, 2);
93 | }
94 | }
--------------------------------------------------------------------------------
/Classic_Cryptography/Extended_Learning.md:
--------------------------------------------------------------------------------
1 | # Cipher Presentation
2 |
3 | Based on our work with Ciphers, I would like each of you to research and present about one of the classic ciphers.
4 |
5 | #### Your presentation should include the following information:
6 |
7 | #### Historical context
8 | When was this cipher used? Who used it?
9 | #### Mechanics
10 | How does the cipher work?
11 | Demo an encryption and decryption
12 | Is it symmetric, does the same process decrypt as encrypt?
13 | #### Mathematical Analysis
14 | How many possible keys or codes could there be?
15 | How would you attempt to decode this message if you didn't have a key.
16 | What is the mathematical complexity to solve the code?
17 | #### Computer code
18 | Find a website or program that will encode using this technique
19 | Demo how it works.
20 | Is there any easy "decode" available?
21 | #### Final analysis
22 | Why did this stop being a useful code?
23 | What made it useful when it was being used?
24 | What are other interesting uses of this code or similar codes?
25 |
26 | Your final presentation should be given to the class as a PowerPoint with visuals and supporting information. This is a big assignment so be prepared to answer questions and give a complete picture of the cipher, it's use, and historical context.
27 |
28 | ### Possible Ciphers:
29 | - Caesar Cipher
30 | - Transposition Cipher
31 | - Substitution Cipher
32 | - Multiplicative Cipher
33 | - Affine Cipher
34 | - Vigenere Cipher
35 | - One-Time Pad
36 | - Polybius Square
37 | - Four Square Cipher
38 | - Rail fence cipher
39 | - Atbash Cipher
40 | - Scytale Cipher
41 | - Bacon's Cipher
42 | - Book Cipher
43 | - Pigpen Cipher
44 | - Playfair Cipher
45 | - M-94 Cipher
46 | - Nihilist Cipher
47 | - Hill Cipher
48 |
49 | # Extended Learning
50 |
51 | Many resources could be used to extend the learning of this unit.
52 |
53 | ### Hacking Secret Ciphers with Python
54 | https://inventwithpython.com/hacking/chapters/
55 |
56 | - Chapter 7 - Hacking Caesar Ciphers
57 | - Chapter 12 - Detecting English Programmatically
58 | - Chapter 15, 16 - Affine Cipher
59 | - Chapter 21 - Hacking the Vigenere Cipher
60 | - Chapter 22 - The One-Time Pad
61 |
62 | ### CryptoClub
63 | http://www.cryptoclub.org/
64 |
65 | ### CryptoQuip
66 | http://www.cecildaily.com/diversions/cryptoquip/
67 |
68 | ### Rumkin Online Cipher Tools
69 | http://rumkin.com/tools/cipher/
70 |
71 | ## License
72 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
73 |
--------------------------------------------------------------------------------
/Security_Principles/protection_software.md:
--------------------------------------------------------------------------------
1 | # Protection Software Research
2 |
3 | ## Overview
4 | Students will read about and share their findings on various anti-virus, and other software designed to protect a computer from attackers.
5 |
6 | ## Purpose
7 | Anti-virus and other software is used to keeps computers safe and prevent issues related to viruses, malware, and other harmful software.
8 |
9 | Many people don't use this software or only use the software that came with their computer. Students should look at the options available and determine their recommendations.
10 |
11 | ### Objectives
12 | #### Students will be able to:
13 | - Identify the purpose of anti-virus and other software.
14 | - Recommend a software product based on related factors.
15 |
16 | ### Preparation
17 | - [x] Make copies of worksheet or distribute digitally.
18 | - [Antivirus Software Research](docs/Antivirus_Software_Research.docx)
19 |
20 | ### Links
21 | - For the Teacher
22 |
23 | - For the Students
24 | - http://www.pbs.org/wgbh/nova/labs/lab/cyber/
25 |
26 | ### Vocabulary
27 |
28 | ## Teaching Guide
29 | ### Getting Started:
30 | - Anatomy of a Virus (Stuxnet)
31 | - https://vimeo.com/25118844
32 |
33 | ### Activity:
34 | #### Lookup and research software for:
35 | - Antivirus
36 | - Anti-spyware
37 | - Adware, Spyware
38 | - Firewalls
39 | - Hardware maintenance
40 | - Defragment
41 | - Disk Clearner
42 |
43 | Fill out accompanying worksheet.
44 |
45 | - Nova Cyber Labs
46 | - When students complete the research, go through the nova cyber activity.
47 |
48 | ### Wrap-up
49 | #### Discussion:
50 | - What tools do you currently use on your computer?
51 | - What are tools you would like to install and use going forward?
52 | - What would you recommend to your parents or grand parents?
53 |
54 | Everyday Cybercrime
55 | - http://www.ted.com/talks/james_lyne_everyday_cybercrime_and_what_you_can_do_about_it
56 |
57 | ### Assessment Questions
58 | #### What is the purpose of each:
59 | - Firewall
60 | - Anti-virus software
61 | - Anti-spyware
62 |
63 | ### Extended Learning
64 | EFF Browser Extensions Lesson
65 | - https://sec.eff.org/topics/https-everywhere-and-privacy-badger
66 |
67 | EFF End-to-end Encryption communication
68 | - https://sec.eff.org/topics/e2e-encrypted-apps
69 |
70 | EFF How to use Signal Lesson
71 | - https://sec.eff.org/topics/how-to-install-signal
72 |
73 | ### Standards Alignment
74 | Indiana - CS3S-4.3
75 |
76 | ## License
77 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
78 |
--------------------------------------------------------------------------------
/Classic_Cryptography/Encoding_Morse.md:
--------------------------------------------------------------------------------
1 | # Encoding - Morse Code
2 |
3 | TODO: Still need to come up with a few assessment questions
4 |
5 |
6 | ## Overview
7 | In this lesson, students will convert messages into a format that can be transmitted. Computers use encodings in order to transmit data and one of the earliest versions of this type of communication is Morse Code.
8 |
9 | ## Purpose
10 | Teach about how plain-text messages can be converted into another format for the purpose of being transmitted. Text is not an ideal format for transmission across different mediums, especially using light or electrical pulses.
11 |
12 |
13 | ### Objectives
14 | #### Students will be able to:
15 | - Encode and decode messages in Morse Code
16 | - Describe methods of encoding messages for transmission
17 |
18 | ### Preparation
19 | - [x] Print [Morse Code worksheet](Encoding/Morse_Code_Activity.docx)
20 | - [x] Prepare message in Morse Code for students using audio conversion.
21 |
22 | ### Links
23 | - For the Teacher
24 | - https://morsecode.scphillips.com/translator.html
25 | - For the Students
26 | - http://www.learnmorsecode.com/
27 |
28 | ### Vocabulary
29 |
30 | ## Teaching Guide
31 | ### Getting Started
32 | History of Morse Code (video)
33 | - https://www.youtube.com/watch?v=bNoOYeS0gs0
34 | Discuss the need to convert text to another format in order to transmit
35 |
36 | ### Activity
37 | - Give the students the Morse Code Activity worksheet
38 | - Students will encode and decode written Morse code
39 | - Play an audio message and have students transcribe/decode
40 | - Play a second audio message, this time have students use the Morse tree to decode without transcribing.
41 |
42 | ### Wrap-up
43 | Discussion
44 | 1. Is Morse code still relevant as a communication tool?
45 | 1. How is digital communication different than the electrical pulses
46 | 1. Is Morse Code a secure form of communication? For a person? For a military?
47 |
48 | ### Assessment Questions
49 |
50 | ### Extended Learning
51 | - Python Programming: Complete the Morse Code Translator
52 | - Arduino: Push-Button Blinker
53 | - https://circuits.io/circuits/5218082-arduino-morse-code-button-blinker
54 |
55 | - Arduino: Auto Blinker
56 | - https://circuits.io/circuits/5218209-arduino-morse-code-auto-blinker
57 |
58 | ### Standards Alignment
59 |
60 | ### Sources:
61 | https://en.wikipedia.org/wiki/Morse_code#/media/File:International_Morse_Code.svg
62 | https://create.arduino.cc/projecthub/team-onyx/morse-code-translator-46e9b8
63 |
64 | ## License
65 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
66 |
--------------------------------------------------------------------------------
/Security_Principles/cyber_warfare.md:
--------------------------------------------------------------------------------
1 | # Cyber Warfare
2 |
3 | TODO:
4 | Discussion of some topics and themes
5 | look at the listed attacks, see if there is a better database of attacks with more description of the specific attack.
6 |
7 | ## Overview
8 | Deep dive and discussion on the role of cyber in warfare and the implications for people as more people become capable of launching a cyber attack.
9 |
10 | ## Purpose
11 | Students will explore some of the more famous cyber attacks and discuss how countries, businesses, and individuals can work to keep themselves secure from attackers.
12 |
13 | ### Objectives
14 | #### Students will be able to:
15 | - Identify important historical cyber attacks
16 | - Explain the rationale for an attack
17 | - Compare differences between state actors and other groups in a cyber attack
18 |
19 |
20 | ### Preparation
21 |
22 | ### Links
23 | - For the Teacher
24 |
25 | - For the Students
26 |
27 | ### Vocabulary
28 |
29 | ## Teaching Guide
30 |
31 | ### Activity:
32 | - Have students research alone or in pairs one of the following cyber attacks
33 | - Students should fill out the guide and create a presentation based on the questions and their research.
34 | - Finally, students will present their work to the class.
35 |
36 | #### Cyber Attacks:
37 | - Estonia 2007
38 | - Syrian Bombing 2007
39 | - Georgia 2008
40 | - China in 2008
41 | - Eastern Railway 2008
42 | - Gaza Cyberwar 2008
43 | - Google & China 2010
44 | - Stuxnet
45 |
46 | ### Activity
47 | - [Cyber Security Research](docs/Cyber_Warfare_Research.docx)
48 |
49 | Watch: PBS Nova - Cyberwar Threat
50 | - http://www.pbs.org/video/2365582515/
51 |
52 | ### Wrap-up
53 | - [Cyber Security Reflection](docs/Cyber_Warfare_Reflection.docx)
54 | #### Discussion:
55 | - What is the reason for engaging in cyber war for a non-nation? Why would a group choose to target a government’s computer systems?
56 | - Who should monitor this type of action?
57 | - How should hackers be punished if they hack a government?
58 | - What if they are working for another government?
59 | - What if they don’t attack a government but instead attack a company or group?
60 | - What if the target is a terrible organization like a hate or terrorist group?
61 |
62 | ### Assessment Questions
63 | - What is the purpose of a cyber-attack?
64 | - What type of damage can be done through a cyber-attack?
65 | - What are the benefits of a cyber war over a traditional war?
66 | - Cyber-attacks are not always perpetrated by nation-states like the US, Russia, China, etc. Who are some of the other groups that are not nations that are engaged in cyber warfare?
67 |
68 | ### Extended Learning
69 |
70 | ### Standards Alignment
71 |
72 | ## License
73 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
74 |
--------------------------------------------------------------------------------
/Security_Principles/email.md:
--------------------------------------------------------------------------------
1 | # E-mail
2 |
3 | ## Overview
4 | Students will explore the security of e-mail, disposable e-mail accounts and use a secure e-mail system.
5 |
6 | ## Purpose
7 | E-mail is one of the most-used forms of communication. How secure are the systems that we use daily and what are the implications of insecure systems?
8 |
9 | We will also look at alternatives that would ensure security?
10 |
11 | ### Objectives
12 | #### Students will be able to:
13 | - Identify security issues related to common e-mail systems.
14 | - Use a disposable, temporary e-mail system
15 | - Apply principles of secure e-mail through the PGP email system.
16 |
17 | ### Preparation
18 | - [x] Ensure the sites used in this exploration are not blocked by your school.
19 |
20 | ### Links
21 | - For the Teacher
22 | - For the Students
23 |
24 | ### Vocabulary
25 |
26 | ## Teaching Guide
27 | ### Getting Started:
28 | - TED Talk - Think Your E-Mail is Private? Think Again.
29 | - http://www.ted.com/talks/andy_yen_think_your_email_s_private_think_again?language=en
30 |
31 | - Gmail – Email Data Mining
32 | - http://www.huffingtonpost.com/2013/09/05/gmail-ads-email-scanning_n_3871246.html
33 |
34 |
35 | ### Explore:
36 | #### Temporary, Disposable E-Mail
37 | - Guerrilla Mail - https://www.guerrillamail.com/
38 | - Temp Mail - https://temp-mail.org/en/
39 | - Fake Inbox - http://www.fakeinbox.com/
40 | - Nada - https://getnada.com/
41 |
42 |
43 | ### Activity:
44 | Install and send a message using PGP. http://openpgp.org/
45 | - There are many options for using PGP, try different ones and see how they work together.
46 |
47 |
48 | ### Activity:
49 | Send e-mail using Python.
50 | - Look at your email server settings.
51 | - Update the info in the Python file.
52 | - [sendEmail.py](email/sendEmail.py)
53 | - Can you email multiple people?
54 | - Could you pull the list of people to email from an external file?
55 | - How can you personalize the email for the recipient?
56 |
57 | ### Wrap-up
58 | #### Discussion:
59 | - What could you do to ensure privacy when sending e-mail?
60 | - What expectation of privacy do you have when sending e-mail?
61 | - If you had a secret message to send, how would you do it?
62 | - How could you automate e-mailing many people?
63 |
64 | ### Assessment Questions
65 | - Why do e-mail services "read" your e-mail? What is their goal?
66 | - How does PGP secure e-mail differently than GMail?
67 | - Why don't people use services like PGP more often?
68 | - What is phishing?
69 | - What is spear-phishing?
70 |
71 | ### Extended Learning
72 | Visit site (Have I Been Pwned?)[https://haveibeenpwned.com/] to see if your account has been compromised.
73 |
74 | ### Standards Alignment
75 |
76 |
77 | ## License
78 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
79 |
--------------------------------------------------------------------------------
/Classic_Cryptography/Substitution_Cipher.md:
--------------------------------------------------------------------------------
1 | # Substitution Cipher
2 |
3 | ## Overview
4 | Students will use a substitution cipher to encrypt a message and then to decrypt a message. In a substitution cipher each letter of the alphabet is swapped with a different letter.
5 |
6 | ## Purpose
7 | Substitution ciphers are significantly more secure than a Caesar cipher but require a more complicated key. Look at the differences in complexity and portability of different ciphers.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Encode and decode messages using a substitution cipher.
12 | - Identify the mathematical advantage of substitution over shift cipher.
13 |
14 | ### Preparation
15 | - [x] Print the [Substitution Cipher Activity Worksheet](Substitution_Cipher/Substitution_Cipher_Activity.docx)
16 | - [x] Arduino Student Inventor Kit (Extended Activity)
17 |
18 | ### Links
19 | - For the Teacher
20 |
21 | - For the Students
22 | - https://www.guardsupport.com/crypto/index.asp
23 | - http://www.cryptoclub.org/games/rogue_computer.php
24 | - http://www.cryptograms.org/play.php
25 |
26 | ### Vocabulary
27 |
28 | ## Teaching Guide
29 | ### Getting Started
30 | Introduce the idea of a substitution cipher
31 | - Each letter of our alphabet is swapped for that of a jumbled alphabet
32 | - There are 26! different possible alphabets that could be used.
33 |
34 | ### Activity
35 | - Substitution Cipher Activity Worksheet
36 | - Students will encrypt and decrypt several messages using a substitution cipher.
37 |
38 | - They will then explore a keyword cipher and finally encrypt a message with a keyword to swap with someone else in the class.
39 |
40 | ### Activity
41 | - Python Programming: There are multiple ways to generate a "key" alphabet in the cipher.
42 | - [SubstitutionCipher.py](code/SubstitutionCipher.py)
43 | - Python Programming: Program to analyze the letter frequency of a message.
44 | - [LetterFrequency.py](code/LetterFrequency.py)
45 | - Output of this is a CSV that can be graphed in Excel
46 |
47 | ### Wrap-up
48 | #### Discussion
49 | 1. How is this type of cipher more secure than a shift cipher like Caesar?
50 | 1. What are the weaknesses of this cipher?
51 | 1. How does the random substitution compare to a keyword cipher?
52 | 1. What are strengths/weaknesses of each?
53 |
54 | ### Assessment Questions
55 | - How would frequency analysis be used to decrypt a message encrypted with a substitution cipher?
56 | - Is there are way to change this encryption so it is not vulnerable to frequency analysis?
57 |
58 | ### Extended Learning
59 | Arduino Programming: Random Alphabet Generator
60 | https://circuits.io/circuits/5157643-arduino-alphabet-generator/
61 |
62 | ### Standards Alignment
63 |
64 | ## License
65 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
66 |
--------------------------------------------------------------------------------
/Physical_Security/credit_cards.md:
--------------------------------------------------------------------------------
1 | # Credit Cards & Payment Methods
2 |
3 | ## Overview
4 | Payment methods are increasingly digital and the security of the transaction varies depending on the card type and the merchant's ability to secure their data. In this lesson we will look at the security of different payment methods, how credit card data is stolen, and methods being used to increase security.
5 |
6 | ## Purpose
7 | Look at the ways electronic payment and credit cards are used and the security risks. Determine how credit information is encoded and how it is stolen and used by others.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Identify weaknesses in credit card payments
12 | - Explain how data is leaked or stolen
13 |
14 | ### Preparation
15 |
16 | ### Links
17 | - For the Teacher
18 | - Iron Oxide Powder (optional)
19 | - https://www.amazon.com/Black-Iron-Oxide-Natural-Pounds/dp/B004KICAVU
20 |
21 | - For the Students
22 |
23 | ### Vocabulary
24 |
25 | ## Teaching Guide
26 | ### Getting Started
27 | - Samy Kamkar - Magstripe
28 | - [https://www.youtube.com/watch?v=UHSFf0Lz1qc](https://www.youtube.com/watch?v=UHSFf0Lz1qc)
29 |
30 | ### Activity:
31 | - Research how Chip & Pin systems work
32 | - How do they increase security over only mag stripe?
33 |
34 | ### Activity:
35 | - Research how Apple & Android payment systems work.
36 | - What is their security advantage over a physical card?
37 | - Are there any potential downsides?
38 |
39 | ### Activity:
40 | - Look at the data breaches of customer credit data from Target and Home Depot
41 | - How were the systems attacked?
42 | - How many people were affected?
43 |
44 | ### Activity:
45 | - Research credit card skimmers
46 | - Where are these found?
47 | - What are security methods to thwart skimmers?
48 |
49 | ### Video:
50 | - The Future of Money
51 | - [https://www.ted.com/talks/neha_narula_the_future_of_money](https://www.ted.com/talks/neha_narula_the_future_of_money)
52 |
53 | ### Activity:
54 | - Research and download a bitcoin wallet
55 | - [https://bitcoin.org/en/](https://bitcoin.org/en/)
56 | - Find local businesses that accept Bitcoin
57 |
58 | ### Video:
59 | - Explanation of Bitcoin
60 | - [https://www.youtube.com/watch?v=kubGCSj5y3k](https://www.youtube.com/watch?v=kubGCSj5y3k)
61 |
62 | ### Wrap-up
63 | #### Discussion:
64 | - What form of payment is most secure?
65 | - Is there a way to make all payments secure?
66 | - How might credit cards and companies work to thwart hackers going forward?
67 |
68 |
69 | ### Assessment Questions
70 |
71 | ### Extended Learning
72 | #### Raspberry Pi:
73 | - Build a Bitcoin Mining machine
74 | - Research the project, select parts and setup
75 |
76 | ### Standards Alignment
77 |
78 | ## License
79 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
80 |
--------------------------------------------------------------------------------
/Malware/attack_types.md:
--------------------------------------------------------------------------------
1 | # Attack Types
2 |
3 | ## Overview
4 | There are many ways that a hacking event occurs. We will look at several known types and role-play how the attack is done.
5 |
6 | ## Purpose
7 | Many attack types exist and are referred to by name. We want to be able to define the different types of attacks and give them a real-world example to make the idea more concrete.
8 |
9 |
10 | ### Objectives
11 | #### Students will be able to:
12 | - Identify major types of hacking attacks
13 | - Describe methods of preventing attacks
14 |
15 | ### Preparation
16 | - [x] Paper & Envelopes to simulate communication
17 |
18 | ### Links
19 | - For the Teacher
20 |
21 | - For the Students
22 |
23 | ### Vocabulary
24 |
25 | ## Teaching Guide
26 | ### Getting Started
27 | - Read about someone who was cyber attacked
28 | - [https://www.wired.com/2012/08/mat-honan-data-recovery/](https://www.wired.com/2012/08/mat-honan-data-recovery/)
29 | ### Activity
30 | #### Phishing
31 | Follow the URL Analysis and Phishing activity from [Nebraska GenCyber Lesson](https://github.com/DerekBabb/nebraska-gencyber/blob/master/teachers/phishing/README.md)
32 |
33 | ### Activity
34 | Create a physical internet where students send messages to one another using unique addresses and handing the message from student to student. Demo the unplugged internet without any attacks so students know how it works.
35 |
36 | #### Man-in-the-Middle Attack
37 | Choose one (or more) of the students to change the message as they pass it from one student to the next.
38 |
39 | #### Denial of Service Attack
40 | Have many students also send that same student messages but these messages can be gibberish or un-important messages that will crowd out the real message.
41 |
42 | #### Replay Attack
43 | After the messages have been sent, a second student will resend the same signatures or credentials but make a request for new information.
44 |
45 | ### Wrap-up
46 | Reflect as a class how these attacks might be done in an online context. What are some of the challenges we face when receiving or sending a message on the internet to verify that it is authentic?
47 |
48 | ### Assessment Questions
49 | - How do attackers simulate an authentic message?
50 | - What are some ways you might ensure your message is not tampered with during transmission?
51 | - How would a victim of a Denial of Service attack find the true traffic?
52 |
53 | ### Extended Learning
54 | Blog Post - Inform your blog audience about different attacks. Give advice that might help them prevent these attacks or help them know the signs that an attack is happening.
55 |
56 | EFF Phishing & Malware Lesson
57 | - https://sec.eff.org/topics/phishing-and-malware
58 |
59 | EFF Threat Modeling Lesson
60 | - https://sec.eff.org/topics/threat-modeling
61 | ### Standards Alignment
62 | Indiana - CS3S-3.1
63 |
64 | ## License
65 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
66 |
--------------------------------------------------------------------------------
/Physical_Security/combo_locks.md:
--------------------------------------------------------------------------------
1 | # Combo Locks
2 |
3 | ## Overview
4 | Combination locks are a metaphor for security. On the surface it seems as though there are thousands of possibilities but as we learn the rules that govern their workings we can get the number of possible combinations down to a much smaller number.
5 |
6 | Students will look at Masterlock combination locks to learn how they work and find potential vulnerabilities.
7 |
8 | ## Purpose
9 | Look at a common method of securing belongings and the mathematics behind the possible number of combinations.
10 |
11 | ### Objectives
12 | #### Students will be able to:
13 |
14 | ### Preparation
15 | - [x] Masterlock combination lock
16 | - [x] Print sheets to help find number of combinations[ComboLocks.png](Combo_Locks/ComboLocks.png)
17 |
18 | ### Links
19 | - For the Teacher
20 | - https://lifehacker.com/5376442/crack-a-master-combination-padlock-redux
21 | - https://samy.pl/master/master.html
22 |
23 | - For the Students
24 |
25 | ### Vocabulary
26 |
27 | ## Teaching Guide
28 | ### Getting Started
29 | - Look at the mathematics of a masterlock combo lock
30 | - 40 possible digits in each of 3 spots = 64,000 possible combos
31 | - All even or all odd = 40 * 20 * 20 = 16,000 possibilities
32 | - First number = last number % 4 = 40 * 20 * 10 = 8000 possibilities
33 | - Middle number = last number % 4 + 2 = 40 * 10 * 10 = 4000 possibilities
34 |
35 | - If last number is known: 10 * 10 * 1 = 100 possible combos
36 |
37 | ### Activity:
38 | - Distribute locks and combo finding worksheet
39 | - Find the last digit by testing the "sticking points" in the lock
40 | - Calculate the 100 possible combos based on knowing the last digit
41 | - Open the lock
42 |
43 | ### Activity
44 | - Use the Combo Breaker python file to automate the process of listing all possible combinations.
45 | - [ComboBreaker.py](Combo_Locks/comboBreaker.py)
46 | - [Snap Coding Version](https://snap.berkeley.edu/snapsource/snap.html#present:Username=derekbabb&ProjectName=ComboLock2)
47 |
48 | ### Activity:
49 | - Show the Samy Kamkar video
50 | - https://www.youtube.com/watch?v=09UgmwtL12c
51 |
52 | - Use Samy's method
53 | - https://samy.pl/master/master.html
54 |
55 | ### Wrap-up
56 | #### Discussion:
57 | - Why are there not 64,000 actual combinations?
58 | - Knowing that it can be broken in 8 tries, why even bother with locks?
59 | - How do other locks like directional locks work?
60 | - Are there weaknesses to other locks?
61 |
62 | #### Video:
63 | - Top Hacker Shows Us How It's Done
64 | - https://www.youtube.com/watch?v=hqKafI7Amd8
65 |
66 | ### Assessment Questions
67 |
68 |
69 | ### Extended Learning
70 | - Look at another type of combo lock
71 | - Break down the number of possible combinations
72 | - What are the rules that govern this lock?
73 | - How might those rules be exploited?
74 |
75 | ### Standards Alignment
76 |
77 | ## License
78 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
79 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Steganography.md:
--------------------------------------------------------------------------------
1 | # Steganography
2 |
3 | ## Overview
4 | Students will learn about and engage with steganography techniques and software.
5 |
6 | ## Purpose
7 | Images and other media can be used to hide information "in plain sight". While the image is visible to anyone on the web, the secret message is only visible to those who know it's there and how to read it.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 |
12 | ### Preparation
13 |
14 | ### Links
15 | - For the Teacher
16 | - http://tekbot.unl.edu/SPIRIT2/Tech/lessons/T062_RET_Hidden_in_Plain_Sight.doc
17 | - https://github.com/DerekBabb/PictureEdit
18 |
19 | - For the Students
20 |
21 | ### Vocabulary
22 |
23 | ## Teaching Guide
24 | ### Getting Started:
25 | Pixelation - Code.org
26 | - https://studio.code.org/s/pixelation
27 | Steganography video - Computerphile:
28 | - https://www.youtube.com/watch?v=TWEXCYQKyDc
29 |
30 | ### Activity:
31 | Manual Steganography
32 | Use the pixelation widget at Code.org to make a Favicon.
33 | - The icon should be 16 x 16.
34 | - Use 24-bits of color data per pixel.
35 |
36 | Create a protocol for your Steganography.
37 |
38 | 1. How are the bits modified on the image.
39 |
40 | 1. How are the letters embedded in the image?
41 |
42 | 1. How do I know when the message is done? Is there a "End of Message" or message length included?
43 |
44 | 1. In a 16 x 16 image, what is the maximum message length?
45 |
46 | 1. Write your protocol in plain language... how do you deal with the width/height data at the front of your favicon? How many pixels does it take for one letter?
47 |
48 | 1. Hide a message in your favicon, post the binary in this file.
49 |
50 | Once the image is created, use the least significant bit of each red, green, and blue channel to hide a message.
51 | - https://www.rapidtables.com/convert/number/ascii-to-binary.html
52 | The data from your message should be spread across all of the RGB pixels in your Favicon.
53 |
54 |
55 |
56 | ### Activity:
57 | Use several available Steganography tools and compare:
58 | - https://www.openstego.com/
59 | - https://sourceforge.net/projects/stegtool/
60 | - http://manytools.org/hacker-tools/steganography-encode-text-into-image/ (online)
61 |
62 | ### Wrap-up
63 | #### Discussion:
64 | - How could steganography be used to thwart normal forms of surveillance?
65 | - What are the dangers of sending info via steganography?
66 | - What can companies like eBay use to prevent images uploaded for products hiding messages?
67 |
68 | ### Assessment Questions
69 | - How can steganography be detected?
70 | - What are the biggest challenges to detecting steganography?
71 |
72 | ### Extended Learning
73 | Read: Blown to Bits - Chapter 3
74 | Ghosts in the Machine
75 |
76 | Blog Post:
77 |
78 | Programming: Create Steganography in Java using the PictureEdit class or the Picture Lab APCSA
79 |
80 | ### Standards Alignment
81 |
82 | ## License
83 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
84 |
--------------------------------------------------------------------------------
/Classic_Cryptography/Shortest_Message.md:
--------------------------------------------------------------------------------
1 | # Shortest Message Encoding
2 |
3 | ## Overview
4 | Students will create a system to encode a specific message using the fewest number of bits possible. Then students will encode that message in a chain of paper rings.
5 |
6 | There are many ways to encode messages, our goal with this lesson is to encode a message with the fewest number of bits.
7 |
8 | ## Purpose
9 | The purpose of this lesson is to have students explore alternate ways of encoding information. The goal is to write a message in the fewest number of bits in a way that it can be decoded by someone else.
10 |
11 | ### Objectives
12 | #### Students will be able to:
13 | - Create a system to encode messages
14 | - Encode a message using their own system
15 | - Decode a message using a system developed by another group
16 | - Compare efficiencies of the various systems.
17 |
18 | ### Preparation
19 | - [x] Create several messages for students to encode.
20 | - [x] Messages should have 8 or fewer distinct letters for best results.
21 | - [x] Print the [Shortest Message Challenge](Encoding/Shortest_Message_Challenge.docx) - 1 per group
22 | - [x] Print the [Shortest Message Legend](Encoding/Shortest_Message_Legend.docx) sheets
23 | - [x] Cut strips of paper.
24 | Each group will need 120 strips of two colors (60 of each color)
25 | - [x] Tape - 1 per group
26 |
27 | ### Links
28 | - For the Teacher
29 | - Huffman Coding - https://en.wikipedia.org/wiki/Huffman_coding
30 | - For the Students
31 |
32 | ### Vocabulary
33 | Huffman Encoding - A technique for creating encoding where frequently used letters have shorter encoding.
34 |
35 | ## Teaching Guide
36 | ### Getting Started
37 | Introduce the idea of encoding a message using fewer bits.
38 | Every letter in ASCII takes 1 byte or 8 bits, if we tailor the code to the message, could we improve that and make our message shorter?
39 |
40 | ### Activity
41 | Break the class into groups of 3. As a group they will have a unique message and will be tasked with making an encoding that uses the fewest number of bits.
42 |
43 | Once they have generated their encoding, they will use the strips of paper to create interlocking rings that are the encoded message.
44 |
45 | Finally, once groups have their encoding, they can swap legends and rings with another group and try to decode the other message.
46 |
47 | ### Wrap-up
48 | #### Discussion:
49 | 1. What advantages does this system have in comparison to ASCII?
50 | 1. What disadvantages does it have?
51 | 1. In what kinds of situations might the two types of systems be appropriate?
52 |
53 | Show Huffman Encoding and describe how it is used.
54 | - https://www.youtube.com/watch?v=dM6us854Jk0
55 |
56 | ### Assessment Questions
57 | - Given that Huffman encoding is more efficient, why is it not used more frequently?
58 | - What types of messages would suffer under the Huffman encoding scheme?
59 |
60 | ### Extended Learning
61 |
62 | ### Standards Alignment
63 |
64 | ## License
65 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
66 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Salt.md:
--------------------------------------------------------------------------------
1 | # Salt and Hashing
2 | ## Overview
3 | Passwords are stored on servers and computers to validate users. These passwords should not be stored as plaintext so anyone can read them. To obscure the passwords, salt is added to make the passwords unreadable. Students will explore how salt can turn a password into a garbled message once hashed.
4 |
5 | ## Purpose
6 | Students will use salt to obscure a password and see how password files are stored on computers and web servers to validate users without exposing passwords to anyone on the system.
7 |
8 | ### Objectives
9 | #### Students will be able to:
10 | - Explain how salt is added to passwords.
11 | - Demonstrate how a salted password increases the strength of the password.
12 | - Describe the output of a hash algorithm.
13 | - Explain how this can be used to validate a password, file, or other media.
14 |
15 | ### Preparation
16 |
17 | ### Links
18 | - For the Teacher
19 | - https://en.wikipedia.org/wiki/Hash_function
20 | - https://en.wikipedia.org/wiki/Salt_(cryptography)
21 | - [HashDemo.py](HashSalt/HashDemo.py)
22 | - [HashPassword.py](HashSalt/HashPassword.py)
23 |
24 | - For the Students
25 | - https://www.pythoncentral.io/hashing-strings-with-python/
26 |
27 | ### Vocabulary
28 |
29 | ## Teaching Guide
30 | ### Getting Started:
31 | How NOT to Store Passwords
32 | https://www.youtube.com/watch?v=8ZtInClXe1Q
33 |
34 | Hashing Algorithms
35 | https://www.youtube.com/watch?v=b4b8ktEV4Bg
36 |
37 |
38 | ### Activity:
39 | Use the HashDemo.py file to find a hash version of a password.
40 | - If you search that hash on the internet, can you recover the original password?
41 |
42 | Now try the same thing with the salted version.
43 | - Was the result different?
44 |
45 | Modify the HashPassword.py file to do the following:
46 | - Store a password and username in hashed form in a python file.
47 | - The password should contain salt.
48 | - The salt may be stored alongside the hashed password.
49 | - Given this file, can you reverse the password?
50 |
51 |
52 | ### Wrap-up
53 | Secure Hashing Algorithms:
54 | https://www.youtube.com/watch?v=DMtFhACPnTY
55 |
56 | Discussion:
57 | - How is this more secure than simply storing the password?
58 | - What are the weaknesses of storing the hash?
59 | - Same password maps to the same hash
60 | - How do rainbow tables affect the security of a hashed password?
61 | - What can be done to overcome this weakness?
62 |
63 | ### Assessment Questions
64 | - What is the purpose of Hashing?
65 | - Why do all phrases have the same length once hashed?
66 | - What is a vulnerability to storing passwords as a hashed value?
67 | - What is salt?
68 | - How does salting make hashed passwords more secure?
69 |
70 | ### Extended Learning
71 | Look at rainbow tables: [http://project-rainbowcrack.com/table.htm](http://project-rainbowcrack.com/table.htm)
72 | Hashed Password Cracker: [https://crackstation.net/](https://crackstation.net/)
73 | ### Standards Alignment
74 |
75 | ## License
76 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
77 |
--------------------------------------------------------------------------------
/Malware/malware.md:
--------------------------------------------------------------------------------
1 | # Viruses, Worms, Trojans, and other Malware
2 |
3 | ## Overview
4 | Software installed on computers may have negative application to the user. It may not have been installed by the user intentionally. We will explore various types of malicious software that is installed on computers, how it works, and how to prevent it.
5 |
6 | ## Purpose
7 | Malicious software is often used to capture information from users, erase or steal data, and even use a computer as a part of a larger botnet army. Students should learn what happens when this type of software is installed, how it is installed with or without the user's knowledge, and what can be done to prevent it.
8 |
9 |
10 | ### Objectives
11 | #### Students will be able to:
12 | - Identify major forms of malicious software
13 | - Identify effects of different types of software
14 | - Determine best practice for preventing malicious software
15 |
16 | ### Preparation
17 | - [x] Students will need access to research materials (internet)
18 | - [x] Students will need access to presentation software
19 |
20 | ### Links
21 | - For the Teacher
22 |
23 | - For the Students
24 | - [Common malware definitions](https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101)
25 |
26 | ### Vocabulary
27 |
28 | ## Teaching Guide
29 | ### Getting Started
30 | - Video: [Fighting Viruses, Defending the Net](https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net)
31 | - Video: [Anatomy of an Attack: Ransomware](https://www.youtube.com/watch?v=4gR562GW7TI)
32 | - Video: [Anatomy of an Attack: Internet of Things](https://www.youtube.com/watch?v=GvLnb4YQHh0)
33 |
34 | ### Activity
35 | Have students form groups and research one of the specific types of malware. With each type students should be able to identify:
36 | - What is unique about this type of malware?
37 | - How does this type of malware typically get on a computer?
38 | - What are the effects of this type of malware?
39 | - What are the potential dangers in this type of malware?
40 | - How do I remove this type of malware?
41 | - What is the best practice to avoid this malware?
42 | - What are some of the biggest events involving this type of malware? Famous examples.
43 |
44 | The types of malware students should research:
45 | - Virus
46 | - Trojan Horse
47 | - Worm
48 | - Bot
49 | - Adware
50 | - Bug
51 | - Rootkit
52 | - Spyware
53 | - Ransomware
54 | - Fork Bomb
55 |
56 | Students should present their information to the class.
57 |
58 | ### Wrap-up
59 | Discussion:
60 | - What should be done to make sure computers are not infected?
61 | - How would you advise your parents or grandparents to avoid infection?
62 | - How do you know if you've been infected?
63 | - What is the motive of those writing malicious software?
64 | - Does it work? Do hackers get what they want from use of malware?
65 |
66 | ### Assessment Questions
67 | - What are the identifying characteristics of a virus?
68 | - How did a Trojan Horse get it's name?
69 | - How are bots used by hackers?
70 |
71 | ### Extended Learning
72 |
73 | ### Standards Alignment
74 | Indiana - CS3S-2.2
75 | Indiana - CS3S-3.1
76 | ## License
77 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
78 |
--------------------------------------------------------------------------------
/Physical_Security/keys.md:
--------------------------------------------------------------------------------
1 | # Keys & Locks
2 |
3 | ## Overview
4 | Locking the door is one of the easiest methods of securing our house, offices, and other important spaces. Standard locks are vulnerable to attack from lock picking or more crude methods of breaking in. In addition to securing computer systems digitally, students should consider how computers are physically secured.
5 |
6 | ## Purpose
7 | Understand locks as systems and understand how they work to understand how they might be exploited. This is another analogy to computing systems in finding potential vulnerably by understanding the way the underlying system works.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Understand the vulnerabilities of a standard lock set.
12 | - Identify additional security measures to secure a room or building.
13 |
14 | ### Preparation
15 |
16 | ### Links
17 | - For the Teacher
18 | - For the Students
19 | - https://art-of-lockpicking.com/how-to-pick-a-lock-guide/
20 | - https://en.wikipedia.org/wiki/Lock_bumping
21 |
22 | ### Vocabulary
23 |
24 | ## Teaching Guide
25 | ### Getting Started:
26 | - Podcast: 99% Invisible - Perfect Security
27 | - http://99percentinvisible.org/episode/perfect-security/
28 |
29 | ### Activity:
30 | - Research how pin & tumbler locks work.
31 | - Research how bump key works
32 | - https://toool.us/education.html
33 |
34 | ### Activity:
35 | - Look at the pin guides provided by Devian Ollam
36 | - https://github.com/deviantollam/decoding
37 | - Using those overlays and a photo editor, try to work out the pin settings for a key with only a photo.
38 | - Examples in this video: https://www.youtube.com/watch?v=AayXf5aRFTI starting at around 13:00.
39 |
40 | - Example key images
41 | - [key1.jpg](Key_Images/key1.jpg)
42 | - [key2.jpg](Key_Images/key2.jpg)
43 | - [key3.jpg](Key_Images/key3.jpg)
44 | - [key4.jpg](Key_Images/key4.jpg)
45 | - [key5.jpg](Key_Images/key5.jpg)
46 | - [key6.jpg](Key_Images/key6.jpg)
47 | - [key7.jpg](Key_Images/key7.jpg)
48 |
49 | ### Activity:
50 | - Read about TSA lock sets being leaked
51 | - Write a response (blog?) on the consequences of including a "back door" to a lock.
52 |
53 |
54 | ### Wrap-up
55 | #### Discussion:
56 | - With the weaknesses of locks, why do we still use them?
57 | - What is the downside to breaking in with a lock pick... how might you be caught?
58 | - What could be done to strengthen security of locks?
59 |
60 | Video:
61 | - Scam School - Lock Picking
62 | - https://www.youtube.com/watch?v=WpH_t0u5Ybg
63 |
64 | ### Assessment Questions
65 |
66 | ### Extended Learning
67 | - 3D Printing: TSA Master Lock Sets
68 | - https://3dprint.com/143860/tsa-master-keys-hacked-again/
69 | - Door Security - Shakacon
70 | - https://www.youtube.com/watch?v=4YYvBLAF4T8
71 | - SANS ICS Security Summit 2017 - Same talk as above but more information... no swearing.
72 | - https://www.youtube.com/watch?v=qg-zK2zv4ng
73 | - Source Conference - 2010
74 | - https://www.youtube.com/watch?v=vxXryID5F7M
75 | - Another video of getting duplicating keys from a photo
76 | - https://www.youtube.com/watch?v=SO0Y0HLvvpA
77 | ### Standards Alignment
78 |
79 | ## License
80 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
81 |
--------------------------------------------------------------------------------
/Classic_Cryptography/Vigenere_Cipher.md:
--------------------------------------------------------------------------------
1 | # The Vigenère cipher
2 |
3 | ## Overview
4 | The Vigenère cipher is similar to the Caesar cipher but the key shifts between each letter. This makes frequency analysis more difficult since the same letter in plaintext could be different letters in the cipher text.
5 |
6 | ## Purpose
7 | To use a polyalphabetic cipher to encrypt and decrypt a message. Analyse the security of this cipher.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Use the Vigenère cipher to encrypt/decrypt a message.
12 | - Explain how frequency analysis would work on this type of encryption.
13 | - Identify possible weaknesses in the Vigenère cipher and how they might be exploited.
14 |
15 | ### Preparation
16 | - [x] Print copies of The [Vigenère Square](Vigenere_Cipher/Vigenere_square.svg)
17 | - [x] Print copies of The [Vigenère Activity Worksheet](Vigenere_Cipher/Vigenere_Cipher_Activity.docx)
18 |
19 | ### Links
20 | - For the Teacher
21 |
22 | - For the Students
23 |
24 | ### Vocabulary
25 |
26 | ## Teaching Guide
27 | ### Getting Started
28 | - Polyalphabetic Cipher(video)
29 | - https://www.youtube.com/watch?v=BgFJD7oCmDE
30 |
31 | ### Activity
32 | - Have students encrypt/decrypt several messages using the Vigenère Square.
33 | - While students are encrypting, they should be focusing on how patterns emerge and how they might be able to break this code if a keyword was unknown.
34 |
35 | ### Activity
36 | - Python Programming:
37 | - [VigenereCipher.py](code/VigenereCipher.py)
38 |
39 |
40 | ### Wrap-up
41 | #### Discussion:
42 | - How does this cipher make the code more secure than previously discussed ciphers?
43 | - What are the primary limitations to this type of encryption?
44 |
45 | Video: How Blockchain will Transform Economy
46 | - https://www.ted.com/talks/bettina_warburg_how_the_blockchain_will_radically_transform_the_economy
47 |
48 | ### Assessment Questions
49 | - How recently was the Vigenere cipher used?
50 | - Why was it so much longer-lived than the Caesar Cipher that it is based on?
51 | - What is the information leak within the cipher?
52 |
53 | ### Extended Learning
54 | The Codebook - Chapter 2, The Anonymous Codebreaker
55 |
56 | As with our first blog post, you should write a post that includes writing, images, links, and other media resources as needed to answer the following questions. The questions should be a guide for your writing but it would be nice if you answered the general questions.
57 |
58 | - How did encryption move from a military application to a more everyday pursuit?
59 | - What types of purposes did codes and encryption serve?
60 | - How did people engage in codes as a hobby or interest?
61 | - Why were solutions to ciphers like Vigenere not published when discovered?
62 | - What are some other take-aways from this chapter you found interesting?
63 |
64 | ### Standards Alignment
65 | Indiana - CS3S-1.2
66 |
67 | ### Sources:
68 | By Brandon T. Fields (cdated) - Based upon Vigenere-square.png by en:User:Matt Crypto. This version created by bdesham in Inkscape, and modified by cdated to include visual guides.This vector image was created with Inkscape., Public Domain, https://commons.wikimedia.org/w/index.php?curid=15037524
69 |
70 | ## License
71 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
72 |
--------------------------------------------------------------------------------
/Classic_Cryptography/Encoding_Mary.md:
--------------------------------------------------------------------------------
1 | # Encoding - Mary Queen of Scots
2 |
3 | ## Overview
4 | Codes have been used throughout history to keep messages secret. One famous example is Mary Queen of Scots. Students will learn about this famous code, use it to encode and decode messages, and finally create their own secret code using modern symbols (emojis).
5 |
6 | ## Purpose
7 | Swapping letters or words for a symbol is one of the oldest methods of hiding information. Sometimes letters are swapped for well-known standards for the purpose of transmitting (Morse code/Telegraph, ASCII - Binary/Computers) while other times the encoding is designed to keep the message secret.
8 |
9 | This activity will begin to build the idea of changing a message in order to send it.
10 |
11 | ### Objectives
12 | Students will be able to:
13 | - Encode a message using a defined code.
14 | - Decode a message using a defined code.
15 | - Create a new code and use it to communicate.
16 |
17 | ### Preparation
18 | - [x] Print the [Symbol Cipher worksheet](Encoding/Symbol_Cipher.docx)
19 |
20 | ### Links
21 | - For the Teacher
22 |
23 | - For the Students
24 | - [Codemoji](https://codemoji.org/)
25 |
26 | ### Vocabulary
27 |
28 | ## Teaching Guide
29 | ### Getting Started
30 | Discuss how encoding is used to swap a letter for another symbol.
31 | Video - https://www.youtube.com/watch?v=_htopuN4pCk
32 |
33 | ### Activity
34 | Symbol Cipher Worksheet
35 | Have students work in pairs on the worksheet. Students will encode a message using the cipher used by Mary Queen of Scots
36 |
37 | After encoding a message, they will swap with another group to decode their
38 | message.
39 |
40 | Finally, students will create their own modern take on the cipher using emojis to replace letters or words. As before, they will encode a message and swap with another group to decode a message.
41 |
42 | ### Wrap-up
43 | Discussion:
44 | If two people want to communicate secretly, what do they need?
45 |
46 | Mary used a hollow bung in beer kegs to transport her messages. Hiding in the open where people won't think to look is called Steganography. What are methods you could use to send messages like this in your life?
47 |
48 | What about digitally? Are there ways you could send these messages in the open where people wouldn't think to look in a digital form?
49 |
50 | ### Assessment Questions
51 | - If you did not have a key, how could you begin to decode these a message encoded using a key like this?
52 | - In a text document, I can change the font to WingDings or another symbol font.
53 | - Is this a secure way of hiding information?
54 | - Why/why not?
55 |
56 | ### Extended Learning
57 | Read Chapter 1 of "The Code Book" - Mary Queen of Scots
58 |
59 | Based on reading of chapter 1 from the Code Book and our work with ciphers in class, answer the following questions.
60 |
61 | Please state your answer as a blog post and support your points with references to the book, events that happened, and images as needed.
62 |
63 | How have ciphers been used? What is the purpose of cryptography? How has the advent of cryptography changed the course of history? Cite specific instances where better cryptography might have changed events and how.
64 |
65 | ### Standards Alignment
66 |
67 |
68 | ## License
69 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
70 |
--------------------------------------------------------------------------------
/Security_Principles/online_detective.md:
--------------------------------------------------------------------------------
1 | # Online Detective
2 |
3 | TODO: Add blog post prompt about personal security and what can be found online.
4 |
5 | ## Overview
6 | Students will use online resources to learn as much as possible about a "target". This type of reconnaissance is commonly used by hackers as part of a social engineering attack.
7 |
8 | ## Purpose
9 | Teach students about the publicly available information and what can be learned by going through official data sources to find information about someone.
10 |
11 | ### Objectives
12 | #### Students will be able to:
13 | - Use publicly available data to research a person
14 | - Identify what information is publicly available
15 |
16 | ### Preparation
17 | - [x] Find sites for publicly available data in your area.
18 |
19 | ### Links
20 | - For the Teacher
21 | - For the Students
22 |
23 | ### Vocabulary
24 |
25 | ## Teaching Guide
26 | ### Getting Started:
27 | - Discuss the existence of public records and how they are accessed.
28 | - Discuss why these records are public.
29 |
30 | Public Records:
31 | - Omaha Assessors Website
32 | - http://www.dcassessor.org/home
33 | - Data Omaha - Public Salary and Other Data
34 | - http://www.dataomaha.com/salaries
35 | - Sex Offender Registry
36 | - https://sor.nebraska.gov/
37 | - Driving Record Search
38 | - https://www.nebraska.gov/dmv/dlrcc/index.cgi
39 | - Voter Registration Records
40 | - https://www.votercheck.necvr.ne.gov/VoterView/RegistrantSearch.do
41 |
42 | Other Search Tools:
43 | - Spokeo:
44 | - https://www.spokeo.com/
45 | - Pipl
46 | - https://pipl.com/
47 |
48 | ### Activity
49 | Search for a person
50 | - Can you find their house –
51 | - How much did it cost?
52 | - When did they move?
53 | - What was their previous house?
54 |
55 | - Can you find their salary?
56 | - How much do they make?
57 |
58 | - What political party are they registered and where do they vote?
59 |
60 |
61 | - Can you find their:
62 | - Email Address?
63 | - Twitter Handle?
64 | - Facebook Page?
65 |
66 | - Do this for yourself, someone you know.
67 |
68 | - Play Anti-Phishing Phil
69 | - http://www.ucl.ac.uk/cert/antiphishing/
70 |
71 | ### Wrap-up
72 | #### Discussion:
73 | - What are some strategies for avoiding Phishing e-mails?
74 | - How can you tell if a site is valid or if it is a fake?
75 | - Based on the info about you available online, could a hacker call into your phone company or other service provider and convince them to give personal info?
76 | - How can you make yourself more secure from this type of attack?
77 |
78 | ### Assessment Questions
79 | - What information about yourself is available online?
80 | - What information can you control? What is beyond your ability to control?
81 |
82 | ### Extended Learning
83 | Read: Blown to Bits - Chapter 2; Naked in the Sunlight
84 | Blog Post:
85 | - What information about yourself is available online?
86 | - What information can you control? What is beyond your ability to control?
87 | - What are some strategies for avoiding Phishing e-mails?
88 | - How can you tell if a site is valid or if it is a fake?
89 | - Based on the info about you available online, could a hacker call into your phone company or other service provider and convince them to give personal info?
90 | - How can you make yourself more secure from this type of attack?
91 |
92 | EFF Locking Down Social Media
93 | - https://sec.eff.org/topics/locking-down-social-media
94 | ### Standards Alignment
95 |
96 | ## License
97 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
98 |
--------------------------------------------------------------------------------
/Web_Security/html_css.md:
--------------------------------------------------------------------------------
1 | # Basic HTML & CSS
2 | ## Overview
3 | Students will learn HTML and CSS in order to make a basic web site. The knowledge for creating a web page can come from several sources, including prior experience.
4 |
5 | ## Purpose
6 | The world wide web is built on a series of individual pages written in HTML. For students to understand the web.
7 |
8 | ### Objectives
9 | #### Students will be able to:
10 | - Write the code for a basic web page.
11 | - Create a series of pages that are linked together to create a site.
12 |
13 | ### Preparation
14 |
15 | ### Links
16 | - For the Teacher
17 |
18 | - For the Students
19 | - Code Academy: https://www.codecademy.com/
20 | - Free Code Camp: https://www.freecodecamp.org/
21 | - W3 Schools: https://www.w3schools.com/html/
22 |
23 | ### Vocabulary
24 |
25 | ## Teaching Guide
26 | ### Getting Started
27 | - Tim Berners-Lee (video)
28 | - https://www.ted.com/talks/tim_berners_lee_a_magna_carta_for_the_web
29 |
30 | ### Activity:
31 | - Learn how to make a web page.
32 | - Use one of the tutorial sites to build sample web sites.
33 |
34 | ### Activity:
35 | - Use software like Notepad++ or similar to create a local web page on your computer.
36 |
37 | ### Activity:
38 | #### Make a web site:
39 | - Build a website for yourself using the methods and techniques you’ve learned as part of the HTML tutorials you’ve done. Your site should use aspects of HTML, CSS, Bootstrap, Java Script and other tools you’ve learned.
40 |
41 | #### Pages you need to build:
42 | - Index.html – This will be the main page and should include links to your other pages. Add information about yourself to make the page have some content.
43 |
44 | - Academic Resume – This page should include classes you’ve taken that would make you a prime cyber security hire, academic honors, service projects or other things you’ve done personally or academically to distinguish yourself from the unwashed masses also vying for the same job.
45 |
46 | - Cyber Security Tips Page – Pick one topic and dive deep or pick several topics and give a quick “best practices”. For example, you might talk about passwords and the importance of using different passwords site-to-site, creating complex passwords that will not be guessed, how to use password managers to organize all your passwords, etc. Alternatively, you might talk a little about passwords, network security, physical security and how to stay “generally safe”.
47 |
48 | - Contact Page – Use web forms to allow people to contact you. This way you’re not divulging your email address to potential “bots” that search the internet for email address to add to spam lists. You’ll need form elements to allow people to post a subject, their e-mail, and a message. You’ll also want buttons for submitting and clearing the fields
49 |
50 | Since we have not done much with forms yet, use web resources to find examples you can copy from. You may not be able to actually send the info yet but should have the shell setup.
51 |
52 | ### Wrap-up
53 | #### Discussion:
54 | - How does HTML get read by a web browser?
55 | - Why do pages look slightly different in different web browsers (Firefox, Chrome, Edge, etc.)
56 |
57 | ### Assessment Questions
58 |
59 | ### Extended Learning
60 | - SSH Explained - Computerphile
61 | - [https://www.youtube.com/watch?v=ORcvSkgdA58](https://www.youtube.com/watch?v=ORcvSkgdA58)
62 | - Podcast IRL: Online Life is Real Life
63 | - [https://irlpodcast.org/](https://irlpodcast.org/)
64 | ### Standards Alignment
65 |
66 | ## License
67 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
68 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Public_Key.md:
--------------------------------------------------------------------------------
1 | # Public Key Cryptography
2 |
3 | ## Overview
4 | Students will learn about and practice public key encryption. Focus on asymmetric algorithms where the process is not the same in both directions.
5 |
6 | ## Purpose
7 |
8 | ### Objectives
9 | #### Students will be able to:
10 | - Identify the need for public key cryptography.
11 | - Define a general procedure for asymmetric encryption.
12 | - Identify the strengths and potential weaknesses of public key cryptography.
13 |
14 | ### Preparation
15 | - [x] Print CS Unplugged Activity
16 | - [x] Signup for and enroll students in Code.org CSP course
17 |
18 | ### Links
19 | - For the Teacher
20 | - http://csunplugged.org/wp-content/uploads/2014/12/unplugged-18-public_key_encryption_0.pdf
21 | - https://studio.code.org/
22 | - http://tuftsjournal.tufts.edu/2010/01_1/professor/01/
23 |
24 | - For the Students
25 | - https://websitebuilders.com/how-to/stay-safe/secure-transactions/
26 | ### Vocabulary
27 |
28 | ## Teaching Guide
29 | ### Getting Started:
30 | Numberphile - Public Key Encryption
31 | - [https://www.youtube.com/watch?v=M7kEpw1tn50](https://www.youtube.com/watch?v=M7kEpw1tn50)
32 | Graphic of Apple's SMS privacy
33 | - [https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/](https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/)
34 | ### Activity
35 | - CS Unplugged Public Key Encryption Activity
36 |
37 | ### Activity
38 | - [Code.org CSP Public Key Encryption](https://studio.code.org/s/csp4/stage/6/puzzle/4)
39 | - Students will need a code.org account and to be registered in a CSP course you've setup.
40 |
41 | ### Wrap-up
42 | - Khan Academy video on public key encryption
43 | - [https://www.youtube.com/watch?v=YEBfamv-_do](https://www.youtube.com/watch?v=YEBfamv-_do)
44 | ### Assessment Questions
45 | - Describe to a person who knows nothing about encryption why public key encryption is secure and is hard to crack.
46 | - Explain in your own words what the modulo operation does. You may use the analogy of a clock in your answer if you like.
47 | - In symmetric encryption the same key is used to encrypt and decrypt a message. In asymmetric encryption different keys are used to encrypt and decrypt. Give at least one reason why asymmetric encryption is useful
48 |
49 | ### Extended Learning
50 | Read: The Code Book - Chapter 5
51 | Alice and Bob go Public
52 |
53 | After reading chapter 5 of The Code Book, reflect on the following questions and create a blog post on this topic. As with the previous blog posts, the idea is to have the post be informative, informal, as though you were independently interested in this topic and are writing a blog based on your curiosity.
54 |
55 | This chapter focused on public key encryption.
56 | - How is public key encryption possible?
57 | - Who were the key players in developing public key encryption?
58 | - Why do we believe the process of encrypting is not crack-able?
59 | - What are the potential issues with encryption as computers increase in computing power?
60 | - Who are some of the hidden figures in this field? Why did they not initially get credit for their work?
61 |
62 | Raspberry Pi: Buid an OctaPi
63 | - [https://projects.raspberrypi.org/en/projects/build-an-octapi](https://projects.raspberrypi.org/en/projects/build-an-octapi)
64 | - [https://projects.raspberrypi.org/en/projects/octapi-public-key-cryptography](https://projects.raspberrypi.org/en/projects/octapi-public-key-cryptography)
65 |
66 | ### Standards Alignment
67 | Indiana - CS3S-1.2
68 | Indiana - CS3S-2.1
69 |
70 | ## License
71 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
72 |
--------------------------------------------------------------------------------
/Classic_Cryptography/Caesar_Cipher.md:
--------------------------------------------------------------------------------
1 | # Caesar Cipher
2 |
3 | ## Overview
4 | Students will explore encoding/decoding messages using the Caesar Cipher. Using a cipher wheel, messages will be encoded and decoded.
5 |
6 | ## Purpose
7 | The Caesar Cipher is one of the best known forms of encryption. This signifies a change from encoding where a message was hidden with a set of substitutions for each letter to one where the only knowledge needed is a key to "unlock" the message.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Encode/Decode a message using a Caesar Cipher and a known key
12 | - Begin to decode messages where the key is unknown using cryptanalysis
13 |
14 | ### Preparation
15 | - [x] Print the [Caesar Cipher wheel](Caesar_Cipher/Papercraft_Caesar_Wheel.docx) on cardstock
16 | - [x] Get brad fasteners
17 | - [x] Print [Caesar Cipher Worksheet](Caesar_Cipher/Caesar_Cipher_Activity.docx)
18 | - [x] Download [CaesarCipher.py](code/CaesarCipher.py) python file.
19 |
20 | ### Links
21 | - For the Teacher
22 | - https://en.wikipedia.org/wiki/Caesar_cipher
23 | - http://practicalcryptography.com/ciphers/caesar-cipher/
24 | - For the Students
25 | - http://www.cryptoclub.org/games/desert_oasis.php
26 |
27 | ### Vocabulary
28 | Plaintext - a message or text that can be read normally
29 | Ciphertext - a message that has been encrypted so it is not readable in current form.
30 | Encode - the act of converting plaintext to ciphertext
31 | Decode - the act of converting ciphertext to plaintext
32 |
33 | ## Teaching Guide
34 | ### Getting Started
35 | - Overview of Caesar Cipher (video)
36 | - https://www.youtube.com/watch?v=sMOZf4GN3oc
37 |
38 | ### Activity:
39 | Paper craft Caesar Cipher wheel
40 | - Have students cut out and assemble the paper cipher wheel.
41 | - Students will work through the encryption process on the worksheet.
42 | - Students can engage with the CryptoClub Desert Oasis game.
43 |
44 | ### Activity (coding):
45 | Look at the CaesarCipher.py Python file.
46 | - The program is setup to accept a message
47 | - The message can be encoded using a Caesar Shift
48 | - Have students finish the decode method to convert ciphertext to plaintext.
49 |
50 | ### Wrap-up
51 | #### Discussion:
52 | 1. How many possible keys are there in a Caesar Cipher?
53 | 1. What level of security does this provide us? How difficult is it to break a message encrypted using the Caesar Cipher?
54 |
55 | 1. TED Talk: [Why Privacy Matters](https://www.ted.com/talks/alessandro_acquisti_why_privacy_matters?language=en)
56 |
57 | ### Assessment Questions
58 | - How have computers changed the security of a cipher like this one?
59 | - Create a Caesar Cipher where the key changes for each word or letter.
60 | - What would the rules of this cipher be?
61 | - How would you encode / decode this message?
62 | - What would you need to know to decode this message?
63 | - How does this change the security of the cipher?
64 |
65 | ### Extended Learning
66 | 3D Printing: Print the Caesar Cipher ring to use instead of the paper wheel.
67 | - [https://www.thingiverse.com/thing:18315](https://www.thingiverse.com/thing:18315)
68 | 3D Printing: Print a Cipher Disk
69 | - [https://www.thingiverse.com/thing:3404817](https://www.thingiverse.com/thing:3404817)
70 | 3D Printing: Print a Braille Disk
71 | - [https://www.thingiverse.com/thing:3701018](https://www.thingiverse.com/thing:3701018)
72 | Programming: Bruteforce Caesar Decode
73 | - Using the decode method written in the programming activity, create a program that decodes using all 25 possible Caesar shifts.
74 |
75 | ### Standards Alignment
76 |
77 | ## License
78 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
79 |
--------------------------------------------------------------------------------
/Classic_Cryptography/Encoding_Binary.md:
--------------------------------------------------------------------------------
1 | # Text Encoding & Binary Numbers
2 |
3 | ## Overview
4 | In this lesson, students will learn about ASCII encoding of text. Students will also look at how binary numbers can be used to store and transmit data on computer systems.
5 |
6 | ## Purpose
7 | All data is stored as binary 0s and 1s on a computer. This means that every image, video, document, and program we use on a computer is ultimately converted to binary. Looking at text is a way to see this process in a clear, understandable way.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Convert text to ASCII Numbers
12 | - Convert base-10 numbers to base-2 binary
13 | - Encode/decode a message using ASCII/Binary
14 |
15 | ### Preparation
16 | - [x] Print the [Code.org Flippy Do](https://drive.google.com/file/d/0B6iNirqJ5EuVVTlla0RpR2RIa2s/view)
17 | - [x] Print the [ASCII Encoding Worksheet](Encoding/Ascii_Encoding_Activity.docx)
18 | - [x] Print the [Binary Conversion Worksheet](Encoding/Binary_Conversion.docx)
19 | - [x] Print the [ASCII Hex Decoding Worksheet](Encoding/Ascii_Hex_Decoding.docx)
20 | - [x] Download the [AsciiEncoding.py](code/AsciiEncoding.py) python file.
21 |
22 |
23 | ### Links
24 | - For the Teacher
25 | - https://en.wikipedia.org/wiki/Binary_number
26 | - https://en.wikipedia.org/wiki/ASCII
27 | - For the Students
28 | - Binary Number Game
29 | - https://studio.code.org/projects/applab/iukLbcDnzqgoxuu810unLw
30 |
31 | ### Vocabulary
32 | Number System: A method of representing numbers.
33 | Base-10: Our normal number system, 10 digits (0-9) can be in any number position
34 | Base-2: Binary number system only uses digits 0, 1 in any number position.
35 | ASCII: American Standard Code for Information Interchange - A method for representing every letter as a number.
36 | ## Teaching Guide
37 | ### Getting Started
38 | - Discussion of how all data is stored as numbers in base-2 (binary) on a computer
39 | > The digits are stored as electrical pulses, magnetic poles in a Hard Drive, pits on a CD even as pulses of light. In all of these cases, there is a case that represents a 0 or 1.
40 |
41 | > As such, every bit of data is ultimately represented as binary numbers.
42 |
43 | - Binary Numbers Video https://www.youtube.com/watch?v=1GSjbWt0c9M
44 | - ASCII, Unicode, UTF8 encoding video https://www.youtube.com/watch?v=MijmeoH9LT4
45 |
46 | ### Activity
47 | Students will convert a message to ASCII using the chart. These will be base-10 numbers for now. Students will also decode a message and create their own message to swap and decode with another student.
48 |
49 | Then students will convert a series of binary numbers to base-10 and back to text.
50 |
51 | ### Activity (coding):
52 | Python Programming:
53 | - Using the AsciiEncoding.py as template:
54 | - Create a text to ASCII to binary converter
55 | - Try to convert each letter to the ASCII equivalent.
56 |
57 | ### Wrap-up
58 | Discussion
59 | 1. If all data is stored as 0s and 1s, how does a computer know if a file is text or a picture?
60 |
61 | 1. I can put a password on a document so it can't be opened. If someone can see the 0s and 1s, what prevents someone from seeing the contents of that document? A password-protected documents is still stored as binary on the hard drive.
62 |
63 |
64 | ### Assessment Questions
65 | - Every letter is represented by a number, so is every color, sound, or program.
66 | - If a color is a combination of red, green, and blue values (0-255), devise a way to hide text as an image.
67 |
68 | ### Extended Learning
69 |
70 |
71 | ### Standards Alignment
72 |
73 |
74 | ## License
75 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
76 |
--------------------------------------------------------------------------------
/Security_Principles/passwords.md:
--------------------------------------------------------------------------------
1 | # Password Selection
2 |
3 | ## Overview
4 | Students will learn about good practices in selecting passwords, the dangers of weak passwords or sharing passwords between sites, and how to use password managers.
5 |
6 | ## Purpose
7 | Passwords are the way we access the majority of our information and online accounts. The passwords we use are often weak in a way that would allow hackers to guess them or we use the same password on multiple accounts. If one of those accounts is compromised, then our password to other sites is exposed.
8 |
9 | Best practices in password selection include selecting a different password for each account and ensuring that the password is sufficiently difficult for a hacker to guess or bruteforce attack.
10 |
11 | ### Objectives
12 | #### Students will be able to:
13 | - Identify best practices in password selection.
14 | - Use a password manager for management of the multiple passwords.
15 | - Identify good and bad passwords.
16 |
17 | ### Preparation
18 |
19 | ### Links
20 | - For the Teacher
21 | - [https://en.wikipedia.org/wiki/Password_cracking](https://en.wikipedia.org/wiki/Password_cracking)
22 |
23 | - For the Students
24 | - How Secure is my Password
25 | - [https://www.security.org/how-secure-is-my-password/](https://www.security.org/how-secure-is-my-password/)
26 | - [https://password.kaspersky.com/](https://password.kaspersky.com/)
27 | - [http://www.passwordmeter.com/](http://www.passwordmeter.com/)
28 |
29 | ### Vocabulary
30 |
31 | ## Teaching Guide
32 | ### Getting Started:
33 | How to pick a good password (video)
34 | - [https://www.youtube.com/watch?v=3NjQ9b3pgIg](https://www.youtube.com/watch?v=3NjQ9b3pgIg)
35 |
36 | - Discussion of Password selection… how am I hacked through my password?
37 |
38 | ### Activity
39 | Look at password managers. In Groups of 4, register, install and USE the password manager.
40 |
41 | Password Managers:
42 | - LastPass
43 | - Dashlane
44 | - KeePass
45 | - Sticky Password
46 | - 1Password
47 | - RoboForm
48 |
49 | Create a PowerPoint to present to the class.
50 | - Explain how each works and whether you’d recommend it or not.
51 | - Is there a mobile version?
52 | - Does it cost money?
53 | - What is it's strengths / weaknesses?
54 |
55 |
56 | Two-Step Verification:
57 |
58 | - Gmail:
59 | - [https://www.youtube.com/watch?v=zMabEyrtPRg](https://www.youtube.com/watch?v=zMabEyrtPRg)
60 | - [https://www.cnet.com/how-to/how-and-why-to-use-two-factor-authentication/](https://www.cnet.com/how-to/how-and-why-to-use-two-factor-authentication/)
61 |
62 | ### Activity
63 | - Password Cracking (video):
64 | - [https://www.youtube.com/watch?v=7U-RbOKanYs](https://www.youtube.com/watch?v=7U-RbOKanYs)
65 | - Download the password cracker and the three "encrypted" files.
66 | - [PasswordCracker.py](passwords/PasswordCracker.py)
67 | - [LockedFile1.py](passwords/LockedFile1.py)
68 | - [LockedFile2.py](passwords/LockedFile2.py)
69 | - [LockedFile3.py](passwords/LockedFile3.py)
70 |
71 |
72 | ### Discussion:
73 | - How does two-factor authentication make you safer online?
74 | - What are potential problems with two-factor passwords?
75 | - What would I tell my friends or family to do to make their passwords more secure?
76 |
77 | ### Wrap-up
78 | Ted Talk: - [http://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd](http://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd)
79 |
80 | ### Assessment Questions
81 | - How am I currently vulnerable to password attacks?
82 | - What can I do to make my passwords more secure?
83 | - List steps you actually plan to use to increase the security of your password.
84 |
85 |
86 | ### Extended Learning
87 |
88 | EFF Passwords Lesson
89 | - https://sec.eff.org/topics/passwords
90 | - https://sec.eff.org/topics/password-managers
91 | EFF Two-Factor Authentication Lesson
92 | - https://sec.eff.org/topics/two-factor-authentication
93 |
94 | ### Standards Alignment
95 | Indiana - CS3S-1.3
96 |
97 | ## License
98 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
99 |
--------------------------------------------------------------------------------
/Web_Security/php_sql.md:
--------------------------------------------------------------------------------
1 | # PHP and SQL
2 |
3 | ## Overview
4 | In our last lesson we setup a SQL database, now we would like to access that information in the database on our website. We will create sites using PHP that can display information found in a SQL database.
5 |
6 | ## Purpose
7 | Modern websites use databases to store and manage information. We want to better understand the framework that makes the connection between a webpage and a database possible.
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Display information from their database on a web page.
12 |
13 | ### Preparation
14 |
15 | ### Links
16 | - For the Teacher
17 | - [https://www.vice.com/en_us/article/aekzez/the-history-of-sql-injection-the-hack-that-will-never-go-away](https://www.vice.com/en_us/article/aekzez/the-history-of-sql-injection-the-hack-that-will-never-go-away)
18 | - For the Students
19 |
20 |
21 | ### Vocabulary
22 |
23 | ### Teaching Guide
24 | ### Activity
25 | Follow the guides on code academy for PHP and SQL.
26 | - These will help you better understand how these languages work.
27 | - Understanding the language will allow you to follow how the flaws are exploited.
28 |
29 | ### Activity
30 | Upload the ExampleForms.html and ExampleForms.php to your web server.
31 | - [ExampleForms.html](html/ExampleForms.html)
32 | - [ExampleForms.php](html/ExampleForms.php)
33 |
34 | Verify that the information has been added to the database by logging into the MySQL server and typing
35 | select * from names;
36 |
37 | ### Activity
38 | Using a MySQL database in command line is not a very convenient way to see the info in a database. Upload the pullData.html & pullData.php documents to the server.
39 | Verify that they can display the contents of the database to a web page.
40 | - [pullData.html](html/pullData.html)
41 | - [pullData.php](html/pullData.php)
42 |
43 | ### Discussion
44 | - This is not a very secure way to display the contents of a database.
45 | - Is there a way to add authentication?
46 |
47 |
48 | ### Activity
49 | Add the pullDataAdmin.html & pullDataAdmin.php documents to your project.
50 | - [pullDataAdmin.html](html/pullDataAdmin.html)
51 | - [pullDataAdmin.php](html/pullDataAdmin.php)
52 | Follow the [Secure Viewing SQL with HTML.docx](docs/Secure_Viewing_SQL_HTML.docx) document to create a secure, password protected method to see the contents of an SQL database.
53 |
54 | - This is not totally Secure.
55 | - How can this form be broken into?
56 | - What allows this type of from to be injected using a simple SQL injection?
57 |
58 | ### Activity
59 | Add the contact.html, contact.php, and messages.php documents to your project.
60 | - [contact.html](html/contact.html)
61 | - [contact.php](html/contact.php)
62 | - [messagesAdmin.html](html/messagesAdmin.html)
63 | - [messagesAdmin.php](html/messagesAdmin.php)
64 |
65 | Add a table to your mySQL database called messages with columns name, subject, message.
66 | Test to make sure the contact.html/php will post to the database and that messages.php will read messages.
67 |
68 | Now type a message that has some HTML in it. What happens in the message viewing center?
69 | What happens if you type a message like < script > alert("Surprise!") < /script >?
70 |
71 | Now, make this whole thing secure so we can't do this type of injection and need a secure log in to see our messages.
72 |
73 | ### Wrap-up
74 | - How could your secure site be made truly secure?
75 | - Why did the SQL injection work?
76 | - How did knowing the protocols of SQL and PHP allow you to break the security you had built?
77 |
78 | ### Assessment Questions
79 |
80 | ### Extended Learninghttps://derekbabb.github.io/CyberSecurity/
81 | - Buggy Web App [https://www.mmebvba.com/sites/bwapp/index.htm](https://www.mmebvba.com/sites/bwapp/index.htm)
82 | - Hacksplaining Lessons [https://www.hacksplaining.com/lessons](https://www.hacksplaining.com/lessons)
83 | - Bobby Tables [https://bobby-tables.com/](https://bobby-tables.com/)
84 | ### Standards Alignment
85 | Indiana - CS3S-1.2
86 | Indiana - CS3S-2.1
87 | Indiana - CS3S-4.1
88 | ## License
89 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
90 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Enigma.md:
--------------------------------------------------------------------------------
1 | # Enigma Cipher
2 |
3 | ## Overview
4 | Students will make a papercraft version of the German Enigma machine to better understand how the encryption worked. Students will also look at the historical significance of Enigma and the people who worked to break the code.
5 |
6 | ## Purpose
7 | The German Enigma is one of the first examples of mechanization of cryptography. The operation of the machine was sophisticated but the mathematics of the combinations of the rotors, plugs, and starting positions created a code that the Germans believed was "unbreakable"
8 |
9 | ### Objectives
10 | #### Students will be able to:
11 | - Encode/decode messages using the German Enigma
12 | - Identify the historical context and important people in cracking the Enigma code.
13 |
14 | ### Preparation
15 | - [x] Gather Pringles Cans
16 | - [x] Print, Laminate, Cut Enigma Strips
17 | - [x] Print copies of the Enigma Activity
18 |
19 | ### Links
20 | - For the Teacher
21 | - [Enigma Pringles Can Description](http://makezine.com/2012/06/06/how-to-papercraft-enigma-machine/)
22 | - [Enigma Pringles Can PDF](Enigma/pringlesenigma3a4.pdf)
23 | - [Enigma Worksheet](Enigma/Enigma_Activity.docx)
24 | - [Video on how to use Pringles Can Enigma](https://www.youtube.com/watch?v=pZsuxZXN33g)
25 | - For the Students
26 | - [Enigma Rotor Details](https://en.wikipedia.org/wiki/Enigma_rotor_details)
27 | ### Vocabulary
28 |
29 | ## Teaching Guide
30 | ### Getting started:
31 | German Enigma - Numberphile (video):
32 | - https://www.youtube.com/watch?v=G2_Q9FoD-oQ
33 |
34 | ### Activity:
35 | - Explain the use and function of the Enigma Pringles can.
36 | - Print, laminate, cut enough enigma strips for each can.
37 | - The can itself can store the un-used rotors.
38 | - What is the "notch" point for each rotor?
39 | - Define the direction you will turn the rotor (I used "away" from the user.)
40 | - Depending on these uses, the messages may not work out perfectly.
41 | - Protocols need to be the same between messages to be able to successfully encode/decode.
42 | - Decode and encode the messages in the worksheet.
43 | ### Activity:
44 | Create a Python version of the Enigma cipher.
45 | - Use the existing files and create the missing rotors (4 & 5) as well as another reflector (b).
46 | - Historical rotor settings can be found on Wikipedia
47 | - [Enigma.py](Enigma/Python_Enigma/Enigma.py)
48 | - [Rotor1.py](Enigma/Python_Enigma/Rotor1.py)
49 | - [Rotor2.py](Enigma/Python_Enigma/Rotor2.py)
50 | - [Rotor3.py](Enigma/Python_Enigma/Rotor3.py)
51 | - [ReflectorA.py](Enigma/Python_Enigma/ReflectorA.py)
52 |
53 | ### Wrap-up
54 | Video - The flaw in the German Enigma:
55 | - https://www.youtube.com/watch?v=V4V2bpZlqx8
56 |
57 | ### Discussion:
58 | - Why was it so important to have a strong encryption on messages during this era?
59 | - Why was the German Enigma so difficult to break?
60 | - Can we use standard tools like frequency analysis?
61 |
62 | ### Assessment Questions
63 | - Revisit the Vigenere Cipher, how was the Enigma different?
64 | - How was the Enigma similar to Vigenere?
65 |
66 | - Knowing that enemies might have a version of the machine, why were the Germans still so confident in their design?
67 |
68 |
69 | ### Extended Learning
70 | #### Read: Chapter 3 - The Code Book
71 | The Mechanization of Secrecy
72 |
73 | After reading Chapter 3 of the Code Book, reflect on the use of the German Enigma during World War 2 and the work of Alan Turing and others to break the code. Again, this is a blog so I would like you to talk about it in a manner that explains the technology and it's implications to an audience who does not know about it.
74 |
75 | There are a few things I think you should look at in your blog:
76 | - Prior military encryption
77 | - Why was enigma better?
78 | - Who tried to break it?
79 | - Who was successful at breaking Enigma?
80 | - How did they break Enigma?
81 | - What were the implications of breaking Enigma while trying to keep that secret from the Germans?
82 | Please use photos and examples in your blog. This should be posted to your Wordpress blog.
83 |
84 | #### 3D Print an Enigma Cylinder
85 | - [https://www.thingiverse.com/thing:3555396/files](https://www.thingiverse.com/thing:3555396/files)
86 |
87 | #### Watch Movie: Imitation Game
88 |
89 | ### Standards Alignment
90 |
91 | ## License
92 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
93 |
--------------------------------------------------------------------------------
/Modern_Cryptography/RSA/RSA.md:
--------------------------------------------------------------------------------
1 | # RSA Activity
2 |
3 | ## Overview
4 | Students participate in an activity using the RSA Public Key Cryptography algorithm to send secret messages to each other. This activity acts as an anchor to help students remember concepts of public-key cryptography and digital certificates.
5 |
6 | ## Purpose
7 |
8 | ### Objectives
9 | #### Students will be able to:
10 | - Explain how this process (the RSA Algorithm) is an example of Public Key Cryptography
11 | - Explain how digital certificates help ensure the security of encrypted communications
12 |
13 | ### Preparation
14 | - [x] Have a padlet website created for students to post their public keys (https://www.padlet.com)
15 | - [x] Have the RSA Activity guide posted on Google Classroom or prepared to be handed out
16 | - [x] Have a Python repl open on a hidden teacher computer: https://repl.it/languages/python3
17 |
18 | ### Links
19 | - For the Teacher
20 |
21 | - For the Students
22 | - https://mathymcmatherson.github.io/RSA_Activity/rsa.html
23 | - A padlet site you create ahead of time
24 |
25 | ### Vocabulary
26 |
27 | ## Teaching Guide
28 | ### Getting Started:
29 |
30 | - Have students convert their birthday into a number. For example, if you were born on November 30th, you would write 1130. if you were both February 8th, you would write 28. Keep it a secret!
31 | - Use a calculator to raise that number to the 3rd power (you will probably use the ^ symbol on your calculator, or multiply the number by itself 3 times). You will probably end up with a very large number.
32 | - Go to this website: https://studio.code.org/s/csp4/stage/7/puzzle/5 . Type your (very large) number in the first box. Type 1255 into the second box. Press Go and watch what happens. Eventually it will stop on a brand new number
33 | - Write this new number on an index card
34 |
35 | ### Activity: A Magic Trick
36 | - Ask students to shout out their new number to you
37 | - In a Python REPL (https://repl.it/languages/python3), type \[THEIR_NUMBER\] \** 667 % 1255.
38 | - Convert the number you get back into a birthday and tell them their birthday
39 | - Do several of these. Really ham it up.
40 |
41 | ### Explanation
42 | - Show the Code.org video on Public Key Encryption: https://www.youtube.com/watch?v=ZghMPWGXexs&t=251
43 | - Tell students that's how the magic trick works. They're using your public key of 3 and public exponent of 1255 to encrypt their birthday. You're using a private key of 667 and the same exponent (1255) to decrypt their birthday.
44 | - Importantly: you can shout this secret number out in the open, for everyone to see, and yet no one will be able to decrypt it without your secret number.
45 | - Optional: Show this video to explain the concept and the math behind what's happening: https://www.youtube.com/watch?v=3QnD2c4Xovk
46 |
47 | ### Activity: Creating Your Own Public / Private Keys
48 | - Distribute the RSA handout (The .docx file also in this folder of the lesson). Have students generate their own Public Key following the directions on the handout and this website: https://mathymcmatherson.github.io/RSA_Activity/rsa.html
49 | - Have students post their public keys on a Padlet website you've created ahead of time. Make sure the exponent that students have are at least 4 digits.
50 | - Once enough keys are posted, have students send the first 3 digits of their phone number to each other. They can use the REPL widgets on the website to do this.
51 | - They should write down their secret messages on index cards, then you (or other students) can hand deliver them to others in the room.
52 | - **Importantly:** Whoever is delivering the messages can eavesdrop on them, but it doesn't matter - they can't decrypt the message without the private key
53 |
54 | ### Be Sneaky
55 | - Without telling anyone or making a big deal about it, change a few of the posted Public Keys on the Padlet site to _your own_ public key. Eventually, hopefully, someone will notice.
56 | - When they do: make a big deal about the fact that this means you are able to read the messages meant for _them_ because you stole their identity.
57 | - How can this be avoided? Digital Certificates & Certificate Authorities: show the end of this video from Code.org: https://www.youtube.com/watch?v=kBXQZMmiA4s&t=280
58 |
59 | ### Wrap-up / Assessment Questions
60 | - Have students explain how this was an example of Public-Key Cryptography - which things were public? Which things were private?
61 | - Have students explain how this was an example of Asymmetric Encryption
62 | - Have students explain why certificate authorities are necessary, and what a Digital Certificate does.
63 |
64 | ## License
65 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
66 |
--------------------------------------------------------------------------------
/Modern_Cryptography/RSA/rsa.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
14 |
15 |
16 |
17 |
77 |
78 |
--------------------------------------------------------------------------------
/Modern_Cryptography/Steganography/Java_Program/StegTest.java:
--------------------------------------------------------------------------------
1 | import javax.swing.*;
2 | import javax.swing.border.*;
3 | import java.awt.*;
4 | import java.util.*;
5 | import java.awt.event.*;
6 |
7 | public class StegTest implements ActionListener
8 | {
9 | private JFrame jf;
10 | private Container cp;
11 | private JButton openBtn, saveBtn;
12 | private JButton getBtn, setBtn;
13 | private JTextField redField, greenField, blueField, xField, yField;
14 | private JLabel sizeLabel;
15 | private PictureEdit pic;
16 |
17 |
18 | public void setupGUI()
19 | {
20 | jf = new JFrame("Steg Test");
21 | cp = jf.getContentPane();
22 |
23 | jf.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
24 | jf.setSize(400, 300);
25 | jf.setLayout(null);
26 |
27 | JPanel leftPanel = new JPanel();
28 | leftPanel.setBounds(20, 20, 150, 200);
29 | leftPanel.setLayout(new GridLayout(4, 1, 5, 5));
30 |
31 | JPanel rightPanel = new JPanel();
32 | rightPanel.setBounds(200, 20, 170, 150);
33 | rightPanel.setLayout(new GridLayout(4, 1));
34 |
35 | JPanel pixelPanel = new JPanel();
36 | pixelPanel.setLayout(new GridLayout(1, 4));
37 | xField = new JTextField("", JTextField.CENTER);
38 | yField = new JTextField("", JTextField.CENTER);
39 |
40 | pixelPanel.add(new JLabel("X: ", JLabel.RIGHT));
41 | pixelPanel.add(xField);
42 | pixelPanel.add(new JLabel("Y: ", JLabel.RIGHT));
43 | pixelPanel.add(yField);
44 |
45 | TitledBorder title;
46 | title = BorderFactory.createTitledBorder("Pixel Info");
47 | rightPanel.setBorder(title);
48 |
49 |
50 | redField = new JTextField("", JTextField.CENTER);
51 | greenField = new JTextField("", JTextField.CENTER);
52 | blueField = new JTextField("", JTextField.CENTER);
53 |
54 | sizeLabel = new JLabel("Image Size: ");
55 |
56 |
57 |
58 | rightPanel.add(pixelPanel);
59 | //rightPanel.add();
60 | Container redContainer = new Container();
61 | redContainer.setLayout(new GridLayout(1, 2));
62 | redContainer.add(new JLabel("Red: ", JLabel.RIGHT));
63 | redContainer.add(redField);
64 | rightPanel.add(redContainer);
65 |
66 | Container greenContainer = new Container();
67 | greenContainer.setLayout(new GridLayout(1, 2));
68 | greenContainer.add(new JLabel("Green: ", JLabel.RIGHT));
69 | greenContainer.add(greenField);
70 | rightPanel.add(greenContainer);
71 |
72 | Container blueContainer = new Container();
73 | blueContainer.setLayout(new GridLayout(1, 2));
74 | blueContainer.add(new JLabel("Blue: " , JLabel.RIGHT));
75 | blueContainer.add(blueField);
76 | rightPanel.add(blueContainer);
77 |
78 |
79 | openBtn = new JButton("Open Image");
80 | saveBtn = new JButton("Save Image");
81 | getBtn = new JButton("Get RGB");
82 | setBtn = new JButton("Set RGB");
83 | openBtn.addActionListener(this);
84 | saveBtn.addActionListener(this);
85 | getBtn.addActionListener(this);
86 | setBtn.addActionListener(this);
87 |
88 | leftPanel.add(openBtn);
89 | leftPanel.add(saveBtn);
90 | leftPanel.add(getBtn);
91 | leftPanel.add(setBtn);
92 |
93 | sizeLabel = new JLabel("Image Size: 0 x 0");
94 | sizeLabel.setBounds(200, 175, 300, 50);
95 |
96 |
97 | cp.add(leftPanel);
98 | cp.add(rightPanel);
99 | cp.add(sizeLabel);
100 |
101 | jf.setLocation(100, 100);
102 |
103 | jf.setVisible(true);
104 | }
105 |
106 | public void actionPerformed(ActionEvent e)
107 | {
108 | if (e.getActionCommand().equals("Open Image"))
109 | {
110 | pic = new PictureEdit();
111 | pic.displayImage();
112 |
113 | sizeLabel.setText("Image Size: " + pic.getWidth() + " x " + pic.getHeight());
114 |
115 | }
116 | if (pic == null)
117 | {
118 | return;
119 | }
120 | if(e.getActionCommand().equals("Save Image"))
121 | {
122 | pic.saveAs();
123 | }
124 |
125 | if(e.getActionCommand().equals("Get RGB"))
126 | {
127 | //check the x, y value is in valid range
128 | int x = Integer.parseInt("0" + xField.getText());
129 | int y = Integer.parseInt("0" + yField.getText());
130 | if (x >= pic.getWidth() || y >= pic.getHeight())
131 | return;
132 | Color color = pic.getColor(x, y);
133 | redField.setText(color.getRed() + "");
134 | greenField.setText(color.getGreen() + "");
135 | blueField.setText(color.getBlue() + "");
136 |
137 | }
138 |
139 | if(e.getActionCommand().equals("Set RGB"))
140 | {
141 | //check the x, y value is in valid range
142 | int x = Integer.parseInt("0" + xField.getText());
143 | int y = Integer.parseInt("0" + yField.getText());
144 | if (x >= pic.getWidth() || y >= pic.getHeight())
145 | return;
146 |
147 | int r = Integer.parseInt("0" + redField.getText());
148 | int g = Integer.parseInt("0" + greenField.getText());
149 | int b = Integer.parseInt("0" + blueField.getText());
150 |
151 | pic.setColor(x, y, new Color(r, g, b));
152 |
153 | }
154 | }
155 |
156 | public static void main(String[] args)
157 | {
158 | StegTest testApp = new StegTest();
159 | testApp.setupGUI();
160 | }
161 | }
--------------------------------------------------------------------------------
/Ethics_Society/Intro_Ethics.md:
--------------------------------------------------------------------------------
1 | # Introduction & Ethics
2 |
3 | ## Overview
4 | Cyber Security is an increasingly in-demand field of Computer Science. In this course we will look at the major ideas in the fields of Cyber Security or Information Assurance. This is not a "hacking" class but we are looking at the ways that computers, programs, networks, and people are exploited by hackers and what we can do to prevent or minimize the damage caused by bad actors.
5 |
6 |
7 | ## Purpose
8 | This activity will give students an opportunity to learn about a major hacking event in-depth and share with the class. This also serves as a way to get students in the class to speak and contribute to the discussion.
9 |
10 | As a class looking at how computers are exploited, we will be learning a lot of skills that could be used to access someone's computer or network without their permission. While all of these skills are easily learned on the Internet, it is important that we agree to respect private property and never access something without permission.
11 |
12 |
13 | ### Objectives
14 | #### Students will be able to:
15 | - Discuss ethical behavior in online context
16 | - Ethical dilemma, gray areas
17 | - Identify Ten Commandments of Cyber Ethics
18 | - Describe a major hacking event
19 | - Identify the vulnerability that led to the attacks
20 | - Suggest ways to prevent similar attacks
21 |
22 | ### Preparation
23 | - [x] Students will need access to the internet
24 | - [x] Printed copies of the ethics statement [.docx](docs/ETHICS_STATEMENT.docx)
25 |
26 | ### Links
27 | - For the Teacher
28 | - [Ethics Scenarios PowerPoint](docs/Ten_Commandment_Scenarios.pptx)
29 | - For the Students
30 | - [Ten Commandments of Cyber Ethics](https://en.wikipedia.org/wiki/Ten_Commandments_of_Computer_Ethics)
31 |
32 | ### Vocabulary
33 |
34 | ## Teaching Guide
35 | ### Getting Started
36 | Class introductions
37 | Cyber Security overview
38 | Ethics Statement
39 | > Students need to understand that the material learned in this class
40 | > should not be used to access files, networks, or other property that they
41 | > do not have permission to access. Lack of security does not imply permission.
42 |
43 | ### Activity
44 | Look at several scenarios about ethical situations
45 | - What would you do?
46 | - Did the people involve act ethically?
47 | - Who was harmed in this interaction, who is the victim?
48 |
49 | Have students look at "Ten Commandments of Cyber Ethics"
50 | - Students will pair up and each take one commandment.
51 | - Create an example and non-example of this commandment.
52 | - Present to the class
53 |
54 | Re-evaluate opening scenarios and describe why the ethical response is or is not appropriate.
55 | - Link the behavior back to ten commandments.
56 |
57 | ### Activity
58 | In pairs, research one of the major hacking events of the past several years.
59 | In your research, identify several important ideas:
60 | - Who was attacked?
61 | - Who was the attacker (or who is thought to be if unclear)?
62 | - What was the motive (money, political, warfare, prank)
63 | - What was the result of the attack?
64 | - How can this type of attack be prevented in the future?
65 |
66 | Compile this information into a presentation for the class.
67 |
68 |
69 | Major Hacking Events:
70 | - 2014 - Mt. Gox
71 | - 2011 - Bank of America, Turkish Hacker
72 | - 2010 - Stuxnet
73 | - 2011 - Sesame Street YouTube channel
74 | - 2014 - PSN hacked at christmas time
75 | - 2014 - Sony Pictures Hacked
76 | - 2013 - Target Credit cards hacked
77 | - 2014 - Home Depot Hacked
78 | - 2014 – Heartbleed Bug
79 | - 2015 - IRS hacked
80 | - 2015 - Jeep Hacked
81 | - 2014 - Apple iCloud hacked
82 | - 2017 – WannaCry Ransomware
83 |
84 | ### Wrap-up
85 | - Discussion of hacking events
86 | - Hackers gain a detailed knowledge of a computer or system then find vulnerabilities.
87 | > Thinking of your own house, could you get in if you didn't have a key?
88 | > What inside knowledge do you have of your own home that would allow access?
89 | > What could you change to strengthen your home-security?
90 | > Would the additional security be a benefit or a hindrance? For example, 10 locks would make your door more secure but would also limit your own access in a speedy way.
91 |
92 | - Video: [TED - Hire the Hackers](https://www.ted.com/talks/misha_glenny_hire_the_hackers)
93 |
94 | ### Assessment Questions
95 | - Brainstorm ways to keep yourself safe online.
96 | - What are some methods hackers use to gain unauthorized access to a computer or network?
97 | - What can we do as individuals to prevent this?
98 | - What should companies or governments do about hacking?
99 |
100 | ### Extended Learning
101 | - Listen to podcasts from Darknet Diaries
102 | - [https://darknetdiaries.com/](https://darknetdiaries.com/)
103 | - Snapchat Thief (Reply All Podcast)
104 | - [https://gimletmedia.com/shows/reply-all/v4he6k](https://gimletmedia.com/shows/reply-all/v4he6k)
105 | ### Standards Alignment
106 |
107 | ## License
108 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) Give it at least 30 seconds to load
18 |
19 |
32 |
20 |
21 |
24 |
25 |
26 |
27 |
30 |
31 |
33 |
34 |
44 |
45 | 34 |
Your Public Modulus: {{prime1 * prime2}}
35 |
36 |
37 |
40 |
41 | This Public Key Works! Nice Job!
42 |ERROR! Choose a different Public key!
43 |
46 |
47 |
56 |
57 | 47 |
It's time to share with everyone! Your Public Key is {{public}} and your Public Modulus is {{prime1*prime2}}. We usually share these in a pair: ({{public}}, {{prime1 * prime2}})
48 |Your Secret Key, which is computed automatically, can be found by hovering over the button below
49 |
{{secret}}
50 | 55 |
58 | Press the Play button to run this program and Encrypt messages!
59 |
63 | Press the Play button to run this program and Encrypt messages!
59 |
60 |
61 |
62 |
64 | Press the Play button to run this program and Decrypt messages!
65 |
69 |
76 | Press the Play button to run this program and Decrypt messages!
65 |
66 |
67 |
68 |
is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
109 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Cyber Security
2 | ### A curriculum for a high school cyber security course.
3 |
4 | This curriculum is designed for a high school computer science course focused on cyber security. Each of the units have activities that could be used with or without prior coding knowledge so the course is customizable to the needs of the given students/teacher.
5 |
6 | ## Topics
7 | - [Ethics and Society](./Ethics_Society/Intro_Ethics.md)
8 | - [Security Principles](./Security_Principles/readme.md)
9 | - [Classic Cryptography](./Classic_Cryptography/readme.md)
10 | - [Modern Cryptography](./Modern_Cryptography/readme.md)
11 | - [Malicious Software](./Malware/readme.md)
12 | - [Physical Security](./Physical_Security/readme.md)
13 | - [Web Security](./Web_Security/readme.md)
14 |
15 | ## Usage
16 | The units and topics outlined are designed to be stand-alone. Each unit can be taught alone or all of the units could be taught as a full-year course in cyber security.
17 |
18 | This repository is designed to be teacher-facing and it is left to the teacher to use an existing LMS or other method of giving links, activities, and supporting documents to the students.
19 |
20 | ## Interwoven Projects
21 | Throughout the year, there are several ongoing projects. Some of these activities will be called out specifically in a lesson but for the majority of the time these are activities which can be slotted in by the instructor.
22 |
23 | Blog - Each student should maintain a blog. There are many online blog platforms available. If privacy is a concern, the blog could be done in a document that the student shares with the instructor. The goal of the blog is for students to express thoughts on cyber security principles and ideas, and as a way for students to better think about how they will engage with the topics being discussed.
24 |
25 | So much of the class is designed to inform and make students aware of cyber principles. The blog gives a context for how they will act based on the knowledge and how they would let others know how to act to remain secure online.
26 |
27 | News Articles - This can be done weekly or as frequently as you find useful. Students will read online news stories about cyber security, hacking, or other security issues. As with the blog, the goal is to raise awareness of cyber events and to make students more vigilant cyber citizens.
28 |
29 | [Sample News Note](Sample_News_Note.docx)
30 |
31 | Good websites for cyber news:
32 | - https://www.cnet.com/
33 | - https://www.wired.com/category/security/
34 | - https://www.yahoo.com/tech
35 | - https://www.theverge.com/
36 | - https://www.engadget.com/
37 | - https://arstechnica.com/
38 | - https://cyware.com/
39 |
40 | Capture the Flag (CTF) - Throughout the year, you will be able to find online cyber security scavenger hunts called capture the flags or CTFs for short. There are a number of these geared toward high school students and this is frequently a good way to see what the students are learning in a fun, engaging, game-like way.
41 |
42 | #### Recommended High School CTFs
43 | - https://picoctf.com/
44 | - https://www.ctf.live/
45 | - https://hsctf.com/
46 | - https://tjctf.org/
47 | - https://www.pactf.com
48 | - https://www.easyctf.com/
49 | - https://github.com/ctfs/write-ups-2016/tree/master/tjctf-2016
50 |
51 |
52 | ## Resources
53 | There are several resources that are used throughout the curriculum. As with any of the lessons you can customize what works for you and what doesn't.
54 |
55 | [CodeAcademy](https://www.codecademy.com/)
56 | It may be useful to look at several of the lessons in Code Academy depending on the background and interest of your students. Lessons that will be useful are noted throughout the curriculum but they are specifically:
57 | - Python Programming
58 | - Command Line Interface
59 | - HTML & CSS
60 | - PHP
61 | - SQL
62 |
63 | [Blown to Bits Book](http://www.bitsbook.com/)
64 | Blown to Bits is a book that looks at many aspects of digital life, it's history, and where it might go. This is a free book online but can also be purchased as a physical book.
65 |
66 | [The Code Book](https://www.amazon.com/Code-Book-Secrets-Behind-Codebreaking/dp/0385730624/)
67 | The Code Book by Simon Singh looks at historical cryptography and tells the story behind the mathematics. This book is a great way to engage students with the material through story and the literal life and death struggle of people using and inventing cryptographic methods.
68 | This book is an adaptation of his original Code Book designed for young adult readers.
69 |
70 | [PaizaCloud](https://paiza.cloud/)
71 | This service gives you access to a remote virtual machine that can be used as a web server. This is used in the web security section. The remote VM also has a command line terminal that can be used to learn Linux commands on a remote server.
72 |
73 | [Codio](https://codio.com)
74 | Codio is a subscription service but also offers remote virtual machines. This is a better fit for having students join a class and being able to distribute files to them to begin with.
75 |
76 | [Python.org](https://www.python.org/)
77 | If you want to do the programming activities and want to run the code locally on the computers. I recommend the IDE from Python.org though there are many others available. All of the coding activities have been written using Python 3.
78 |
79 | [Dr. Java](http://www.drjava.org/)
80 | Dr. Java is a lightweight Java IDE that is very forgiving of a computer that does not have the full Java SDK installed. There are a few times when running a Java application will be useful in the curriculum and this allows students to run the code.
81 |
82 | [Code.org](https://studio.code.org/home)
83 | Code.org has several courses designed to teach coding and a wider understanding of computer science. Several lessons in their Computer Science Principles course are extremely applicable to cyber security and have been included here. The instructor will need to setup an account with Code.org and give all students a login for this portion to work.
84 |
85 | [US Cyber Patriot](https://www.uscyberpatriot.org/)
86 | CyberPatriot the National Youth Cyber Education Program created by the Air Force Association to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation's future. At the core of the program is the National Youth Cyber Defense Competition, the nation's largest cyber defense competition that puts high school and middle school students in charge of securing virtual networks. Other programs include AFA CyberCamps, an elementary school cyber education initiative, a children’s literature series, and CyberGenerations –a cyber safety initiative geared toward keeping senior citizens safe online
87 |
88 | ## License
89 | [Cyber Security Curriculum](https://github.com/DerekBabb/CyberSecurity) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
90 |
--------------------------------------------------------------------------------
/Modern_Cryptography/RSA/rsa.js:
--------------------------------------------------------------------------------
1 | //This website initially created by Dan Schneider. Go check out his blog: codeymccoderson.wordpress.com
2 |
3 | var APP = angular.module("rsa", []);
4 |
5 | APP.controller('main', ['$scope', function($scope) {
6 | $scope.prime1 = "";
7 | $scope.prime2 = "";
8 | $scope.public = "";
9 | $scope.factors = [];
10 | $scope.loaded = false;
11 | $scope.changedOnce = false;
12 | $scope.step2 = false;
13 | $scope.goodPublic = 0;
14 | $scope.secret = "";
15 | $scope.buttonHover = false;
16 | $scope.primes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999,5003,5009,5011,5021,5023,5039,5051,5059,5077,5081,5087,5099,5101,5107,5113,5119,5147,5153,5167,5171,5179,5189,5197,5209,5227,5231,5233,5237,5261,5273,5279,5281,5297,5303,5309,5323,5333,5347,5351,5381,5387,5393,5399,5407,5413,5417,5419,5431,5437,5441,5443,5449,5471,5477,5479,5483,5501,5503,5507,5519,5521,5527,5531,5557,5563,5569,5573,5581,5591,5623,5639,5641,5647,5651,5653,5657,5659,5669,5683,5689,5693,5701,5711,5717,5737,5741,5743,5749,5779,5783,5791,5801,5807,5813,5821,5827,5839,5843,5849,5851,5857,5861,5867,5869,5879,5881,5897,5903,5923,5927,5939,5953,5981,5987,6007,6011,6029,6037,6043,6047,6053,6067,6073,6079,6089,6091,6101,6113,6121,6131,6133,6143,6151,6163,6173,6197,6199,6203,6211,6217,6221,6229,6247,6257,6263,6269,6271,6277,6287,6299,6301,6311,6317,6323,6329,6337,6343,6353,6359,6361,6367,6373,6379,6389,6397,6421,6427,6449,6451,6469,6473,6481,6491,6521,6529,6547,6551,6553,6563,6569,6571,6577,6581,6599,6607,6619,6637,6653,6659,6661,6673,6679,6689,6691,6701,6703,6709,6719,6733,6737,6761,6763,6779,6781,6791,6793,6803,6823,6827,6829,6833,6841,6857,6863,6869,6871,6883,6899,6907,6911,6917,6947,6949,6959,6961,6967,6971,6977,6983,6991,6997,7001,7013,7019,7027,7039,7043,7057,7069,7079,7103,7109,7121,7127,7129,7151,7159,7177,7187,7193,7207,7211,7213,7219,7229,7237,7243,7247,7253,7283,7297,7307,7309,7321,7331,7333,7349,7351,7369,7393,7411,7417,7433,7451,7457,7459,7477,7481,7487,7489,7499,7507,7517,7523,7529,7537,7541,7547,7549,7559,7561,7573,7577,7583,7589,7591,7603,7607,7621,7639,7643,7649,7669,7673,7681,7687,7691,7699,7703,7717,7723,7727,7741,7753,7757,7759,7789,7793,7817,7823,7829,7841,7853,7867,7873,7877,7879,7883,7901,7907,7919,7927,7933,7937,7949,7951,7963,7993,8009,8011,8017,8039,8053,8059,8069,8081,8087,8089,8093,8101,8111,8117,8123,8147,8161,8167,8171,8179,8191,8209,8219,8221,8231,8233,8237,8243,8263,8269,8273,8287,8291,8293,8297,8311,8317,8329,8353,8363,8369,8377,8387,8389,8419,8423,8429,8431,8443,8447,8461,8467,8501,8513,8521,8527,8537,8539,8543,8563,8573,8581,8597,8599,8609,8623,8627,8629,8641,8647,8663,8669,8677,8681,8689,8693,8699,8707,8713,8719,8731,8737,8741,8747,8753,8761,8779,8783,8803,8807,8819,8821,8831,8837,8839,8849,8861,8863,8867,8887,8893,8923,8929,8933,8941,8951,8963,8969,8971,8999,9001,9007,9011,9013,9029,9041,9043,9049,9059,9067,9091,9103,9109,9127,9133,9137,9151,9157,9161,9173,9181,9187,9199,9203,9209,9221,9227,9239,9241,9257,9277,9281,9283,9293,9311,9319,9323,9337,9341,9343,9349,9371,9377,9391,9397,9403,9413,9419,9421,9431,9433,9437,9439,9461,9463,9467,9473,9479,9491,9497,9511,9521,9533,9539,9547,9551,9587,9601,9613,9619,9623,9629,9631,9643,9649,9661,9677,9679,9689,9697,9719,9721,9733,9739,9743,9749,9767,9769,9781,9787,9791,9803,9811,9817,9829,9833,9839,9851,9857,9859,9871,9883,9887,9901,9907,9923,9929,9931,9941,9949,9967,9973]
17 | //$scope.primes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107]; //shorter primes for testing
18 |
19 | function findFactors(num) {
20 | var factors = [];
21 | for(var x = 2; x < Math.sqrt(num); x++) { //only need to check as high as the min value
22 | if (num % x == 0){
23 | factors.push(x);
24 | }
25 | }
26 | return factors;
27 | }
28 |
29 | $scope.updatePrimes = function() {
30 | if($scope.prime1 != "" && $scope.prime2 != "") {
31 | $scope.step2 = true;
32 | $scope.totient = ($scope.prime1 - 1)*($scope.prime2 - 1);
33 | $scope.factors = findFactors($scope.totient);
34 | }
35 | };
36 |
37 | $scope.updatePublic = function() {
38 | $scope.changedOnce = true;
39 | if($scope.public != "") {
40 | var foundIt = false;
41 | for(var x = 0; x < $scope.factors.length; x++) {
42 | if ($scope.factors[x] == $scope.public ) {
43 | foundIt = true
44 | }
45 | }
46 | if(foundIt) {
47 | $scope.goodPublic = false;
48 | } else {
49 | $scope.goodPublic = true;
50 | $scope.findSecret();
51 | }
52 | }
53 | };
54 |
55 | //Returns 3 values in an array
56 | //[0] index is modular inverse - will use as private key
57 | //Other numbers don't matter, but [2] is gcd, so should always be 1
58 | //Arguments should always be $scope.public (public exponent) and $scope.totient
59 | //Stolen from: http://pages.pacificcoast.net/~cazelais/euclid.html
60 | function xgcd(a,b)
61 | {
62 | if (b == 0)
63 | {return [1, 0, a]}
64 | else
65 | {
66 | var temp = xgcd(b, a % b);
67 | var x = temp[0];
68 | var y = temp[1];
69 | var d = temp[2];
70 | return [y, x-y*Math.floor(a/b), d]
71 | }
72 | }
73 |
74 |
75 | $scope.findSecret = function() {
76 | var array = xgcd($scope.public, $scope.totient);
77 | $scope.secret = (array[0] < 0 ? array[0] + $scope.totient : array[0]);
78 | };
79 |
80 | $('window').on('load', function() {
81 | $scope.loaded = true;
82 | });
83 |
84 | $('#secretButton').on('mouseover', function() {
85 | $scope.buttonHover = true;
86 | $scope.$apply();
87 | }).on('mouseout', function() {
88 | $scope.buttonHover = false;
89 | $scope.$apply();
90 | });
91 | }]);
--------------------------------------------------------------------------------
/Modern_Cryptography/Steganography/Java_Program/PictureEdit.java:
--------------------------------------------------------------------------------
1 | /**
2 | * @author Derek Babb